mikeh Posted April 6, 2012 Posted April 6, 2012 I think I have got this on my home PC. I have Spybot S&D and Threatfire, but they're not getting rid of it. From what I read it's quite widespread and difficult to find and remove. I watched a useful video by Atech Journey about finding the "virus" in the drivers folder, and using the command prompt to get rid of it. I found a dodgy looking file there (mchInjdrv.sys or similar), which seems to flag up warnings when put into google. BUT, it has a prefix ??c:\ etc. I don't know what the double question marks means, or how to successfully delete this. Can anybody help? Quote
ExTS Admin Starbuck Posted April 6, 2012 ExTS Admin Posted April 6, 2012 Hi Mike I found a dodgy looking file there (mchInjdrv.sys or similar) This may be just a false positive. If in the correct folder, that file is a legit file and is used by PC Tools (Threatfire) Let's take a look and see what we can do about any redirection you may have. Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab:Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 2 Download TDSSKiller and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then on Start Scan. Vista/Win7 users should right-click and select Run As Administrator. http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png If an infected file is detected, the default action will be Cure, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png If a suspicious file is detected, the default action will be Skip, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png It may ask you to reboot the computer to complete the process. Click on Reboot Now. http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply. Step 3 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report TDSSKiller report Both reports from OTL Thanks. Quote Member of:UNITE
mikeh Posted April 7, 2012 Author Posted April 7, 2012 Thanks for your reply and advice. Just to point out I ran TDSSKiller and FixTDSS a couple of days ago. I don't think they found anything, but I don't think I ran them as administrator. Malwarebytes Anti-Malware 1.60.1.1000 http://www.malwarebytes.org Database version: v2012.04.06.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Mike Hewitt :: MIKEHEWITT-PC [administrator] 06/04/2012 20:50:38 mbam-log-2012-04-06 (20-50-38).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 400498 Time elapsed: 1 hour(s), 31 minute(s), 37 second(s) Memory Processes Detected: 1 C:\Users\Mike Hewitt\AppData\Local\dplaysvr.exe (Trojan.Agent.UAGen) -> 3664 -> Delete on reboot. Memory Modules Detected: 1 C:\Users\Mike Hewitt\AppData\Local\dplayx.dll (Trojan.Downloader) -> Delete on reboot. Registry Keys Detected: 43 HKCR\CLSID\{168DC258-1455-4E61-8590-9DAC2F27B675} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\VideoEgg.ActiveXLoader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{1A8642F1-DC80-4EDC-A39D-0FB62A58B455} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{3F91EB90-EF62-44EE-A685-FAC29AF111CD} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{5C29C7E4-5321-4CAD-BE2E-877666BED5DF} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{83DFB6EE-AB18-41B5-86D4-B544A141D67E} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{88D6CF0E-CF70-4C24-BF6E-E4E414BC649C} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{8F6A82A2-D7B1-443E-BB9F-F7DC887DD618} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{9856E2D8-FFB2-4FE5-8CAD-D5AD6A35A804} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{A3D06987-C35E-49E4-8FE2-AC67B9FBFB4C} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{A58C497B-3EE2-45E7-9594-DACA6BE2A0D0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{AD0A3058-FD49-4F98-A514-FD055201835E} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{AD5915EA-B61A-4DBA-B5C8-EF4B2DF0A3C7} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{BB187C0D-6F53-4F3E-9590-98FD3A7364A2} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{C5041FD9-4819-4DC4-B20E-C950B5B03D2A} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5041FD9-4819-4DC4-B20E-C950B5B03D2A} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{D17726CC-D4DD-4C4A-9671-471D56E413B5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{DB8CCE99-59C6-4552-8BFC-058FEB38D6CE} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{DC3A04EE-CDD7-4407-915C-A5502F97EECD} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{E1A63484-A022-4D42-830A-FBD411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCR\CLSID\{E282C728-189D-419E-8EE2-1601F4B39BA5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\VideoEgg.ActiveXLoader (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCU\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKLM\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Agent.UAGen) -> Data: C:\Users\Mike Hewitt\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 16 C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 169 C:\Users\Mike Hewitt\AppData\Local\dplayx.dll (Trojan.Downloader) -> Delete on reboot. C:\Users\Mike Hewitt\AppData\Local\dplaysvr.exe (Trojan.Agent.UAGen) -> Delete on reboot. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Program Files\u4res.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDGX43ZG\6[1].exe (Spyware.Password) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA1MJEIB\10[1].exe (Trojan.Agent.PE5) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\LocalLow\GuffinsEI\Installr\Cache\0028F824.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\CieoNetUtilities(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\CieoNetUtilities.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\CursorMania.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\Guffins(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\Guffins(3).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\Guffins.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\PopularScreenSavers.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Downloads\WeatherBlink.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\Windows\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully. C:\Program Files\u4res.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\Local Settings\Application Data\dplaysvr.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. (end) I will send the TDSSKiller with the next reply. Quote
mikeh Posted April 7, 2012 Author Posted April 7, 2012 The TDSSKiller Report: 07:50:47.0258 4352 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 07:50:47.0285 4352 ============================================================ 07:50:47.0285 4352 Current date / time: 2012/04/07 07:50:47.0285 07:50:47.0285 4352 SystemInfo: 07:50:47.0285 4352 07:50:47.0285 4352 OS Version: 6.0.6002 ServicePack: 2.0 07:50:47.0286 4352 Product type: Workstation 07:50:47.0286 4352 ComputerName: MIKEHEWITT-PC 07:50:47.0286 4352 UserName: Mike Hewitt 07:50:47.0286 4352 Windows directory: C:\Windows 07:50:47.0286 4352 System windows directory: C:\Windows 07:50:47.0286 4352 Processor architecture: Intel x86 07:50:47.0286 4352 Number of processors: 2 07:50:47.0286 4352 Page size: 0x1000 07:50:47.0286 4352 Boot type: Normal boot 07:50:47.0286 4352 ============================================================ 07:51:00.0384 4352 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 07:51:00.0405 4352 \Device\Harddisk0\DR0: 07:51:00.0412 4352 MBR used 07:51:00.0412 4352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000 07:51:00.0413 4352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800 07:51:00.0729 4352 Initialize success 07:51:00.0729 4352 ============================================================ 07:51:13.0672 0428 ============================================================ 07:51:13.0672 0428 Scan started 07:51:13.0672 0428 Mode: Manual; 07:51:13.0672 0428 ============================================================ 07:51:15.0835 0428 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 07:51:15.0894 0428 ACPI - ok 07:51:16.0246 0428 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 07:51:16.0371 0428 AdobeFlashPlayerUpdateSvc - ok 07:51:16.0661 0428 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 07:51:16.0668 0428 adp94xx - ok 07:51:16.0762 0428 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 07:51:16.0767 0428 adpahci - ok 07:51:16.0815 0428 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 07:51:16.0817 0428 adpu160m - ok 07:51:16.0861 0428 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 07:51:16.0866 0428 adpu320 - ok 07:51:16.0948 0428 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 07:51:16.0949 0428 AeLookupSvc - ok 07:51:17.0016 0428 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 07:51:17.0021 0428 AFD - ok 07:51:17.0351 0428 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys 07:51:17.0369 0428 AgereSoftModem - ok 07:51:17.0525 0428 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 07:51:17.0527 0428 agp440 - ok 07:51:17.0631 0428 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 07:51:17.0633 0428 aic78xx - ok 07:51:17.0829 0428 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 07:51:17.0879 0428 ALG - ok 07:51:18.0063 0428 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 07:51:18.0064 0428 aliide - ok 07:51:18.0159 0428 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 07:51:18.0169 0428 amdagp - ok 07:51:18.0257 0428 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 07:51:18.0265 0428 amdide - ok 07:51:18.0518 0428 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 07:51:18.0520 0428 AmdK7 - ok 07:51:18.0608 0428 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 07:51:18.0609 0428 AmdK8 - ok 07:51:18.0664 0428 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 07:51:18.0676 0428 Appinfo - ok 07:51:18.0932 0428 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 07:51:18.0937 0428 Apple Mobile Device - ok 07:51:19.0173 0428 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 07:51:19.0190 0428 arc - ok 07:51:19.0306 0428 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 07:51:19.0308 0428 arcsas - ok 07:51:19.0464 0428 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 07:51:19.0465 0428 AsyncMac - ok 07:51:19.0545 0428 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 07:51:19.0545 0428 atapi - ok 07:51:19.0926 0428 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 07:51:19.0948 0428 AudioEndpointBuilder - ok 07:51:19.0991 0428 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 07:51:19.0994 0428 Audiosrv - ok 07:51:20.0648 0428 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 07:51:20.0676 0428 Beep - ok 07:51:21.0254 0428 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 07:51:21.0300 0428 BFE - ok 07:51:21.0719 0428 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 07:51:21.0731 0428 BITS - ok 07:51:21.0834 0428 blbdrive - ok 07:51:21.0919 0428 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 07:51:21.0948 0428 bowser - ok 07:51:22.0104 0428 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 07:51:22.0121 0428 BrFiltLo - ok 07:51:22.0155 0428 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 07:51:22.0156 0428 BrFiltUp - ok 07:51:22.0229 0428 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 07:51:22.0262 0428 Browser - ok 07:51:22.0373 0428 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 07:51:22.0387 0428 Brserid - ok 07:51:22.0470 0428 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 07:51:22.0472 0428 BrSerWdm - ok 07:51:22.0516 0428 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 07:51:22.0517 0428 BrUsbMdm - ok 07:51:22.0551 0428 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 07:51:22.0552 0428 BrUsbSer - ok 07:51:22.0683 0428 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 07:51:22.0717 0428 BTHMODEM - ok 07:51:22.0833 0428 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 07:51:22.0849 0428 cdfs - ok 07:51:22.0937 0428 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 07:51:22.0939 0428 cdrom - ok 07:51:23.0036 0428 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 07:51:23.0037 0428 CertPropSvc - ok 07:51:23.0098 0428 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 07:51:23.0099 0428 circlass - ok 07:51:23.0178 0428 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 07:51:23.0182 0428 CLFS - ok 07:51:23.0323 0428 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 07:51:23.0326 0428 clr_optimization_v2.0.50727_32 - ok 07:51:23.0449 0428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 07:51:23.0451 0428 clr_optimization_v4.0.30319_32 - ok 07:51:23.0502 0428 CLTNetCnService - ok 07:51:23.0659 0428 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys 07:51:23.0672 0428 CmBatt - ok 07:51:23.0712 0428 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 07:51:23.0713 0428 cmdide - ok 07:51:23.0764 0428 CoachUsb (5236fb8abb24e90591074f7bde24eda1) C:\Windows\system32\DRIVERS\CoachUsb.sys 07:51:23.0766 0428 CoachUsb - ok 07:51:23.0858 0428 CoachVc (9cfd57c133252fa5d19efaf2cf517ac3) C:\Windows\system32\DRIVERS\CoachVc.sys 07:51:23.0860 0428 CoachVc - ok 07:51:23.0896 0428 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 07:51:23.0897 0428 Compbatt - ok 07:51:23.0909 0428 COMSysApp - ok 07:51:23.0934 0428 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 07:51:23.0935 0428 crcdisk - ok 07:51:24.0035 0428 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 07:51:24.0036 0428 Crusoe - ok 07:51:24.0094 0428 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 07:51:24.0097 0428 CryptSvc - ok 07:51:24.0218 0428 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 07:51:24.0228 0428 DcomLaunch - ok 07:51:24.0300 0428 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 07:51:24.0302 0428 DfsC - ok 07:51:24.0989 0428 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 07:51:25.0037 0428 DFSR - ok 07:51:25.0326 0428 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 07:51:25.0330 0428 Dhcp - ok 07:51:25.0478 0428 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 07:51:25.0490 0428 disk - ok 07:51:25.0670 0428 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 07:51:25.0680 0428 Dnscache - ok 07:51:26.0063 0428 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 07:51:26.0068 0428 dot3svc - ok 07:51:26.0393 0428 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 07:51:26.0407 0428 Dot4 - ok 07:51:26.0619 0428 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 07:51:26.0620 0428 Dot4Print - ok 07:51:26.0666 0428 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 07:51:26.0679 0428 dot4usb - ok 07:51:26.0750 0428 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 07:51:26.0753 0428 DPS - ok 07:51:26.0917 0428 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 07:51:26.0959 0428 drmkaud - ok 07:51:27.0129 0428 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 07:51:27.0135 0428 DXGKrnl - ok 07:51:27.0209 0428 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 07:51:27.0212 0428 E1G60 - ok 07:51:27.0381 0428 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 07:51:27.0415 0428 EapHost - ok 07:51:27.0895 0428 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 07:51:27.0979 0428 Ecache - ok 07:51:28.0044 0428 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 07:51:28.0051 0428 ehRecvr - ok 07:51:28.0205 0428 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 07:51:28.0258 0428 ehSched - ok 07:51:28.0297 0428 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 07:51:28.0380 0428 ehstart - ok 07:51:29.0011 0428 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 07:51:29.0038 0428 elxstor - ok 07:51:29.0333 0428 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 07:51:29.0375 0428 EMDMgmt - ok 07:51:29.0891 0428 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 07:51:29.0906 0428 EventSystem - ok 07:51:30.0622 0428 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 07:51:30.0665 0428 exfat - ok 07:51:31.0073 0428 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 07:51:31.0086 0428 fastfat - ok 07:51:31.0602 0428 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 07:51:31.0636 0428 fdc - ok 07:51:31.0890 0428 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 07:51:31.0923 0428 fdPHost - ok 07:51:32.0356 0428 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 07:51:32.0359 0428 FDResPub - ok 07:51:32.0831 0428 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 07:51:32.0854 0428 FileInfo - ok 07:51:33.0430 0428 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 07:51:33.0480 0428 Filetrace - ok 07:51:33.0932 0428 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 07:51:33.0951 0428 flpydisk - ok 07:51:34.0129 0428 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 07:51:34.0171 0428 FltMgr - ok 07:51:34.0673 0428 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 07:51:34.0785 0428 FontCache - ok 07:51:34.0979 0428 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 07:51:34.0999 0428 FontCache3.0.0.0 - ok 07:51:35.0530 0428 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 07:51:35.0589 0428 fssfltr - ok 07:51:36.0316 0428 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 07:51:36.0953 0428 fsssvc - ok 07:51:37.0410 0428 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 07:51:37.0460 0428 Fs_Rec - ok 07:51:37.0577 0428 FXDrv32 - ok 07:51:38.0010 0428 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 07:51:38.0030 0428 gagp30kx - ok 07:51:38.0460 0428 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 07:51:38.0462 0428 GEARAspiWDM - ok 07:51:38.0832 0428 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 07:51:38.0863 0428 gpsvc - ok 07:51:39.0179 0428 gupdate1c9bb5b17d96130 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 07:51:39.0198 0428 gupdate1c9bb5b17d96130 - ok 07:51:39.0260 0428 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 07:51:39.0262 0428 gupdatem - ok 07:51:39.0421 0428 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 07:51:39.0424 0428 gusvc - ok 07:51:39.0939 0428 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 07:51:39.0984 0428 HdAudAddService - ok 07:51:40.0746 0428 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 07:51:40.0922 0428 HDAudBus - ok 07:51:41.0461 0428 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 07:51:41.0545 0428 HidBth - ok 07:51:42.0087 0428 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 07:51:42.0104 0428 HidIr - ok 07:51:42.0428 0428 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 07:51:42.0447 0428 hidserv - ok 07:51:42.0677 0428 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 07:51:42.0732 0428 HidUsb - ok 07:51:43.0398 0428 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 07:51:43.0420 0428 hkmsvc - ok 07:51:43.0863 0428 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 07:51:43.0905 0428 HpCISSs - ok 07:51:44.0559 0428 hpqcxs08 (e4e285a3766b4a57401feeaf66cb07b5) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 07:51:44.0702 0428 hpqcxs08 - ok 07:51:45.0102 0428 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 07:51:45.0106 0428 hpqddsvc - ok 07:51:45.0831 0428 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 07:51:45.0869 0428 HTTP - ok 07:51:46.0350 0428 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 07:51:46.0369 0428 i2omp - ok 07:51:46.0824 0428 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 07:51:46.0847 0428 i8042prt - ok 07:51:47.0563 0428 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 07:51:48.0119 0428 ialm - ok 07:51:48.0474 0428 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 07:51:48.0642 0428 iaStorV - ok 07:51:48.0971 0428 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 07:51:49.0138 0428 IDriverT - ok 07:51:49.0632 0428 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 07:51:50.0094 0428 idsvc - ok 07:51:50.0434 0428 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 07:51:50.0448 0428 iirsp - ok 07:51:50.0982 0428 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 07:51:51.0099 0428 IKEEXT - ok 07:51:52.0196 0428 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys 07:51:52.0358 0428 IntcAzAudAddService - ok 07:51:53.0017 0428 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 07:51:53.0051 0428 intelide - ok 07:51:53.0219 0428 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 07:51:53.0220 0428 intelppm - ok 07:51:53.0619 0428 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 07:51:53.0641 0428 IPBusEnum - ok 07:51:54.0020 0428 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 07:51:54.0035 0428 IpFilterDriver - ok 07:51:54.0552 0428 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 07:51:54.0602 0428 iphlpsvc - ok 07:51:54.0680 0428 IpInIp - ok 07:51:54.0791 0428 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 07:51:54.0808 0428 IPMIDRV - ok 07:51:55.0266 0428 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 07:51:55.0294 0428 IPNAT - ok 07:51:55.0547 0428 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe 07:51:55.0603 0428 iPod Service - ok 07:51:56.0140 0428 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 07:51:56.0249 0428 irda - ok 07:51:56.0763 0428 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 07:51:56.0846 0428 IRENUM - ok 07:51:57.0189 0428 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll 07:51:57.0223 0428 Irmon - ok 07:51:57.0554 0428 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys 07:51:57.0568 0428 irsir - ok 07:51:58.0074 0428 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 07:51:58.0091 0428 isapnp - ok 07:51:58.0613 0428 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 07:51:58.0676 0428 iScsiPrt - ok 07:51:59.0218 0428 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 07:51:59.0258 0428 iteatapi - ok 07:51:59.0843 0428 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 07:51:59.0860 0428 iteraid - ok 07:52:00.0036 0428 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 07:52:00.0058 0428 kbdclass - ok 07:52:00.0396 0428 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 07:52:00.0416 0428 kbdhid - ok 07:52:00.0664 0428 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:52:00.0681 0428 KeyIso - ok 07:52:01.0245 0428 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 07:52:01.0300 0428 KSecDD - ok 07:52:02.0388 0428 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe 07:52:03.0605 0428 KService - ok 07:52:04.0202 0428 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 07:52:04.0260 0428 KtmRm - ok 07:52:04.0647 0428 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 07:52:04.0738 0428 LanmanServer - ok 07:52:05.0145 0428 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 07:52:05.0176 0428 LanmanWorkstation - ok 07:52:05.0650 0428 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 07:52:05.0665 0428 lltdio - ok 07:52:05.0973 0428 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 07:52:06.0038 0428 lltdsvc - ok 07:52:06.0453 0428 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 07:52:06.0473 0428 lmhosts - ok 07:52:07.0419 0428 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 07:52:07.0483 0428 LSI_FC - ok 07:52:07.0975 0428 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 07:52:07.0998 0428 LSI_SAS - ok 07:52:08.0339 0428 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 07:52:08.0342 0428 LSI_SCSI - ok 07:52:08.0441 0428 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 07:52:08.0457 0428 luafv - ok 07:52:08.0807 0428 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 07:52:08.0809 0428 LVPr2Mon - ok 07:52:09.0035 0428 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys 07:52:09.0077 0428 LVRS - ok 07:52:11.0128 0428 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys 07:52:13.0461 0428 LVUVC - ok 07:52:13.0696 0428 Macromedia Licensing Service (84b93a9f22b0acb09fe3c9f5d2f26a7e) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe 07:52:13.0715 0428 Macromedia Licensing Service - ok 07:52:14.0076 0428 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 07:52:14.0090 0428 Mcx2Svc - ok 07:52:14.0749 0428 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 07:52:14.0767 0428 megasas - ok 07:52:15.0074 0428 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 07:52:15.0098 0428 MMCSS - ok 07:52:15.0479 0428 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 07:52:15.0499 0428 Modem - ok 07:52:15.0748 0428 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 07:52:15.0749 0428 monitor - ok 07:52:16.0260 0428 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 07:52:16.0285 0428 mouclass - ok 07:52:16.0917 0428 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 07:52:16.0946 0428 mouhid - ok 07:52:17.0234 0428 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 07:52:17.0284 0428 MountMgr - ok 07:52:17.0731 0428 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 07:52:17.0773 0428 mpio - ok 07:52:18.0045 0428 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 07:52:18.0047 0428 mpsdrv - ok 07:52:18.0564 0428 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 07:52:18.0673 0428 MpsSvc - ok 07:52:19.0060 0428 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 07:52:19.0077 0428 Mraid35x - ok 07:52:19.0419 0428 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 07:52:19.0443 0428 MRxDAV - ok 07:52:19.0828 0428 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 07:52:19.0893 0428 mrxsmb - ok 07:52:20.0246 0428 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 07:52:20.0275 0428 mrxsmb10 - ok 07:52:20.0769 0428 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 07:52:20.0814 0428 mrxsmb20 - ok 07:52:21.0243 0428 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 07:52:21.0251 0428 msahci - ok 07:52:21.0441 0428 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 07:52:21.0464 0428 msdsm - ok 07:52:21.0792 0428 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 07:52:21.0841 0428 MSDTC - ok 07:52:22.0520 0428 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 07:52:22.0534 0428 Msfs - ok 07:52:22.0920 0428 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 07:52:22.0936 0428 msisadrv - ok 07:52:23.0153 0428 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 07:52:23.0228 0428 MSiSCSI - ok 07:52:23.0546 0428 msiserver - ok 07:52:23.0862 0428 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 07:52:23.0870 0428 MSKSSRV - ok 07:52:24.0332 0428 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 07:52:24.0346 0428 MSPCLOCK - ok 07:52:24.0809 0428 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 07:52:24.0823 0428 MSPQM - ok 07:52:25.0185 0428 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 07:52:25.0338 0428 MsRPC - ok 07:52:25.0702 0428 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 07:52:25.0703 0428 mssmbios - ok 07:52:25.0908 0428 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 07:52:25.0941 0428 MSTEE - ok 07:52:26.0273 0428 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 07:52:26.0295 0428 Mup - ok 07:52:26.0847 0428 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 07:52:26.0871 0428 napagent - ok 07:52:27.0440 0428 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 07:52:27.0490 0428 NativeWifiP - ok 07:52:28.0092 0428 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 07:52:28.0136 0428 NDIS - ok 07:52:28.0694 0428 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 07:52:28.0713 0428 NdisTapi - ok 07:52:28.0923 0428 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 07:52:28.0924 0428 Ndisuio - ok 07:52:29.0144 0428 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 07:52:29.0260 0428 NdisWan - ok 07:52:29.0801 0428 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 07:52:29.0820 0428 NDProxy - ok 07:52:30.0395 0428 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll 07:52:30.0414 0428 Net Driver HPZ12 - ok 07:52:30.0837 0428 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 07:52:30.0853 0428 NetBIOS - ok 07:52:31.0360 0428 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 07:52:31.0449 0428 netbt - ok 07:52:31.0585 0428 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:52:31.0587 0428 Netlogon - ok 07:52:31.0771 0428 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 07:52:31.0811 0428 Netman - ok 07:52:32.0034 0428 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 07:52:32.0105 0428 netprofm - ok 07:52:32.0608 0428 netr73 (2dd6bb85c8bdae6116565ab5beca4f7c) C:\Windows\system32\DRIVERS\netr73.sys 07:52:32.0644 0428 netr73 - ok 07:52:32.0844 0428 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 07:52:32.0860 0428 NetTcpPortSharing - ok 07:52:33.0499 0428 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 07:52:34.0217 0428 NETw3v32 - ok 07:52:34.0813 0428 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 07:52:34.0827 0428 nfrd960 - ok 07:52:35.0344 0428 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 07:52:35.0385 0428 NlaSvc - ok 07:52:35.0913 0428 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 07:52:35.0933 0428 Npfs - ok 07:52:36.0341 0428 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 07:52:36.0359 0428 nsi - ok 07:52:36.0736 0428 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 07:52:36.0738 0428 nsiproxy - ok 07:52:37.0601 0428 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 07:52:37.0928 0428 Ntfs - ok 07:52:38.0493 0428 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 07:52:38.0531 0428 ntrigdigi - ok 07:52:38.0953 0428 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 07:52:38.0954 0428 Null - ok 07:52:40.0549 0428 nvlddmkm (f3f2b0fd5fcda396f2f317a90a195e06) C:\Windows\system32\DRIVERS\nvlddmkm.sys 07:52:45.0020 0428 nvlddmkm - ok 07:52:45.0422 0428 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 07:52:45.0445 0428 nvraid - ok 07:52:45.0890 0428 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 07:52:45.0906 0428 nvstor - ok 07:52:46.0066 0428 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 07:52:46.0084 0428 nv_agp - ok 07:52:46.0241 0428 NwlnkFlt - ok 07:52:46.0581 0428 NwlnkFwd - ok 07:52:47.0065 0428 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 07:52:47.0109 0428 odserv - ok 07:52:47.0490 0428 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 07:52:47.0499 0428 ohci1394 - ok 07:52:47.0964 0428 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 07:52:47.0983 0428 ose - ok 07:52:48.0538 0428 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:52:48.0773 0428 p2pimsvc - ok 07:52:48.0930 0428 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:52:48.0940 0428 p2psvc - ok 07:52:49.0253 0428 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 07:52:49.0312 0428 Parport - ok 07:52:49.0455 0428 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 07:52:49.0462 0428 partmgr - ok 07:52:49.0873 0428 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 07:52:49.0889 0428 Parvdm - ok 07:52:50.0195 0428 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 07:52:50.0215 0428 PcaSvc - ok 07:52:50.0588 0428 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 07:52:50.0622 0428 pci - ok 07:52:51.0101 0428 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 07:52:51.0187 0428 pciide - ok 07:52:51.0610 0428 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 07:52:51.0629 0428 pcmcia - ok 07:52:52.0187 0428 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 07:52:52.0377 0428 PEAUTH - ok 07:52:53.0195 0428 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 07:52:53.0611 0428 pla - ok 07:52:54.0107 0428 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 07:52:54.0152 0428 PlugPlay - ok 07:52:54.0638 0428 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll 07:52:54.0658 0428 Pml Driver HPZ12 - ok 07:52:54.0954 0428 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:52:54.0964 0428 PNRPAutoReg - ok 07:52:55.0018 0428 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:52:55.0028 0428 PNRPsvc - ok 07:52:55.0469 0428 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 07:52:55.0736 0428 PolicyAgent - ok 07:52:56.0250 0428 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 07:52:56.0300 0428 PptpMiniport - ok 07:52:56.0482 0428 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 07:52:56.0499 0428 Processor - ok 07:52:56.0955 0428 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 07:52:57.0042 0428 ProfSvc - ok 07:52:57.0423 0428 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:52:57.0426 0428 ProtectedStorage - ok 07:52:57.0706 0428 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 07:52:57.0722 0428 PSched - ok 07:52:58.0241 0428 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 07:52:58.0383 0428 ql2300 - ok 07:52:58.0921 0428 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 07:52:58.0941 0428 ql40xx - ok 07:52:59.0371 0428 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 07:52:59.0395 0428 QWAVE - ok 07:52:59.0723 0428 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 07:52:59.0738 0428 QWAVEdrv - ok 07:53:00.0145 0428 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 07:53:00.0187 0428 RasAcd - ok 07:53:00.0631 0428 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 07:53:00.0656 0428 RasAuto - ok 07:53:00.0986 0428 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 07:53:01.0004 0428 Rasl2tp - ok 07:53:01.0215 0428 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 07:53:01.0297 0428 RasMan - ok 07:53:01.0678 0428 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 07:53:01.0697 0428 RasPppoe - ok 07:53:02.0115 0428 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 07:53:02.0155 0428 RasSstp - ok 07:53:02.0693 0428 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 07:53:02.0724 0428 rdbss - ok 07:53:03.0134 0428 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 07:53:03.0135 0428 RDPCDD - ok 07:53:03.0512 0428 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 07:53:03.0528 0428 rdpdr - ok 07:53:03.0884 0428 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 07:53:03.0897 0428 RDPENCDD - ok 07:53:04.0147 0428 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 07:53:04.0167 0428 RDPWD - ok 07:53:04.0462 0428 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 07:53:04.0530 0428 RemoteAccess - ok 07:53:04.0882 0428 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 07:53:04.0917 0428 RemoteRegistry - ok 07:53:05.0354 0428 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 07:53:05.0444 0428 RpcLocator - ok 07:53:05.0681 0428 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 07:53:05.0690 0428 RpcSs - ok 07:53:06.0137 0428 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 07:53:06.0154 0428 rspndr - ok 07:53:06.0512 0428 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys 07:53:06.0529 0428 RTL8023xp - ok 07:53:06.0928 0428 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys 07:53:06.0977 0428 RTL8169 - ok 07:53:07.0485 0428 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys 07:53:07.0501 0428 s125bus - ok 07:53:07.0664 0428 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys 07:53:07.0679 0428 s125mdfl - ok 07:53:08.0086 0428 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys 07:53:08.0090 0428 s125mdm - ok 07:53:08.0738 0428 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys 07:53:08.0749 0428 s125mgmt - ok 07:53:09.0178 0428 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys 07:53:09.0194 0428 s125obex - ok 07:53:09.0463 0428 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:53:09.0466 0428 SamSs - ok 07:53:09.0954 0428 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 07:53:09.0979 0428 sbp2port - ok 07:53:10.0223 0428 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 07:53:10.0229 0428 SCardSvr - ok 07:53:10.0550 0428 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 07:53:10.0699 0428 Schedule - ok 07:53:11.0047 0428 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 07:53:11.0048 0428 SCPolicySvc - ok 07:53:11.0326 0428 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 07:53:11.0352 0428 SDRSVC - ok 07:53:11.0610 0428 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 07:53:11.0626 0428 secdrv - ok 07:53:11.0873 0428 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 07:53:11.0889 0428 seclogon - ok 07:53:12.0161 0428 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 07:53:12.0174 0428 SENS - ok 07:53:12.0562 0428 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 07:53:12.0578 0428 Serenum - ok 07:53:12.0865 0428 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 07:53:12.0885 0428 Serial - ok 07:53:13.0100 0428 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 07:53:13.0118 0428 sermouse - ok 07:53:13.0533 0428 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 07:53:13.0547 0428 SessionEnv - ok 07:53:13.0705 0428 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 07:53:13.0716 0428 sffdisk - ok 07:53:14.0156 0428 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 07:53:14.0169 0428 sffp_mmc - ok 07:53:14.0535 0428 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 07:53:14.0542 0428 sffp_sd - ok 07:53:14.0882 0428 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 07:53:14.0889 0428 sfloppy - ok 07:53:15.0085 0428 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 07:53:15.0130 0428 SharedAccess - ok 07:53:15.0394 0428 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 07:53:15.0438 0428 ShellHWDetection - ok 07:53:15.0821 0428 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 07:53:15.0824 0428 sisagp - ok 07:53:16.0166 0428 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 07:53:16.0183 0428 SiSRaid2 - ok 07:53:16.0308 0428 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 07:53:16.0311 0428 SiSRaid4 - ok 07:53:17.0205 0428 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 07:53:17.0430 0428 slsvc - ok 07:53:17.0541 0428 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 07:53:17.0556 0428 SLUINotify - ok 07:53:17.0639 0428 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 07:53:17.0660 0428 Smb - ok 07:53:17.0893 0428 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 07:53:17.0897 0428 SNMPTRAP - ok 07:53:18.0013 0428 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 07:53:18.0026 0428 spldr - ok 07:53:18.0089 0428 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 07:53:18.0190 0428 Spooler - ok 07:53:18.0332 0428 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 07:53:18.0338 0428 srv - ok 07:53:18.0415 0428 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 07:53:18.0428 0428 srv2 - ok 07:53:18.0829 0428 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 07:53:18.0832 0428 srvnet - ok 07:53:18.0921 0428 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 07:53:18.0929 0428 SSDPSRV - ok 07:53:19.0016 0428 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 07:53:19.0039 0428 SstpSvc - ok 07:53:19.0164 0428 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 07:53:19.0177 0428 stisvc - ok 07:53:19.0252 0428 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 07:53:19.0285 0428 swenum - ok 07:53:19.0356 0428 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 07:53:19.0366 0428 swprv - ok 07:53:19.0494 0428 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 07:53:19.0496 0428 Symc8xx - ok 07:53:19.0662 0428 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 07:53:19.0683 0428 Sym_hi - ok 07:53:19.0758 0428 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 07:53:19.0761 0428 Sym_u3 - ok 07:53:20.0000 0428 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 07:53:20.0083 0428 SysMain - ok 07:53:20.0403 0428 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 07:53:20.0410 0428 TabletInputService - ok 07:53:20.0861 0428 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 07:53:20.0870 0428 TapiSrv - ok 07:53:21.0085 0428 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 07:53:21.0090 0428 TBS - ok 07:53:21.0490 0428 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 07:53:21.0549 0428 Tcpip - ok 07:53:21.0580 0428 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 07:53:21.0590 0428 Tcpip6 - ok 07:53:21.0776 0428 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 07:53:21.0826 0428 tcpipreg - ok 07:53:21.0929 0428 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 07:53:21.0942 0428 TDPIPE - ok 07:53:22.0111 0428 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 07:53:22.0112 0428 TDTCP - ok 07:53:22.0244 0428 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 07:53:22.0257 0428 tdx - ok 07:53:22.0312 0428 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 07:53:22.0314 0428 TermDD - ok 07:53:22.0577 0428 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 07:53:22.0623 0428 TermService - ok 07:53:22.0819 0428 TfFsMon (129d55223be563578fbc2abe2fc5d0c8) C:\Windows\system32\drivers\TfFsMon.sys 07:53:22.0844 0428 TfFsMon - ok 07:53:23.0306 0428 TfKbMon (58bd2fff16f7d20410044d0bdc63c86a) C:\Windows\system32\Drivers\TfKbMon.sys 07:53:23.0323 0428 TfKbMon - ok 07:53:23.0430 0428 TfNetMon (54545ff194df4faaec3bb9c7e0688a04) C:\Windows\system32\drivers\TfNetMon.sys 07:53:23.0464 0428 TfNetMon - ok 07:53:24.0025 0428 TfSysMon (4c2186b1624087a9d8d65a82a0046426) C:\Windows\system32\drivers\TfSysMon.sys 07:53:24.0050 0428 TfSysMon - ok 07:53:24.0233 0428 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 07:53:24.0238 0428 Themes - ok 07:53:24.0422 0428 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 07:53:24.0425 0428 THREADORDER - ok 07:53:24.0540 0428 ThreatFire - ok 07:53:24.0712 0428 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 07:53:24.0728 0428 TrkWks - ok 07:53:24.0836 0428 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 07:53:24.0837 0428 TrustedInstaller - ok 07:53:25.0052 0428 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 07:53:25.0136 0428 tssecsrv - ok 07:53:25.0315 0428 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 07:53:25.0317 0428 tunmp - ok 07:53:25.0393 0428 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 07:53:25.0394 0428 tunnel - ok 07:53:25.0788 0428 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 07:53:25.0821 0428 uagp35 - ok 07:53:26.0119 0428 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 07:53:26.0124 0428 udfs - ok 07:53:26.0489 0428 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 07:53:26.0505 0428 UI0Detect - ok 07:53:27.0020 0428 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 07:53:27.0088 0428 uliagpkx - ok 07:53:27.0336 0428 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 07:53:27.0351 0428 uliahci - ok 07:53:27.0553 0428 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 07:53:27.0556 0428 UlSata - ok 07:53:27.0637 0428 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 07:53:27.0654 0428 ulsata2 - ok 07:53:27.0860 0428 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 07:53:27.0862 0428 umbus - ok 07:53:28.0043 0428 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 07:53:28.0052 0428 UMVPFSrv - ok 07:53:28.0232 0428 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 07:53:28.0243 0428 upnphost - ok 07:53:28.0344 0428 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 07:53:28.0346 0428 USBAAPL - ok 07:53:28.0614 0428 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 07:53:28.0617 0428 usbaudio - ok 07:53:28.0770 0428 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 07:53:28.0904 0428 usbccgp - ok 07:53:29.0181 0428 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 07:53:29.0184 0428 usbcir - ok 07:53:29.0432 0428 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 07:53:29.0457 0428 usbehci - ok 07:53:29.0638 0428 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 07:53:29.0671 0428 usbhub - ok 07:53:30.0001 0428 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 07:53:30.0003 0428 usbohci - ok 07:53:30.0356 0428 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 07:53:30.0357 0428 usbprint - ok 07:53:30.0587 0428 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 07:53:30.0620 0428 usbscan - ok 07:53:30.0855 0428 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 07:53:30.0857 0428 USBSTOR - ok 07:53:31.0080 0428 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 07:53:31.0130 0428 usbuhci - ok 07:53:31.0326 0428 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 07:53:31.0330 0428 usbvideo - ok 07:53:31.0378 0428 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 07:53:31.0428 0428 UxSms - ok 07:53:31.0526 0428 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 07:53:31.0538 0428 vds - ok 07:53:31.0853 0428 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 07:53:31.0881 0428 vga - ok 07:53:32.0019 0428 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 07:53:32.0028 0428 VgaSave - ok 07:53:32.0161 0428 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 07:53:32.0220 0428 viaagp - ok 07:53:32.0599 0428 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 07:53:32.0601 0428 ViaC7 - ok 07:53:32.0684 0428 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 07:53:32.0686 0428 viaide - ok 07:53:32.0725 0428 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 07:53:32.0742 0428 volmgr - ok 07:53:32.0985 0428 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 07:53:33.0008 0428 volmgrx - ok 07:53:33.0129 0428 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 07:53:33.0163 0428 volsnap - ok 07:53:33.0194 0428 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 07:53:33.0211 0428 vsmraid - ok 07:53:33.0541 0428 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 07:53:33.0564 0428 VSS - ok 07:53:33.0835 0428 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 07:53:33.0860 0428 W32Time - ok 07:53:34.0072 0428 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 07:53:34.0074 0428 WacomPen - ok 07:53:34.0323 0428 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 07:53:34.0325 0428 Wanarp - ok 07:53:34.0336 0428 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 07:53:34.0337 0428 Wanarpv6 - ok 07:53:34.0653 0428 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 07:53:34.0688 0428 wcncsvc - ok 07:53:34.0748 0428 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 07:53:34.0753 0428 WcsPlugInService - ok 07:53:34.0864 0428 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 07:53:34.0866 0428 Wd - ok 07:53:35.0116 0428 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 07:53:35.0333 0428 Wdf01000 - ok 07:53:35.0629 0428 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 07:53:35.0635 0428 WdiServiceHost - ok 07:53:35.0640 0428 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 07:53:35.0646 0428 WdiSystemHost - ok 07:53:35.0910 0428 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 07:53:35.0933 0428 WebClient - ok 07:53:36.0105 0428 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 07:53:36.0124 0428 Wecsvc - ok 07:53:36.0163 0428 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 07:53:36.0175 0428 wercplsupport - ok 07:53:36.0555 0428 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 07:53:36.0605 0428 WerSvc - ok 07:53:36.0742 0428 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 07:53:36.0750 0428 WinDefend - ok 07:53:36.0759 0428 WinHttpAutoProxySvc - ok 07:53:37.0109 0428 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 07:53:37.0113 0428 Winmgmt - ok 07:53:37.0212 0428 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 07:53:37.0287 0428 WinRM - ok 07:53:37.0597 0428 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 07:53:37.0622 0428 Wlansvc - ok 07:53:37.0889 0428 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 07:53:37.0947 0428 wlidsvc - ok 07:53:38.0148 0428 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 07:53:38.0149 0428 WmiAcpi - ok 07:53:38.0332 0428 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 07:53:38.0336 0428 wmiApSrv - ok 07:53:38.0426 0428 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 07:53:38.0444 0428 WMPNetworkSvc - ok 07:53:38.0573 0428 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 07:53:38.0581 0428 WPCSvc - ok 07:53:38.0626 0428 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 07:53:38.0693 0428 WPDBusEnum - ok 07:53:38.0759 0428 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 07:53:38.0878 0428 WpdUsb - ok 07:53:39.0162 0428 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 07:53:39.0178 0428 WPFFontCache_v0400 - ok 07:53:39.0379 0428 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 07:53:39.0397 0428 ws2ifsl - ok 07:53:39.0491 0428 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 07:53:39.0558 0428 wscsvc - ok 07:53:39.0571 0428 WSearch - ok 07:53:39.0895 0428 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 07:53:39.0977 0428 wuauserv - ok 07:53:40.0095 0428 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 07:53:40.0098 0428 WUDFRd - ok 07:53:40.0147 0428 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 07:53:40.0153 0428 wudfsvc - ok 07:53:40.0221 0428 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 07:53:40.0282 0428 \Device\Harddisk0\DR0 - ok 07:53:40.0288 0428 Boot (0x1200) (ff2cee352b268cc0fdac41e32597d60b) \Device\Harddisk0\DR0\Partition0 07:53:40.0289 0428 \Device\Harddisk0\DR0\Partition0 - ok 07:53:40.0304 0428 Boot (0x1200) (93b101edb4ff84b618f3083ccaf20a56) \Device\Harddisk0\DR0\Partition1 07:53:40.0306 0428 \Device\Harddisk0\DR0\Partition1 - ok 07:53:40.0306 0428 ============================================================ 07:53:40.0306 0428 Scan finished 07:53:40.0306 0428 ============================================================ 07:53:40.0328 1772 Detected object count: 0 07:53:40.0328 1772 Actual detected object count: 0 07:56:04.0435 4316 Deinitialize success Quote
mikeh Posted April 7, 2012 Author Posted April 7, 2012 The OTL txt log: OTL logfile created on: 07/04/2012 08:06:56 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mike Hewitt\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.99% Memory free 4.22 Gb Paging File | 3.02 Gb Available in Paging File | 71.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 226.05 Gb Total Space | 76.02 Gb Free Space | 33.63% Space Free | Partition Type: NTFS Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.72% Space Free | Partition Type: NTFS Computer Name: MIKEHEWITT-PC | User Name: Mike Hewitt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mike Hewitt\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll () MOD - C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll () MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Windows\System32\igfxTMM.dll () ========== Win32 Services (SafeList) ========== SRV - (Elsaupdxpsms) -- File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (FXDrv32) -- E:\FXDrv32.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools) DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools) DRV - (TfKbMon) -- C:\Windows\System32\drivers\TfKbMon.sys (PC Tools) DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools) DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation) DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com/web?src=ieb&appid=102&systemid=2&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYgb&ptb=462DAFF4-F651-4D61-BFFE-47BA9720233A&psa=&ind=2011101015&ptnrS=YJxdm014YYgb&si=CPS-vsPo3qsCFRJc4Qodrgs0PA&st=sb&n=77def757&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms} IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=81F2C5B001C9DB69001369AA&install_time=23-05-2009:06:44&src_id=11031&camp_id=-3&tb_version=2.4.3.405 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com/web?src=ieb&appid=102&systemid=2&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYgb&ptb=462DAFF4-F651-4D61-BFFE-47BA9720233A&psa=&ind=2011101015&ptnrS=YJxdm014YYgb&si=CPS-vsPo3qsCFRJc4Qodrgs0PA&st=sb&n=77def757&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&appid=102&systemid=2&sr=0&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Mike Hewitt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/15 22:59:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/30 14:59:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/30 14:59:06 | 000,000,000 | ---D | M] [2012/02/27 20:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Extensions [2012/03/30 14:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\extensions [2010/06/29 13:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/13 07:56:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/04/13 17:07:09 | 000,000,681 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\ask.xml [2011/10/11 19:17:03 | 000,010,001 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\Guffins.xml [2009/04/09 16:29:37 | 000,001,632 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\live-search.xml [2011/10/30 20:49:22 | 000,002,526 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\SearchResults.xml [2012/04/01 14:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/06/29 14:30:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/02/21 21:39:18 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2012/03/30 14:59:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/03/30 14:59:01 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/03/30 14:59:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/30 14:59:01 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/03/30 14:59:01 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/30 20:49:22 | 000,002,526 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012/03/30 14:59:01 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Mike Hewitt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: VideoEgg Publisher (Enabled) = C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: Gmail = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (MusicLab, LLC) O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O3 - HKLM\..\Toolbar: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - x-sdch - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O8 - Extra context menu item: &Search - ?p=ZJxdm172MXGB File not found O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} https://ukplay.toontown.com/download/sv1.0.33.7/ttinst.cab (Toontown Installer ActiveX Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{103A0043-B5CF-415E-8A83-3255622E5F03}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43A44558-6C56-4CDA-80E8-358ED16E6DF9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77BB3B1E-F9EE-4BB1-82EA-24326CDB9C78}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (MusicLab, LLC) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mike Hewitt\Documents\Lizzy's Folder\My camera photos\2012-01-30 first photos\DSCN0078.JPG O24 - Desktop BackupWallPaper: C:\Users\Mike Hewitt\Documents\Lizzy's Folder\My camera photos\2012-01-30 first photos\DSCN0078.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\Shell - "" = AutoRun O33 - MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\Shell - "" = AutoRun O33 - MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing Deluxe Version 11.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe Version 11\MiniMavis.exe - () MsConfig - StartUpReg: Google Updater - hkey= - key= - C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) MsConfig - StartUpReg: RegistryMechanic - hkey= - key= - File not found MsConfig - StartUpReg: Remove Duplicate Files - hkey= - key= - File not found MsConfig - StartUpReg: SSDMonitor - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/07 07:46:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{9D22C01D-2852-4E37-95A0-59F37A6D2612} [2012/04/06 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{53A3E412-CE33-4397-9B05-23FFCE6A8976} [2012/04/06 20:46:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Roaming\Malwarebytes [2012/04/06 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/06 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/06 20:45:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/06 20:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/06 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C45BDD2B-062F-4FA7-A401-65FD6F79617E} [2012/04/03 17:05:17 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C6472648-DCB9-437D-985E-6A1E148C3CD9} [2012/04/02 22:33:06 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{055B2CD7-561B-46D1-BAC3-AA52949D4E76} [2012/04/02 10:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{CCDA17DB-CBD0-4BFD-BCE3-5DE1CF12BBA4} [2012/04/02 09:08:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{7DFAC83E-855D-465F-8B39-A1081DA4E95B} [2012/04/01 13:39:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{FC3DAF89-BACD-402D-AD0D-63BD18006E9F} [2012/03/29 09:55:43 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/29 09:38:25 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{59A71971-7912-4227-AB75-CA379B089444} [2012/03/25 13:01:32 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8D429943-4783-448A-B608-7CFDC0685109} [2012/03/24 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{19E70709-F4A8-4954-996B-5EBF0A3C9D5A} [2012/03/23 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{CD77B86A-CFE4-4DDE-BC46-6D5CBCD72877} [2012/03/22 21:10:42 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B04FD849-2BBB-4413-AD46-7D6407448275} [2012/03/21 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{0EA2B240-81FB-4495-8D23-53107B491CA3} [2012/03/20 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8893DCF1-A14A-490B-B90A-F128EC2E1F25} [2012/03/19 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{856F713A-C85C-406A-B4A2-88BEA825C698} [2012/03/19 17:31:48 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{307AC2E7-05D3-434B-8E81-077F1152E20B} [2012/03/19 17:25:18 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{E22607B3-42E1-4C87-8D9A-6F285F873EEE} [2012/03/19 17:24:38 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B9F16C53-A464-425A-82F5-137A638A1233} [2012/03/18 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8F05698B-1798-43BD-AD63-FA87AEE0D959} [2012/03/16 19:21:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{85B8BF0A-29CE-4774-8685-F63459553BBD} [2012/03/16 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{AC049ABA-834F-4255-BD2F-AC1B95A715D4} [2012/03/16 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{2378C28F-F3DC-491F-9669-96454EC27189} [2012/03/16 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B8A8C684-9411-448E-9D87-4D176B49008C} [2012/03/16 14:38:52 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{4A1CA775-7EDD-41A0-BFA8-E276A1FD4A99} [2012/03/16 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BFB1B0EE-E116-4F2C-A857-7E546F96D51F} [2012/03/16 13:17:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012/03/16 13:17:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/03/16 13:17:31 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012/03/16 13:17:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/03/16 13:17:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012/03/16 13:17:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012/03/16 13:17:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012/03/16 13:17:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012/03/16 13:17:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012/03/16 13:17:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/03/16 13:17:29 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012/03/16 13:17:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012/03/16 13:17:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/03/16 13:17:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012/03/16 13:17:28 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012/03/16 13:17:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/03/16 13:17:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012/03/16 13:17:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012/03/16 13:17:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012/03/16 13:17:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012/03/16 13:17:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012/03/16 13:17:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012/03/16 13:17:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012/03/16 13:17:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/03/16 13:17:26 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/03/16 13:17:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/03/16 13:17:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012/03/16 13:17:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012/03/16 13:17:25 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012/03/16 13:17:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012/03/16 13:17:24 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/03/16 13:17:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/03/16 13:17:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012/03/16 13:17:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012/03/16 13:17:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012/03/16 13:17:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012/03/16 13:17:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012/03/16 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{75A78621-9CA3-4693-A6F7-028E6725CAC4} [2012/03/16 11:50:50 | 000,000,000 | ---D | C] -- C:\8431013cc9a129c787eeee0744 [2012/03/16 10:22:50 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012/03/16 10:22:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012/03/16 10:21:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/03/16 10:21:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012/03/16 10:21:36 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012/03/16 10:19:20 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/03/16 10:19:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012/03/16 10:19:17 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012/03/16 10:19:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012/03/16 10:19:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012/03/16 10:19:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012/03/16 10:19:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012/03/16 10:17:24 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/03/16 10:17:24 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/03/16 10:17:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/03/16 10:17:23 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/03/16 10:17:23 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/03/16 10:17:20 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/03/16 10:17:20 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/03/16 10:16:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012/03/16 10:14:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012/03/16 10:14:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012/03/16 10:13:03 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012/03/16 08:41:45 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8384171D-10FE-44EC-AD2F-204F21E42022} [2012/03/15 23:05:52 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{97372039-F26A-41D9-A476-36C0BB1FCD55} [2012/03/15 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{17F53CC8-F3EC-4472-8C0F-AF4297F39574} [2012/03/15 21:53:41 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{007BA13D-3534-4A65-8B19-25E4AD21682A} [2012/03/15 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{F18CAFD4-A628-41EA-9E2C-AAF16A30105E} [2012/03/15 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{60812FD7-7178-4E64-8C88-D70A05F0CFAF} [2012/03/15 09:36:22 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{710B5B3A-1B36-48D9-A66D-C7791F4673B8} [2012/03/15 09:08:56 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{EFBE2FE4-1DED-46D7-8889-E0072272DEC7} [2012/03/15 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{D09E72D8-A46C-4EE1-BCEA-7F1D5D07F4AD} [2012/03/15 08:32:53 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BB298A6A-25B8-4FDE-AEA9-A5742F784266} [2012/03/14 19:00:59 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{EC17CD5D-7D31-427D-A12F-391384CC86CB} [2012/03/14 18:04:53 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{60EB7B98-1013-42BE-AC5F-B11C64B87AC8} [2012/03/14 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BE789E8F-BB3B-4C6A-9AB3-606F9C1082C2} [2012/03/14 17:34:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C862B12D-8C9E-44E7-BCA8-05B994323FE0} [2012/03/14 08:20:41 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C5A0E09B-9E77-41C7-8520-A0E3979CF586} [2012/03/14 08:03:38 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BC6EBD3D-D64D-419F-83E3-1182F913F5F5} [2012/03/13 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{404BD956-CB18-4C66-9D02-ABDE263E4444} [2012/03/10 09:25:39 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8C3E2E9D-ADF9-4B50-92AD-3B4DBDF6F959} [2012/03/09 17:40:42 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{82CCE1F3-29E1-49D0-A6FB-338C63A793B9} [2012/03/08 17:53:34 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{F61C9F00-FF7F-4226-9E9D-9E1BA6BADFDD} [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/07 08:03:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/07 08:02:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/07 07:51:43 | 000,621,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/07 07:51:43 | 000,113,902 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/07 07:45:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/07 07:45:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/07 07:45:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/07 07:45:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/07 07:45:28 | 2135,425,024 | -HS- | M] () -- C:\hiberfil.sys [2012/04/06 20:46:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/06 14:32:53 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/04/06 09:04:41 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/03/31 19:05:11 | 000,002,627 | ---- | M] () -- C:\Users\Mike Hewitt\Desktop\Microsoft Office Word 2007.lnk [2012/03/29 09:55:43 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/29 09:55:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/03/29 09:34:56 | 208,488,713 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/03/25 13:48:02 | 000,094,208 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/16 14:34:22 | 000,336,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/03/16 13:44:42 | 000,000,948 | ---- | M] () -- C:\Users\Mike Hewitt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/03/16 13:17:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012/03/16 13:17:45 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012/03/16 13:17:33 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012/03/16 13:17:33 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/03/16 13:17:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012/03/16 13:17:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/03/16 13:17:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012/03/16 13:17:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012/03/16 13:17:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012/03/16 13:17:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012/03/16 13:17:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012/03/16 13:17:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/03/16 13:17:29 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012/03/16 13:17:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012/03/16 13:17:28 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/03/16 13:17:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012/03/16 13:17:28 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012/03/16 13:17:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/03/16 13:17:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012/03/16 13:17:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012/03/16 13:17:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012/03/16 13:17:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012/03/16 13:17:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012/03/16 13:17:27 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/03/16 13:17:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012/03/16 13:17:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012/03/16 13:17:26 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/03/16 13:17:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/03/16 13:17:25 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012/03/16 13:17:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012/03/16 13:17:25 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012/03/16 13:17:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012/03/16 13:17:24 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/03/16 13:17:24 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/03/16 13:17:24 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012/03/16 13:17:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012/03/16 13:17:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012/03/16 13:17:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012/03/16 13:17:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012/03/15 22:50:32 | 000,002,032 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Local\d3d9caps.dat [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/06 20:46:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/30 14:59:08 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/03/29 09:55:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/16 13:44:42 | 000,000,948 | ---- | C] () -- C:\Users\Mike Hewitt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/03/16 13:17:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012/03/15 23:00:42 | 2135,425,024 | -HS- | C] () -- C:\hiberfil.sys [2012/01/20 23:24:41 | 000,000,000 | ---- | C] () -- C:\Users\Mike Hewitt\AppData\Local\{07257946-7335-4753-B8DC-073F0C661877} [2011/11/17 21:16:53 | 000,750,742 | ---- | C] () -- C:\Users\Mike Hewitt\AppData\Roaming\UserTile.png [2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011/07/26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys ========== LOP Check ========== [2008/01/17 21:26:39 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Alien Skin [2010/07/21 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Amazon [2009/10/02 20:43:53 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/06/03 22:06:04 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Facebook [2012/02/11 18:20:25 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Image Zone Express [2012/02/10 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Jasc [2011/11/03 17:20:55 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Leadertech [2009/03/19 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\LimeWire [2011/10/30 20:49:08 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\MusicNet [2007/10/03 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Printer Info Cache [2010/07/31 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Red Kawa [2010/10/14 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Regensoft [2010/06/21 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Remove Duplicate Files [2009/06/07 14:26:43 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Windows Live Writer [2012/04/06 23:53:18 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/09/10 11:05:04 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A6EDA759-7985-4AFC-9FE1-16A4C9E3856B}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr [2006/11/13 10:26:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2012/04/07 07:45:28 | 2135,425,024 | -HS- | M] () -- C:\hiberfil.sys [2007/09/29 18:01:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/09/29 18:01:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012/04/07 07:45:26 | 2451,324,928 | -HS- | M] () -- C:\pagefile.sys [2012/04/01 18:28:54 | 000,115,652 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_18.27.48_log.txt [2012/04/07 07:56:04 | 000,115,652 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_07.04.2012_07.50.47_log.txt [2009/07/31 22:11:32 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/11/13 10:24:53 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1CA73D29 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:45FE2B4E < End of report > Quote
mikeh Posted April 7, 2012 Author Posted April 7, 2012 The OTL txt log: OTL logfile created on: 07/04/2012 08:06:56 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mike Hewitt\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.99% Memory free 4.22 Gb Paging File | 3.02 Gb Available in Paging File | 71.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 226.05 Gb Total Space | 76.02 Gb Free Space | 33.63% Space Free | Partition Type: NTFS Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.72% Space Free | Partition Type: NTFS Computer Name: MIKEHEWITT-PC | User Name: Mike Hewitt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mike Hewitt\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll () MOD - C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll () MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Windows\System32\igfxTMM.dll () ========== Win32 Services (SafeList) ========== SRV - (Elsaupdxpsms) -- File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (FXDrv32) -- E:\FXDrv32.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools) DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools) DRV - (TfKbMon) -- C:\Windows\System32\drivers\TfKbMon.sys (PC Tools) DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools) DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation) DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com/web?src=ieb&appid=102&systemid=2&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYgb&ptb=462DAFF4-F651-4D61-BFFE-47BA9720233A&psa=&ind=2011101015&ptnrS=YJxdm014YYgb&si=CPS-vsPo3qsCFRJc4Qodrgs0PA&st=sb&n=77def757&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms} IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=81F2C5B001C9DB69001369AA&install_time=23-05-2009:06:44&src_id=11031&camp_id=-3&tb_version=2.4.3.405 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com/web?src=ieb&appid=102&systemid=2&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYgb&ptb=462DAFF4-F651-4D61-BFFE-47BA9720233A&psa=&ind=2011101015&ptnrS=YJxdm014YYgb&si=CPS-vsPo3qsCFRJc4Qodrgs0PA&st=sb&n=77def757&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&appid=102&systemid=2&sr=0&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Mike Hewitt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/15 22:59:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/30 14:59:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/30 14:59:06 | 000,000,000 | ---D | M] [2012/02/27 20:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Extensions [2012/03/30 14:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\extensions [2010/06/29 13:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/13 07:56:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/04/13 17:07:09 | 000,000,681 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\ask.xml [2011/10/11 19:17:03 | 000,010,001 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\Guffins.xml [2009/04/09 16:29:37 | 000,001,632 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\live-search.xml [2011/10/30 20:49:22 | 000,002,526 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Roaming\Mozilla\Firefox\Profiles\edqy34ez.default\searchplugins\SearchResults.xml [2012/04/01 14:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/06/29 14:30:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/02/21 21:39:18 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2012/03/30 14:59:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/03/30 14:59:01 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/03/30 14:59:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/30 14:59:01 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/03/30 14:59:01 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/30 20:49:22 | 000,002,526 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012/03/30 14:59:01 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Mike Hewitt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Mike Hewitt\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: VideoEgg Publisher (Enabled) = C:\Users\Mike Hewitt\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: Gmail = C:\Users\Mike Hewitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (MusicLab, LLC) O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O3 - HKLM\..\Toolbar: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - x-sdch - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O8 - Extra context menu item: &Search - ?p=ZJxdm172MXGB File not found O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} https://ukplay.toontown.com/download/sv1.0.33.7/ttinst.cab (Toontown Installer ActiveX Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{103A0043-B5CF-415E-8A83-3255622E5F03}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43A44558-6C56-4CDA-80E8-358ED16E6DF9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77BB3B1E-F9EE-4BB1-82EA-24326CDB9C78}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (MusicLab, LLC) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mike Hewitt\Documents\Lizzy's Folder\My camera photos\2012-01-30 first photos\DSCN0078.JPG O24 - Desktop BackupWallPaper: C:\Users\Mike Hewitt\Documents\Lizzy's Folder\My camera photos\2012-01-30 first photos\DSCN0078.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\Shell - "" = AutoRun O33 - MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\Shell - "" = AutoRun O33 - MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing Deluxe Version 11.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe Version 11\MiniMavis.exe - () MsConfig - StartUpReg: Google Updater - hkey= - key= - C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) MsConfig - StartUpReg: RegistryMechanic - hkey= - key= - File not found MsConfig - StartUpReg: Remove Duplicate Files - hkey= - key= - File not found MsConfig - StartUpReg: SSDMonitor - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/07 07:46:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{9D22C01D-2852-4E37-95A0-59F37A6D2612} [2012/04/06 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{53A3E412-CE33-4397-9B05-23FFCE6A8976} [2012/04/06 20:46:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Roaming\Malwarebytes [2012/04/06 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/06 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/06 20:45:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/06 20:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/06 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C45BDD2B-062F-4FA7-A401-65FD6F79617E} [2012/04/03 17:05:17 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C6472648-DCB9-437D-985E-6A1E148C3CD9} [2012/04/02 22:33:06 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{055B2CD7-561B-46D1-BAC3-AA52949D4E76} [2012/04/02 10:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{CCDA17DB-CBD0-4BFD-BCE3-5DE1CF12BBA4} [2012/04/02 09:08:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{7DFAC83E-855D-465F-8B39-A1081DA4E95B} [2012/04/01 13:39:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{FC3DAF89-BACD-402D-AD0D-63BD18006E9F} [2012/03/29 09:55:43 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/29 09:38:25 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{59A71971-7912-4227-AB75-CA379B089444} [2012/03/25 13:01:32 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8D429943-4783-448A-B608-7CFDC0685109} [2012/03/24 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{19E70709-F4A8-4954-996B-5EBF0A3C9D5A} [2012/03/23 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{CD77B86A-CFE4-4DDE-BC46-6D5CBCD72877} [2012/03/22 21:10:42 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B04FD849-2BBB-4413-AD46-7D6407448275} [2012/03/21 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{0EA2B240-81FB-4495-8D23-53107B491CA3} [2012/03/20 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8893DCF1-A14A-490B-B90A-F128EC2E1F25} [2012/03/19 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{856F713A-C85C-406A-B4A2-88BEA825C698} [2012/03/19 17:31:48 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{307AC2E7-05D3-434B-8E81-077F1152E20B} [2012/03/19 17:25:18 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{E22607B3-42E1-4C87-8D9A-6F285F873EEE} [2012/03/19 17:24:38 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B9F16C53-A464-425A-82F5-137A638A1233} [2012/03/18 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8F05698B-1798-43BD-AD63-FA87AEE0D959} [2012/03/16 19:21:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{85B8BF0A-29CE-4774-8685-F63459553BBD} [2012/03/16 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{AC049ABA-834F-4255-BD2F-AC1B95A715D4} [2012/03/16 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{2378C28F-F3DC-491F-9669-96454EC27189} [2012/03/16 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B8A8C684-9411-448E-9D87-4D176B49008C} [2012/03/16 14:38:52 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{4A1CA775-7EDD-41A0-BFA8-E276A1FD4A99} [2012/03/16 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BFB1B0EE-E116-4F2C-A857-7E546F96D51F} [2012/03/16 13:17:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012/03/16 13:17:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/03/16 13:17:31 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012/03/16 13:17:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/03/16 13:17:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012/03/16 13:17:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012/03/16 13:17:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012/03/16 13:17:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012/03/16 13:17:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012/03/16 13:17:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/03/16 13:17:29 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012/03/16 13:17:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012/03/16 13:17:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/03/16 13:17:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012/03/16 13:17:28 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012/03/16 13:17:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/03/16 13:17:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012/03/16 13:17:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012/03/16 13:17:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012/03/16 13:17:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012/03/16 13:17:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012/03/16 13:17:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012/03/16 13:17:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012/03/16 13:17:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/03/16 13:17:26 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/03/16 13:17:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/03/16 13:17:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012/03/16 13:17:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012/03/16 13:17:25 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012/03/16 13:17:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012/03/16 13:17:24 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/03/16 13:17:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/03/16 13:17:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012/03/16 13:17:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012/03/16 13:17:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012/03/16 13:17:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012/03/16 13:17:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012/03/16 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{75A78621-9CA3-4693-A6F7-028E6725CAC4} [2012/03/16 11:50:50 | 000,000,000 | ---D | C] -- C:\8431013cc9a129c787eeee0744 [2012/03/16 10:22:50 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012/03/16 10:22:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012/03/16 10:21:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/03/16 10:21:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012/03/16 10:21:36 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012/03/16 10:19:20 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/03/16 10:19:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012/03/16 10:19:17 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012/03/16 10:19:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012/03/16 10:19:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012/03/16 10:19:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012/03/16 10:19:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012/03/16 10:17:24 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/03/16 10:17:24 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/03/16 10:17:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/03/16 10:17:23 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/03/16 10:17:23 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/03/16 10:17:20 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/03/16 10:17:20 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/03/16 10:16:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012/03/16 10:14:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012/03/16 10:14:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012/03/16 10:13:03 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012/03/16 08:41:45 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8384171D-10FE-44EC-AD2F-204F21E42022} [2012/03/15 23:05:52 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{97372039-F26A-41D9-A476-36C0BB1FCD55} [2012/03/15 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{17F53CC8-F3EC-4472-8C0F-AF4297F39574} [2012/03/15 21:53:41 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{007BA13D-3534-4A65-8B19-25E4AD21682A} [2012/03/15 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{F18CAFD4-A628-41EA-9E2C-AAF16A30105E} [2012/03/15 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{60812FD7-7178-4E64-8C88-D70A05F0CFAF} [2012/03/15 09:36:22 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{710B5B3A-1B36-48D9-A66D-C7791F4673B8} [2012/03/15 09:08:56 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{EFBE2FE4-1DED-46D7-8889-E0072272DEC7} [2012/03/15 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{D09E72D8-A46C-4EE1-BCEA-7F1D5D07F4AD} [2012/03/15 08:32:53 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BB298A6A-25B8-4FDE-AEA9-A5742F784266} [2012/03/14 19:00:59 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{EC17CD5D-7D31-427D-A12F-391384CC86CB} [2012/03/14 18:04:53 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{60EB7B98-1013-42BE-AC5F-B11C64B87AC8} [2012/03/14 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BE789E8F-BB3B-4C6A-9AB3-606F9C1082C2} [2012/03/14 17:34:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C862B12D-8C9E-44E7-BCA8-05B994323FE0} [2012/03/14 08:20:41 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C5A0E09B-9E77-41C7-8520-A0E3979CF586} [2012/03/14 08:03:38 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BC6EBD3D-D64D-419F-83E3-1182F913F5F5} [2012/03/13 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{404BD956-CB18-4C66-9D02-ABDE263E4444} [2012/03/10 09:25:39 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8C3E2E9D-ADF9-4B50-92AD-3B4DBDF6F959} [2012/03/09 17:40:42 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{82CCE1F3-29E1-49D0-A6FB-338C63A793B9} [2012/03/08 17:53:34 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{F61C9F00-FF7F-4226-9E9D-9E1BA6BADFDD} [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/07 08:03:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/07 08:02:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/07 07:51:43 | 000,621,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/07 07:51:43 | 000,113,902 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/07 07:45:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/07 07:45:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/07 07:45:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/07 07:45:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/07 07:45:28 | 2135,425,024 | -HS- | M] () -- C:\hiberfil.sys [2012/04/06 20:46:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/06 14:32:53 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/04/06 09:04:41 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/03/31 19:05:11 | 000,002,627 | ---- | M] () -- C:\Users\Mike Hewitt\Desktop\Microsoft Office Word 2007.lnk [2012/03/29 09:55:43 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/29 09:55:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/03/29 09:34:56 | 208,488,713 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/03/25 13:48:02 | 000,094,208 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/16 14:34:22 | 000,336,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/03/16 13:44:42 | 000,000,948 | ---- | M] () -- C:\Users\Mike Hewitt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/03/16 13:17:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012/03/16 13:17:45 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012/03/16 13:17:33 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012/03/16 13:17:33 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/03/16 13:17:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012/03/16 13:17:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/03/16 13:17:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012/03/16 13:17:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012/03/16 13:17:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012/03/16 13:17:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012/03/16 13:17:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012/03/16 13:17:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012/03/16 13:17:29 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012/03/16 13:17:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012/03/16 13:17:28 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/03/16 13:17:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012/03/16 13:17:28 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012/03/16 13:17:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/03/16 13:17:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012/03/16 13:17:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012/03/16 13:17:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012/03/16 13:17:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012/03/16 13:17:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012/03/16 13:17:27 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/03/16 13:17:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012/03/16 13:17:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012/03/16 13:17:26 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/03/16 13:17:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/03/16 13:17:25 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012/03/16 13:17:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012/03/16 13:17:25 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012/03/16 13:17:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012/03/16 13:17:24 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/03/16 13:17:24 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012/03/16 13:17:24 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012/03/16 13:17:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012/03/16 13:17:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012/03/16 13:17:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012/03/16 13:17:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012/03/15 22:50:32 | 000,002,032 | ---- | M] () -- C:\Users\Mike Hewitt\AppData\Local\d3d9caps.dat [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/06 20:46:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/30 14:59:08 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/03/29 09:55:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/16 13:44:42 | 000,000,948 | ---- | C] () -- C:\Users\Mike Hewitt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/03/16 13:17:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012/03/15 23:00:42 | 2135,425,024 | -HS- | C] () -- C:\hiberfil.sys [2012/01/20 23:24:41 | 000,000,000 | ---- | C] () -- C:\Users\Mike Hewitt\AppData\Local\{07257946-7335-4753-B8DC-073F0C661877} [2011/11/17 21:16:53 | 000,750,742 | ---- | C] () -- C:\Users\Mike Hewitt\AppData\Roaming\UserTile.png [2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011/07/26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys ========== LOP Check ========== [2008/01/17 21:26:39 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Alien Skin [2010/07/21 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Amazon [2009/10/02 20:43:53 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/06/03 22:06:04 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Facebook [2012/02/11 18:20:25 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Image Zone Express [2012/02/10 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Jasc [2011/11/03 17:20:55 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Leadertech [2009/03/19 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\LimeWire [2011/10/30 20:49:08 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\MusicNet [2007/10/03 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Printer Info Cache [2010/07/31 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Red Kawa [2010/10/14 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Regensoft [2010/06/21 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Remove Duplicate Files [2009/06/07 14:26:43 | 000,000,000 | ---D | M] -- C:\Users\Mike Hewitt\AppData\Roaming\Windows Live Writer [2012/04/06 23:53:18 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/09/10 11:05:04 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A6EDA759-7985-4AFC-9FE1-16A4C9E3856B}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr [2006/11/13 10:26:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2012/04/07 07:45:28 | 2135,425,024 | -HS- | M] () -- C:\hiberfil.sys [2007/09/29 18:01:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/09/29 18:01:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012/04/07 07:45:26 | 2451,324,928 | -HS- | M] () -- C:\pagefile.sys [2012/04/01 18:28:54 | 000,115,652 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_18.27.48_log.txt [2012/04/07 07:56:04 | 000,115,652 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_07.04.2012_07.50.47_log.txt [2009/07/31 22:11:32 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/11/13 10:24:53 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/30 14:59:01 | 000,834,704 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/30 14:59:05 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/04 02:56:42 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/16 13:17:28 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/16 13:17:31 | 000,748,336 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1CA73D29 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:45FE2B4E < End of report > Quote
mikeh Posted April 7, 2012 Author Posted April 7, 2012 The OTL Extras log: OTL Extras logfile created on: 07/04/2012 08:06:56 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mike Hewitt\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.99% Memory free 4.22 Gb Paging File | 3.02 Gb Available in Paging File | 71.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 226.05 Gb Total Space | 76.02 Gb Free Space | 33.63% Space Free | Partition Type: NTFS Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.72% Space Free | Partition Type: NTFS Computer Name: MIKEHEWITT-PC | User Name: Mike Hewitt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07E1AA3A-679B-4D7C-B55F-0806FA7881BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4004CEF6-7A6F-4620-8927-1C157EAEC45C}" = lport=2869 | protocol=6 | dir=in | app=system | "{7AE0C126-276D-4D6E-BEE4-E48142863089}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B75DACDF-B34C-447F-B8B6-3FB966A386F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05E506B8-96E8-4669-8F08-F5AAB15EEF2D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{0D46B3F3-284B-4AD8-972A-0F678366D8D0}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{13E707F4-5195-42E3-888A-71D1C988C6B9}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | "{4D82DCC5-B028-480A-B529-0F1B21D1FD6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4EF8D3E2-4BA7-427A-84A0-40BAD96A90C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{62E4DD73-5D98-4BF5-A48A-3DD8279A8242}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{6A5BF7B6-EE6A-467A-9B09-7CED08B07FED}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{754F1BBA-92FC-4932-95FC-0894619E53EF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7B2BA9F6-ED39-4B28-A36C-D457CD15AAB2}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | "{8B2BF480-BE19-4A85-A276-ED2CF64A179D}" = dir=in | app=c:\program files\itunes\itunes.exe | "{91D86A88-C0A9-4FBE-94AB-EFADA169B59E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{A44568A8-D36B-4254-900D-E7BEA49F8CA8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A6FA81AE-318D-4315-B965-1C29BB1BE24C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CA477A0A-20E5-43AD-80A5-84B26AEE6851}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | "{CAE6CE8B-A5A8-4253-8291-AC58B7662D08}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | "{D57DD3CB-5EE8-4CD3-A397-6717DD217866}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{DCA6DC15-92F8-4A81-8D9E-E5505769222E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F303443D-09FD-4B98-AAE2-D49941CC17B5}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "TCP Query User{16DFD4D7-FCB2-4D54-A411-376E89033230}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{2B93E875-E0E5-4318-8C7C-9CB24610D5C8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{3ECADA30-E454-42D8-801A-FCEF4C6C150A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{8F8E529D-5BAB-4075-8997-5610DA6CA48C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{EBDEABE5-EF0A-4F51-9CDD-743142481A80}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "UDP Query User{7B695B0C-8CB1-4629-9436-BBFD978D299D}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "UDP Query User{B164A0CD-2088-42DF-8CCE-85DAF3E7CAAF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{BD866DEC-4261-44F3-94B5-AD4CA1398DFB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{C0C22501-A730-4FA9-8751-B9A487FC6099}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{FCC5D1F1-DA66-4894-A8B3-97CDE0486E2A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 23 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2A0F36F1-75CA-49F4-A20C-8D875537F18C}" = Belkin Wireless G Plus MIMO USB Network Adapter "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = The Lord of the Rings: The Fellowship of the Ring "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100 "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BAF5914B-5730-4373-B038-9F436AC6A0D6}" = Rayman3 "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "4oD" = 4oD "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "AviSynth" = AviSynth 2.5 "BBC iPlayer Download Manager" = BBC iPlayer Download Manager "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "BearShare 2 MediaBar" = MediaBar "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Mavis Beacon Teaches Typing Deluxe Version 11" = Mavis Beacon Teaches Typing Deluxe Version 11 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB) "NVIDIA Drivers" = NVIDIA Drivers "Quick Search Box" = Google Quick Search Box "QuickTime32" = QuickTime for Windows (32-bit) "RealPlayer 12.0" = RealPlayer "SearchCore for Browsers" = SearchCore for Browsers "SYBEX Power Kakuro_is1" = SYBEX Power Kakuro "TIMES Education - Key Stage 2 Science" = TIMES Education - Key Stage 2 Science "Uninstall_is1" = Uninstall 1.0.0.1 "Videora iPod Converter" = Videora iPod Converter 5.04 "WinLiveSuite" = Windows Live Essentials "YouTube Downloader App" = YouTube Downloader App 2.03 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Free Realms Installer" = Free Realms Installer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06/04/2012 15:17:36 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:36 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:36 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:36 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:37 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:37 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:37 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:37 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:39 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = Error - 06/04/2012 15:17:39 | Computer Name = Mikehewitt-PC | Source = Windows Search Service | ID = 3013 Description = [ Media Center Events ] Error - 26/05/2008 13:39:51 | Computer Name = Mikehewitt-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. [ OSession Events ] Error - 07/11/2010 12:01:45 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 03/02/2011 12:54:02 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 03/02/2011 12:54:19 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 03/02/2011 12:54:29 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 03/02/2011 12:54:37 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 03/02/2011 12:56:46 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 16/03/2011 14:33:02 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 25/04/2011 14:54:50 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 25/04/2011 14:55:18 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. Error - 03/06/2011 08:44:35 | Computer Name = Mikehewitt-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4397 seconds with 660 seconds of active time. This session ended with a crash. [ System Events ] Error - 04/04/2012 05:02:37 | Computer Name = Mikehewitt-PC | Source = Service Control Manager | ID = 7034 Description = Error - 04/04/2012 05:02:52 | Computer Name = Mikehewitt-PC | Source = DCOM | ID = 10010 Description = Error - 05/04/2012 02:42:29 | Computer Name = Mikehewitt-PC | Source = PlugPlayManager | ID = 12 Description = The device 'Intel® 945G/GZ/GC/P/PL PCI Express Root Port - 2771' (PCI\VEN_8086&DEV_2771&SUBSYS_0C77105B&REV_02\3&2411e6fe&0&08) disappeared from the system without first being prepared for removal. Error - 06/04/2012 15:13:23 | Computer Name = Mikehewitt-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 20:03:51 on 06/04/2012 was unexpected. Error - 06/04/2012 15:15:07 | Computer Name = Mikehewitt-PC | Source = Service Control Manager | ID = 7022 Description = Error - 06/04/2012 17:51:33 | Computer Name = Mikehewitt-PC | Source = Service Control Manager | ID = 7022 Description = Error - 06/04/2012 17:51:33 | Computer Name = Mikehewitt-PC | Source = Service Control Manager | ID = 7022 Description = Error - 07/04/2012 02:45:36 | Computer Name = Mikehewitt-PC | Source = Print | ID = 19 Description = The print spooler failed to share printer HP Photosmart C5100 series with shared resource name HP Photosmart C5100 series. Error 2114. The printer cannot be used by others on the network. Error - 07/04/2012 02:45:37 | Computer Name = Mikehewitt-PC | Source = Print | ID = 19 Description = The print spooler failed to share printer Adobe PDF with shared resource name Adobe PDF. Error 2114. The printer cannot be used by others on the network. Error - 07/04/2012 02:47:14 | Computer Name = Mikehewitt-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > What does it all mean? Thanks in advance for your assistance. Quote
ExTS Admin Starbuck Posted April 7, 2012 ExTS Admin Posted April 7, 2012 Hi Mike, What does it all mean? Basically it means that you have been using P2P programs and have an AV installed which isn't doing it's job. P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme. Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you. If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system. Step 1 Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes. Open Spybot and click on 'Mode' then click 'Advanced Mode'. Click on 'Tools' in bottom left hand corner. Click on the 'System Startup' icon. Uncheck 'Teatimer' box and/or uncheck 'Resident'. Then, check next to the computer clock to see if the icon for Spybot is still there. If it is, right click it and choose 'exit Spybot-S&D Resident'. Reboot the computer. Recommendation. As Spybot is a very old program and isn't updated as much now a days.... i'd recommend uninstalling it completely. It's certainly not on our list of recommended programs any more. If you do uninstall it.... still stop the TeaTimer first. Step 2 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl PRC - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC) SRV - (Elsaupdxpsms) -- File not found DRV - (FXDrv32) -- E:\FXDrv32.sys File not found IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com/web?src=ieb&appid=102&systemid=2&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm014YYgb&ptb=462DAFF4-F651-4D61-BFFE-47BA9720233A&psa=&ind=2011101015&ptnrS=YJxdm014YYg b&si=CPS-vsPo3qsCFRJc4Qodrgs0PA&st=sb&n=77def757&searchfor= {searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com O2 - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (MusicLab, LLC) O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsd txmltbpi.dll File not found O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsd txmltbpi.dll File not found O3 - HKLM\..\Toolbar: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - x-sdch - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC) O8 - Extra context menu item: &Search - ?p=ZJxdm172MXGB File not found O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (MusicLab, LLC) O33 - MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\Shell - "" = AutoRun O33 - MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\Shell - "" = AutoRun O33 - MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe MsConfig - StartUpReg: RegistryMechanic - hkey= - key= - File not found [2012/04/07 07:46:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{9D22C01D-2852-4E37-95A0-59F37A6D2612} [2012/04/06 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{53A3E412-CE33-4397-9B05-23FFCE6A8976} [2012/04/06 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C45BDD2B-062F-4FA7-A401-65FD6F79617E} [2012/04/03 17:05:17 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C6472648-DCB9-437D-985E-6A1E148C3CD9} [2012/04/02 22:33:06 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{055B2CD7-561B-46D1-BAC3-AA52949D4E76} [2012/04/02 10:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{CCDA17DB-CBD0-4BFD-BCE3-5DE1CF12BBA4} [2012/04/02 09:08:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{7DFAC83E-855D-465F-8B39-A1081DA4E95B} [2012/04/01 13:39:40 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{FC3DAF89-BACD-402D-AD0D-63BD18006E9F} [2012/03/29 09:38:25 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{59A71971-7912-4227-AB75-CA379B089444} [2012/03/25 13:01:32 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8D429943-4783-448A-B608-7CFDC0685109} [2012/03/24 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{19E70709-F4A8-4954-996B-5EBF0A3C9D5A} [2012/03/23 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{CD77B86A-CFE4-4DDE-BC46-6D5CBCD72877} [2012/03/22 21:10:42 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B04FD849-2BBB-4413-AD46-7D6407448275} [2012/03/21 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{0EA2B240-81FB-4495-8D23-53107B491CA3} [2012/03/20 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8893DCF1-A14A-490B-B90A-F128EC2E1F25} [2012/03/19 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{856F713A-C85C-406A-B4A2-88BEA825C698} [2012/03/19 17:31:48 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{307AC2E7-05D3-434B-8E81-077F1152E20B} [2012/03/19 17:25:18 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{E22607B3-42E1-4C87-8D9A-6F285F873EEE} [2012/03/19 17:24:38 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B9F16C53-A464-425A-82F5-137A638A1233} [2012/03/18 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8F05698B-1798-43BD-AD63-FA87AEE0D959} [2012/03/16 19:21:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{85B8BF0A-29CE-4774-8685-F63459553BBD} [2012/03/16 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{AC049ABA-834F-4255-BD2F-AC1B95A715D4} [2012/03/16 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{2378C28F-F3DC-491F-9669-96454EC27189} [2012/03/16 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{B8A8C684-9411-448E-9D87-4D176B49008C} [2012/03/16 14:38:52 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{4A1CA775-7EDD-41A0-BFA8-E276A1FD4A99} [2012/03/16 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BFB1B0EE-E116-4F2C-A857-7E546F96D51F} [2012/03/16 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{75A78621-9CA3-4693-A6F7-028E6725CAC4} [2012/03/16 08:41:45 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8384171D-10FE-44EC-AD2F-204F21E42022} [2012/03/15 23:05:52 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{97372039-F26A-41D9-A476-36C0BB1FCD55} [2012/03/15 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{17F53CC8-F3EC-4472-8C0F-AF4297F39574} [2012/03/15 21:53:41 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{007BA13D-3534-4A65-8B19-25E4AD21682A} [2012/03/15 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{F18CAFD4-A628-41EA-9E2C-AAF16A30105E} [2012/03/15 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{60812FD7-7178-4E64-8C88-D70A05F0CFAF} [2012/03/15 09:36:22 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{710B5B3A-1B36-48D9-A66D-C7791F4673B8} [2012/03/15 09:08:56 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{EFBE2FE4-1DED-46D7-8889-E0072272DEC7} [2012/03/15 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{D09E72D8-A46C-4EE1-BCEA-7F1D5D07F4AD} [2012/03/15 08:32:53 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BB298A6A-25B8-4FDE-AEA9-A5742F784266} [2012/03/14 19:00:59 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{EC17CD5D-7D31-427D-A12F-391384CC86CB} [2012/03/14 18:04:53 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{60EB7B98-1013-42BE-AC5F-B11C64B87AC8} [2012/03/14 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BE789E8F-BB3B-4C6A-9AB3-606F9C1082C2} [2012/03/14 17:34:15 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C862B12D-8C9E-44E7-BCA8-05B994323FE0} [2012/03/14 08:20:41 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{C5A0E09B-9E77-41C7-8520-A0E3979CF586} [2012/03/14 08:03:38 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{BC6EBD3D-D64D-419F-83E3-1182F913F5F5} [2012/03/13 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{404BD956-CB18-4C66-9D02-ABDE263E4444} [2012/03/10 09:25:39 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{8C3E2E9D-ADF9-4B50-92AD-3B4DBDF6F959} [2012/03/09 17:40:42 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{82CCE1F3-29E1-49D0-A6FB-338C63A793B9} [2012/03/08 17:53:34 | 000,000,000 | ---D | C] -- C:\Users\Mike Hewitt\AppData\Local\{F61C9F00-FF7F-4226-9E9D-9E1BA6BADFDD} @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1CA73D29 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:45FE2B4E :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png In your next reply, please submit: Otl fix report Eset scan report Thanks. Quote Member of:UNITE
mikeh Posted April 7, 2012 Author Posted April 7, 2012 Well that didn't go to plan. I did as you said with Spybot. The OTL scan started, Threatfire interrupted a couple of times but I let OTL continue, then a windows box with "OTL has stopped working". I ended up doing a forced reboot. The log file only says "Files/Folders moved on reboot, Registry entries deleted on reboot." Should I try OTL again? Should the settings be the same as you stated in your first response? So I'm a little confused about this P2P. We use Skype, and Windows Live Messenger, but are there others on our system that are less trustworthy? Thanks. Quote
mikeh Posted April 8, 2012 Author Posted April 8, 2012 Ok, the OTL scan worked on the third time: All processes killed ========== OTL ========== No active process named datamngrUI.exe was found! Error: No service named Elsaupdxpsms was found to stop! Service\Driver key Elsaupdxpsms not found. File File not found not found. Error: No service named FXDrv32 was found to stop! Service\Driver key FXDrv32 not found. File E:\FXDrv32.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ not found. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\x-sdch not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\x-sdch\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll deleted successfully. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll deleted successfully. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. File K:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. File F:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. File K:\LaunchU3.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RegistryMechanic\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{9D22C01D-2852-4E37-95A0-59F37A6D2612}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{53A3E412-CE33-4397-9B05-23FFCE6A8976}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C45BDD2B-062F-4FA7-A401-65FD6F79617E}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C6472648-DCB9-437D-985E-6A1E148C3CD9}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{055B2CD7-561B-46D1-BAC3-AA52949D4E76}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{CCDA17DB-CBD0-4BFD-BCE3-5DE1CF12BBA4}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{7DFAC83E-855D-465F-8B39-A1081DA4E95B}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{FC3DAF89-BACD-402D-AD0D-63BD18006E9F}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{59A71971-7912-4227-AB75-CA379B089444}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8D429943-4783-448A-B608-7CFDC0685109}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{19E70709-F4A8-4954-996B-5EBF0A3C9D5A}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{CD77B86A-CFE4-4DDE-BC46-6D5CBCD72877}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{B04FD849-2BBB-4413-AD46-7D6407448275}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{0EA2B240-81FB-4495-8D23-53107B491CA3}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8893DCF1-A14A-490B-B90A-F128EC2E1F25}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{856F713A-C85C-406A-B4A2-88BEA825C698}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{307AC2E7-05D3-434B-8E81-077F1152E20B}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{E22607B3-42E1-4C87-8D9A-6F285F873EEE}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{B9F16C53-A464-425A-82F5-137A638A1233}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8F05698B-1798-43BD-AD63-FA87AEE0D959}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{85B8BF0A-29CE-4774-8685-F63459553BBD}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{AC049ABA-834F-4255-BD2F-AC1B95A715D4}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{2378C28F-F3DC-491F-9669-96454EC27189}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{B8A8C684-9411-448E-9D87-4D176B49008C}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{4A1CA775-7EDD-41A0-BFA8-E276A1FD4A99}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BFB1B0EE-E116-4F2C-A857-7E546F96D51F}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{75A78621-9CA3-4693-A6F7-028E6725CAC4}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8384171D-10FE-44EC-AD2F-204F21E42022}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{97372039-F26A-41D9-A476-36C0BB1FCD55}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{17F53CC8-F3EC-4472-8C0F-AF4297F39574}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{007BA13D-3534-4A65-8B19-25E4AD21682A}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{F18CAFD4-A628-41EA-9E2C-AAF16A30105E}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{60812FD7-7178-4E64-8C88-D70A05F0CFAF}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{710B5B3A-1B36-48D9-A66D-C7791F4673B8}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{EFBE2FE4-1DED-46D7-8889-E0072272DEC7}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{D09E72D8-A46C-4EE1-BCEA-7F1D5D07F4AD}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BB298A6A-25B8-4FDE-AEA9-A5742F784266}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{EC17CD5D-7D31-427D-A12F-391384CC86CB}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{60EB7B98-1013-42BE-AC5F-B11C64B87AC8}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BE789E8F-BB3B-4C6A-9AB3-606F9C1082C2}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C862B12D-8C9E-44E7-BCA8-05B994323FE0}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C5A0E09B-9E77-41C7-8520-A0E3979CF586}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BC6EBD3D-D64D-419F-83E3-1182F913F5F5}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{404BD956-CB18-4C66-9D02-ABDE263E4444}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8C3E2E9D-ADF9-4B50-92AD-3B4DBDF6F959}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{82CCE1F3-29E1-49D0-A6FB-338C63A793B9}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{F61C9F00-FF7F-4226-9E9D-9E1BA6BADFDD}\ not found. Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 . Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 . Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 . ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully. Unable to delete ADS C:\ProgramData\TEMP:45FE2B4E . ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Mike Hewitt\Downloads\cmd.bat deleted successfully. C:\Users\Mike Hewitt\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User User: Mike Hewitt ->Temp folder emptied: 225135 bytes ->Temporary Internet Files folder emptied: 43914 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 12481105 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15439345 bytes RecycleBin emptied: 8620694262 bytes Total Files Cleaned = 8,248.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.39.2 log created on 04082012_083742 Files\Folders moved on Reboot... Registry entries deleted on Reboot... The Eset scan is currently running, will add to next reply. Thanks. Quote
mikeh Posted April 8, 2012 Author Posted April 8, 2012 Ok here's the ESET scan log: C:\ProgramData\Microsoft\Windows\DRM\D44E.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch103.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch105.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch106.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch110.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch111.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch115.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch209.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch211.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch212.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch217.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch307.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch309.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch310.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch314.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch315.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch317.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch326.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch357.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch447.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch449.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch450.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch454.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch455.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch457.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch466.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch496.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch559.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\_OTL\MovedFiles\04072012_195750\C_Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined I nervously await your judgment. Quote
ExTS Admin Starbuck Posted April 8, 2012 ExTS Admin Posted April 8, 2012 Hi Mike, Things are beginning to look a lot better now. So I'm a little confused about this P2P Bearshare was on the system at one time. If others are using this system i'd make sure that they are all 'Standard User' accounts. http://windows.microsoft.com/en-US/windows-vista/What-is-a-standard-user-account This will allow you to control things a bit more. Total Files Cleaned = 8,248.00 mb That's quite a sizeable amount. You must be able to see a difference in the running of the system. On going through the reports again i did notice something this morning: It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Therefore please go to add/remove in the control panel and remove either Norton 360 or Threatfire. I'm assuming that Norton was on the system awhile back as there aren't any 'Services' or 'Drivers' showing in the report. If this is the case just: Go to: Norton Removal Tool Download it to your 'Desktop'. Then click on the desktop icon to run the removal tool. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 3 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 3". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x86'offline from the Platform down arrow. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. . Java 6 Update 4 Java 6 Update 5 Java 6 Update 23 . Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u3-windows-i586-p.exe to install the newest version. When finished let me know how the system is running and has the redirection stopped now? Quote Member of:UNITE
mikeh Posted April 9, 2012 Author Posted April 9, 2012 Starbuck, You are a star, the system is running better and the redirection appears to be gone. I understand more about the user accounts and have created one for the kids use without administrator privileges. Maybe this will ensure they can't let malware onto the system? I crave a better understanding and so have some questions to help me avoid this situation in the future..... (if you haven't anything better to do) Was there any one particular "thing" causing the redirection? Does the "google redirect virus" actually exist? Can you suggest ways in which this malicious software has got onto the system, bearing in mind the kids use it for simple internet games, downloading music (they assure me these are legal sites), school projects research, skype and windows live messenger? Would they be aware or would their consent be needed before anything is downloaded (ie if a game tells them they need to download and install something and they just say yes to everything) Is skype ok to use? What is Bearshare and where does it come from. Is it bad? Thanks for reminding me of the need to keep things updated. Windows itself had not updated for several months, though I didn't realise. It only updated a couple of weeks ago when I used a long cable from the router instead of wireless. Windows Defender is not able to update at the moment, I think it might be because of the wireless too. What would you advise for the best free anti spyware/malware at the moment? Thanks for your invaluable help. A master of your trade indeed. Quote
ExTS Admin Starbuck Posted April 10, 2012 ExTS Admin Posted April 10, 2012 Hi Mike. Does the "google redirect virus" actually exist? It does, but there a few misconceptions about it. Technically, the Google Redirect Virus is not really a virus at all – it’s a trojan – and despite the name, Google has nothing to do with the problem. It’s not a problem with Google’s website, search engine, or anything else. The problem is local to your computer and it will affect all of the main browsers that you have installed, including Internet Explorer, Firefox, Opera, and Chrome. It is a variation of the TDSS rootkit, which piggybacks on top of a system driver. Is skype ok to use? Yes, Skype is fine. What is Bearshare and where does it come from. Is it bad? Bearshare is a P2P (Peer To Peer) program that has to be installed on the system. Most P2P programs aren't malicious in themselves although they may contain certain adware and tracking abilities. The problem with these programs is that they are used to download Music, Films etc. The program searches your system for files and makes these available to anyone else that uses the program. So when you download something using this type of program.... you are actually downloading it from another persons PC. So if their system is infected, the infection may well be passed on. Also the 'Bad Guys' actually make things available that contain malware.... with a view to infect your system and possibly steal passwords for email and Banking accounts. Would they be aware or would their consent be needed before anything is downloaded (ie if a game tells them they need to download and install something and they just say yes to everything) They may not be aware, as it is now reckoned that about 90% of sites carry some sort of infection. Sometimes a pop up will be shown asking if you want to download some useless piece of software, but even clicking NO will sometimes still install it. That's how the Bad Guys get around things. The best thing to do in this instance is NOT to click anything on the page..... but just close the browser. Remember.... once you click to allow something to be installed, you're basically telling your security software that it's ok..... so any bad stuff will be allowed to enter the system. Windows Defender is not able to update at the moment, I think it might be because of the wireless too. An answer to this could be achieved by the answer of the next question: What would you advise for the best free anti spyware/malware at the moment? MBAM is the best Anti Malware program around at the moment. The free version will have to be updated manually and a scan run manually. The paid for version will run in the background all the time and will update automatically. I only use the free version....... i update it every day and then run a scan twice a week. In my opinion the best free Anti Virus program at the moment is: MS Security Essentials This program should disable Windows Defender as it's not needed to run with MSSE. It has it's own built in Realtime scanner and will run in the background and update all the time. I use this on 2 of my systems. If you decide to change your AV from Threatfire to MSSE..... download MSSE to your desktop, then uninstall Threatfire.... then install MSSE. There is another scan i'd like you run. The reason for this is that when Eset cleared out the Spybot folders.... there were references to 'Bagle'. This may have been a false positive from Spybot, but i'd like to make sure that if it was on the system.... it's been completely removed as it's not a nice malware to have. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the screens relating to the recovery console as they are Win XP related. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Quote Member of:UNITE
mikeh Posted April 10, 2012 Author Posted April 10, 2012 Thanks for all your replies. I am away most of this week but will do the Combofix thing on my return. Many thanks. Quote
ExTS Admin Starbuck Posted April 10, 2012 ExTS Admin Posted April 10, 2012 Ok, thanks for letting me know. Quote Member of:UNITE
mikeh Posted April 12, 2012 Author Posted April 12, 2012 OK here's the ComboFix log. How's it looking now? omboFix 12-04-12.03 - admin 12/04/2012 20:33:40.1.2 - x86 Running from: c:\users\admin\Downloads\Combo-Fix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\GuffinsEI . . ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 ))))))))))))))))))))))))))))))) . . 2012-04-12 12:29 . 2012-04-12 12:29 722070 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-04-09 20:40 . 2012-04-09 20:40 -------- d-----w- c:\users\admin 2012-04-08 14:10 . 2012-04-08 14:10 -------- d-----w- c:\program files\Common Files\Java 2012-04-08 14:05 . 2012-04-08 14:04 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-08 12:41 . 2012-04-08 12:41 -------- d-----w- c:\program files\7-Zip 2012-04-08 08:00 . 2012-04-08 08:00 -------- d-----w- c:\program files\ESET 2012-04-07 18:57 . 2012-04-07 18:57 -------- d-----w- C:\_OTL 2012-04-06 19:46 . 2012-04-06 19:46 -------- d-----w- c:\users\Mike Hewitt\AppData\Roaming\Malwarebytes 2012-04-06 19:46 . 2012-04-06 19:46 -------- d-----w- c:\programdata\Malwarebytes 2012-04-06 19:45 . 2012-04-06 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-06 19:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:55 . 2012-03-29 08:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-16 10:50 . 2012-03-16 10:50 -------- d-----w- C:\8431013cc9a129c787eeee0744 2012-03-16 09:36 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-16 09:22 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-03-16 09:22 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-03-16 09:22 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-03-16 09:22 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-03-16 09:22 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-03-16 09:22 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-03-16 09:22 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2012-03-16 09:22 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2012-03-16 09:22 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2012-03-16 09:22 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2012-03-16 09:22 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll 2012-03-16 09:21 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2012-03-16 09:21 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll 2012-03-16 09:21 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-03-16 09:21 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-03-16 09:19 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-16 09:19 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-16 09:19 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-03-16 09:19 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-03-16 09:19 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2012-03-16 09:19 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-03-16 09:19 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-03-16 09:19 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-03-16 09:18 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-03-16 09:18 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-03-16 09:18 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-03-16 09:18 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2012-03-16 09:17 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-03-16 09:17 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-03-16 09:17 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-03-16 09:17 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-16 09:17 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-16 09:17 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-16 09:17 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-16 09:17 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-16 09:17 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 09:17 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-03-16 09:17 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-16 09:17 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-16 09:16 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2012-03-16 09:14 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2012-03-16 09:14 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-03-16 09:14 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-03-16 09:13 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-16 09:13 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-08 14:04 . 2011-01-05 23:29 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-29 08:55 . 2011-05-20 18:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-30 13:59 . 2012-03-30 13:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "4oD"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Skytel"="Skytel.exe" [2007-04-04 1822720] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-10 68592] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-05-25 273544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2008-11-17 263456] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing Deluxe Version 11.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Mavis Beacon Teaches Typing Deluxe Version 11.lnk backup=c:\windows\pss\Mavis Beacon Teaches Typing Deluxe Version 11.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater] 2011-09-15 14:24 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-09-12 17:00 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mchInjDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:55] . 2012-04-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-05 14:24] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 10:40] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 10:40] . 2011-09-10 c:\windows\Tasks\User_Feed_Synchronization-{A6EDA759-7985-4AFC-9FE1-16A4C9E3856B}.job - c:\windows\system32\msfeedssync.exe [2012-03-16 12:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://support.thetechguys.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\a94r7txh.default\ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Remove Duplicate Files - c:\program files\Remove Duplicate Files\RemoveDuplicateFiles.exe MSConfigStartUp-SSDMonitor - c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe AddRemove-BearShare 2 MediaBar - c:\program files\BearShare Applications\MediaBar\Datamngr\ToolBar\uninstallTB.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-12 20:43 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(4252) c:\program files\ThreatFire\TFWAH.dll . - - - - - - - > 'lsass.exe'(624) c:\program files\ThreatFire\TFWAH.dll . - - - - - - - > 'Explorer.exe'(4988) c:\program files\ThreatFire\TFWAH.dll . Completion time: 2012-04-12 20:48:04 ComboFix-quarantined-files.txt 2012-04-12 19:48 . Pre-Run: 92,834,865,152 bytes free Post-Run: 92,798,128,128 bytes free . - - End Of File - - E26E6673C6F6BEE389BC17F6155C6D7A Quote
ExTS Admin Starbuck Posted April 13, 2012 ExTS Admin Posted April 13, 2012 Hi Mike, Well no sign of any leftovers from 'Bagle' so that's ok. If you are having no issues with the system now, we can finish off the cleaning process. Quote Member of:UNITE
ExTS Admin Starbuck Posted April 14, 2012 ExTS Admin Posted April 14, 2012 There's more?? Yep, we have to tidy up after ourselves now. :) Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 You will need the 'Run' command enabled for this step: By default, Windows Vista does not have the "Run" command on the start menu. If it's not showing on your start menu, It's easy to get this back. 1. Open the start menu. 2. Right click on a non-icon area and select "Properties". 3. Press the "Customize" button. 4. Scroll down and find the "Run command" checkbox. 5. Check it and press OK. 6. Press OK. You now have your run command on the start menu. Please uninstall ComboFix by Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png This action will uninstall Combofix and also perform a few cleanup measures Step 3 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed Step 4 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with a screen. You should click on the Turn System Protection Off button. Click Apply and then OK. Reboot your computer. Now: Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. Click Apply and then OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: How did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ... see note* ....installation guide Here Avast free MS Security Essentials ... see note** ... installation guide Here Note*: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation. Note**: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.