Jump to content

PC often slow

guypea
 Share

Recommended Posts

guypea Newbie

guypea

Posted
Posted

hi

my dell xps420 is such a pain these days. I have run various cleaners on it, but it often sounds like there is some sort of process going on in the background even when i am away from it. it takes ages to start up, and there is always a delay, maybe of around two minutes on start up, where it does absolutely nothing, then fires into life again, on its own.

if anyone can help i would be grateful.

  • Replies 19
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • 3 weeks later...
guypea Newbie

guypea

Posted
  • Author
Posted

hi, sorry for the delay - been away

 

i have been through start-up in the past and unticked unnecessary stuff.

here's whats ticked now..

 

Intel Software

Nvidia center media library

raid event monitor

rimbb launch agent

nvidia comptible windows 2000 display driver

microsoft security client

java platform auto updater

realplayer

common sdk

quicktime

software manager

Plastic Nev Newbie

Plastic Nev

Posted
Posted

If you have used Combofix, and OTL without either a properly trained helper, or the proper training in their use by yourself, as well as maybe using the registry cleaner side of CCleaner, you may well have done a good deal of damage already.

 

I will make sure our security experts are aware these have been used and with their help some repairs may be possible, but please be aware you may have to reinstall the operating system back to original factory settings.

 

Nev.

Need help with your computer problems? Then why not join Free PC Help. Register here.

If Free PC Help has helped you then please consider a donation. Click here

 We are all members helping other members. Please return here where you may be able to help someone else.  

After all, no one knows everything and you may have the answer that someone needs.

--------------------------------------------------------------------

I have installed Windows, now how do I install the curtains? 😄

image.png

Starbuck Newbie

Starbuck

Posted
Posted
ive used combo fix, c-cleaner, startup lite, defraggler, otl, and dds

Why were Combofix and OTL run?

How many times has Combofix been run?

Was anything removed?

 

Please include the C:\ComboFix.txt in your next reply.

 

Note:

if anyone runs Combofix off their own back ( not under the supervision of a qualified 'Helper') then the Author of Combofix will offer no help to correct problems arising from any of the deletions.

Member of:

UNITE

Starbuck Newbie

Starbuck

Posted
Posted

Hi guypea

 

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

This is not helping your system.

 

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira AntiVir or Microsoft Security Essentials.

 

As you have tried to stop Avira by using MsConfig, i suggest you uninstall Avira.

 

After removing this program please follow the step below.

 

  • Download OTL to your desktop.
    If using Firefox ..right click on the link and select 'Save Link/Target As'.
     
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

Thanks

Member of:

UNITE

guypea Newbie

guypea

Posted
  • Author
Posted

i have tried to uninstall avira in the past. there is no file called avira on the computer anymore

cant find anything that relates to it, even though it does seem to be there somewhere

Starbuck Newbie

Starbuck

Posted
Posted
DIDNT GET AN EXTRAS TXT

That is because OTL was run previously....

Also the copy of OTL you are using is an out of date version.

Please remove that version by right clicking on it and selecting delete.

Now use the link in my previous post to download the latest version.

 

As OTL has been run previously you will need to remember this:

Under Extra Registry section, select Use SafeList.... this will produce the 'Extras.txt.

 

We can't remove anything from the report until i see both reports from the latest version.

 

Thanks

Member of:

UNITE

guypea Newbie

guypea

Posted
  • Author
Posted (edited)

here we go

 

OTL logfile created on: 16/07/2012 18:08:26 - Run 4

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Guy\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.48% Memory free

4.24 Gb Paging File | 2.41 Gb Available in Paging File | 56.86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 581.12 Gb Total Space | 476.42 Gb Free Space | 81.98% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 10.85 Gb Free Space | 72.31% Space Free | Partition Type: NTFS

Drive E: | 637.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: GUY-PC | User Name: Guy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Guy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.)

PRC - C:\Program Files\Rising\RSD\popwndexe.exe (Beijing Rising Information Technology Co., Ltd.)

PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)

PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

PRC - C:\Windows\System32\PSIService.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll ()

MOD - C:\Program Files\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()

MOD - C:\Program Files\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()

MOD - C:\Program Files\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()

MOD - C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()

MOD - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll ()

MOD - C:\Users\Guy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll ()

MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found

SRV - (0276671207382884mcinstcleanup) McAfee Application Installer Cleanup (0276671207382884) -- C:\Users\Guy\AppData\Local\Temp\027667~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (RsMgrSvc) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Roxio MyDVD Premier\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)

SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Roxio MyDVD Premier\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)

SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdSQL Project)

SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (FirebirdSQL Project)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)

SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)

SRV - (QualityManager) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel® Corporation)

SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)

SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)

SRV - (DHTRACE) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel® Corporation)

SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation)

SRV - (NMSCore) Intel® -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel® Corporation)

SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

SRV - (dldfCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe ()

SRV - (dldf_device) -- C:\Windows\System32\dldfcoms.exe ( )

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)

SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (OMCI) -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (mbr) -- C:\ComboFix\mbr.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\Guy\AppData\Local\Temp\catchme.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (rsdsys) -- C:\Windows\System32\drivers\protreg.sys (Beijing Rising Information Technology Co., Ltd.)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (RapportCerberus_32029) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys ()

DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)

DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)

DRV - (SPC620m) -- C:\Windows\System32\drivers\SPC620m.sys (Philips )

DRV - (SPC620) -- C:\Windows\System32\drivers\SPC620.sys (Philips )

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)

DRV - (MBLAUDRV) -- C:\Windows\System32\drivers\BTCamAudioDrv.sys (Windows ® 2000 DDK provider)

DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()

DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)

DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)

DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bbc.co.uk/sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUK_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Guy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 09:24:50 | 000,000,000 | ---D | M]

 

[2011/06/07 14:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy\AppData\Roaming\Mozilla\Extensions

[2010/07/06 16:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Guy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: vShare.tv plug-in (Disabled) = C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: DivX Player Netscape Plugin (Disabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

CHR - plugin: DivX Web Player (Disabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Disabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: RealArcade Mozilla Plugin (Disabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Guy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Disabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: vshare plugin = C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Google Mail Checker = C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\

CHR - Extension: Gmail = C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/01/19 09:47:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: nngad.co.uk ([citrixwi] http in Trusted sites)

O15 - HKCU\..Trusted Domains: northcliffemedia.co.uk ([ras] https in Trusted sites)

O15 - HKCU\..Trusted Domains: ssnremote.co.uk ([]https in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58B88789-A169-48F6-AD10-4C146777C6BE}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Guy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Guy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/01 20:46:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2003/10/06 21:39:06 | 000,000,067 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPro620.lnk - C:\Windows\VPro620.exe - (Philips)

MsConfig - StartUpFolder: C:^Users^Guy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

MsConfig - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

MsConfig - StartUpReg: Dell AIO Printer 948 Fax Server - hkey= - key= - C:\Program Files\Dell AIO Printer 948\fm3032.exe ()

MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

MsConfig - StartUpReg: iSafeCW - hkey= - key= - C:\Program Files\AthTek Kelogger\winsrv.exe (AthTek Kelogger)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found

MsConfig - StartUpReg: OfficeSyncProcess - hkey= - key= - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: Rim.DesktopHelper.exe - hkey= - key= - C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe (Research In Motion)

MsConfig - StartUpReg: rkfree - hkey= - key= - C:\Program Files\rkfree\rkfree.exe (Logixoft)

MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

MsConfig - StartUpReg: SS_MW - hkey= - key= - C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/07/16 18:07:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Guy\Desktop\OTL.exe

[2012/07/16 09:24:48 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{2886BEAB-A010-42FA-BB52-E126BCCDBE2E}

[2012/07/16 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{523F129D-BB2F-403E-94E6-3FFBBF619C0E}

[2012/07/16 09:04:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/16 09:04:01 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/16 08:38:25 | 004,579,346 | R--- | C] (Swearware) -- C:\Users\Guy\Desktop\ComboFix.exe

[2012/07/15 13:06:31 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{05361BB8-1456-41AC-A956-4EE1901F0639}

[2012/07/15 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{8D7689D6-84E9-48D5-B113-25D451442235}

[2012/07/15 10:49:30 | 002,375,200 | ---- | C] (PC Help Soft ) -- C:\Users\Guy\Desktop\pc-cleaner-318.exe

[2012/07/14 13:01:23 | 004,615,016 | ---- | C] (Garmin International) -- C:\Users\Guy\Desktop\GarminMapUpdater_v3.1.14.exe

[2012/07/14 12:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin

[2012/07/14 12:52:13 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Roaming\Garmin

[2012/07/14 12:49:30 | 019,169,392 | ---- | C] (Igor Pavlov) -- C:\Users\Guy\Desktop\CommunicatorPlugin_403.exe

[2012/07/14 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{C2F533CB-9FAC-4817-95FB-D07559DF3845}

[2012/07/14 09:09:00 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{E51164AE-0803-41F9-A763-DD28C853298D}

[2012/07/14 08:43:38 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/07/14 08:35:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/07/14 08:35:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/07/14 08:35:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/07/14 08:35:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/07/14 08:35:21 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/07/14 08:35:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/07/14 08:35:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/07/12 08:32:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/07/11 16:00:04 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{BD443AD0-351F-4E12-88D6-C095DD4E312E}

[2012/07/11 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{9D35B0A4-9C23-4750-9CD6-0207A271FF13}

[2012/07/04 08:15:58 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{969F9EBB-CECA-4F73-8F53-5DA3A085DD8B}

[2012/07/04 08:15:48 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{99C3D29D-2A7C-44C5-B769-7CB312CF9AB8}

[2012/07/03 08:15:22 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{1CAFE556-D5E5-4651-993F-44BD1D0041FC}

[2012/07/03 08:15:12 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{6D222620-8FF7-4EC5-9D04-8E303CE8517D}

[2012/07/02 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{FCEEB59E-BCBA-4D07-9794-0938729B52F9}

[2012/07/02 17:27:50 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{24DD5A57-53CF-4E4D-B360-D0657E832586}

[2012/07/01 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{A34536FF-7FBC-461A-B4D4-58EE627EC5B1}

[2012/07/01 15:42:56 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{8970D7DD-5FC6-4729-B91F-7F12A68AB35B}

[2012/07/01 15:07:46 | 000,000,000 | ---D | C] -- C:\Users\Guy\Desktop\PRINTER

[2012/07/01 13:26:06 | 000,000,000 | ---D | C] -- C:\Users\Guy\GUY WORK

[2012/07/01 11:50:21 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{7FB85325-5550-415F-958C-72665412F469}

[2012/07/01 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{7F1F375B-6167-4F58-885D-ED44CEA94621}

[2012/06/30 12:32:02 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{F69543C6-F6A3-4215-BC3D-BBC1DA1788F4}

[2012/06/30 12:31:52 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{B529E0CB-348E-4F26-85A0-A9F1598A2464}

[2012/06/28 20:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations

[2012/06/28 20:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations

[2012/06/28 20:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

[2012/06/28 20:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons

[2012/06/28 20:11:29 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Roaming\HpUpdate

[2012/06/28 20:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2012/06/28 20:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2012/06/28 20:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2012/06/28 20:09:21 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\HP

[2012/06/28 20:08:43 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpinksts8911LM.dll

[2012/06/28 20:08:43 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpinkcoi8911.dll

[2012/06/28 20:07:41 | 001,792,872 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPScanMiniDrv_DJ1050_J410.dll

[2012/06/28 08:12:27 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{90D7FA5E-3F13-4AD5-8E68-E2E57132D4FC}

[2012/06/28 08:12:15 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{F02D5398-6358-446F-9183-5AFF279E3EA0}

[2012/06/24 10:28:06 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{B007AED8-9FDE-447D-8105-B97995FAFAF6}

[2012/06/24 10:27:56 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{32A051E5-1D36-4845-BAFA-3631A3BD1FE9}

[2012/06/21 16:35:42 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/21 16:35:42 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/21 16:35:03 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/21 16:35:03 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/21 16:35:03 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/21 16:34:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/21 16:34:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/20 07:51:36 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{B150A580-6E2C-40FD-AFD2-D7A9A9DD053D}

[2012/06/20 07:51:26 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{73FFEF58-691C-4583-BFCA-DCC8A256B12B}

[2012/06/19 18:08:00 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{2D9486DD-CBA3-4038-813A-1B330E877B37}

[2012/06/19 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{E4B050CB-08E8-4C4B-96C6-46A4C4C2DD6E}

[2012/06/17 15:47:29 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{085256D8-2D7F-4FD6-B480-6E32CBD40184}

[2012/06/17 14:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit

[2012/06/17 14:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit

[2012/02/07 09:09:58 | 000,097,280 | ---- | C] (Logixoft) -- C:\Users\Guy\rkfree_setup.exe

[2012/01/29 19:02:34 | 006,628,912 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Guy\Shockwave_Installer_Slim.exe

[2012/01/24 13:52:46 | 030,323,528 | ---- | C] (PhoenixViewer.com ) -- C:\Users\Guy\Phoenix_Viewer-1.6.0.1600_RELEASE_SSE2.exe

[2010/09/23 09:07:29 | 681,867,016 | ---- | C] (Microsoft Corporation) -- C:\Users\Guy\X16-32250.exe

[2010/07/16 09:04:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Guy\TFC.exe

[2008/02/02 10:51:09 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/07/16 18:15:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/16 18:15:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/16 18:07:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Guy\Desktop\OTL.exe

[2012/07/16 17:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/16 17:32:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/16 15:03:21 | 000,038,305 | ---- | M] () -- C:\Users\Guy\Desktop\IRELANDD.rtf

[2012/07/16 08:38:47 | 004,579,346 | R--- | M] (Swearware) -- C:\Users\Guy\Desktop\ComboFix.exe

[2012/07/16 08:20:31 | 000,624,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/16 08:20:31 | 000,117,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/15 18:05:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/07/15 10:49:40 | 002,375,200 | ---- | M] (PC Help Soft ) -- C:\Users\Guy\Desktop\pc-cleaner-318.exe

[2012/07/15 10:35:07 | 000,032,334 | ---- | M] () -- C:\Users\Guy\Desktop\SELLING.rtf

[2012/07/14 19:21:02 | 000,405,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/07/14 13:01:57 | 004,615,016 | ---- | M] (Garmin International) -- C:\Users\Guy\Desktop\GarminMapUpdater_v3.1.14.exe

[2012/07/14 12:51:29 | 019,169,392 | ---- | M] (Igor Pavlov) -- C:\Users\Guy\Desktop\CommunicatorPlugin_403.exe

[2012/07/12 20:32:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/02 17:25:29 | 000,002,401 | ---- | M] () -- C:\Users\Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2012/06/17 14:41:46 | 000,109,256 | ---- | M] () -- C:\Windows\System32\EasyHook64.dll

[2012/06/17 14:41:44 | 000,090,824 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll

[2012/06/17 14:41:10 | 010,284,272 | ---- | M] () -- C:\Users\Guy\Desktop\dap10.exe

 

========== Files Created - No Company Name ==========

 

[2012/07/15 11:41:50 | 000,038,305 | ---- | C] () -- C:\Users\Guy\Desktop\IRELANDD.rtf

[2012/07/15 10:32:44 | 000,032,334 | ---- | C] () -- C:\Users\Guy\Desktop\SELLING.rtf

[2012/06/17 14:43:14 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll

[2012/06/17 14:43:14 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll

[2012/06/17 14:40:34 | 010,284,272 | ---- | C] () -- C:\Users\Guy\Desktop\dap10.exe

[2012/01/24 13:56:55 | 000,000,989 | ---- | C] () -- C:\Users\Guy\Phoenix Viewer.lnk

[2012/01/13 17:25:04 | 000,000,444 | ---- | C] () -- C:\Users\Guy\ComboFix - Shortcut.lnk

[2011/12/11 12:25:54 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2011/12/11 12:25:52 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2011/12/11 12:25:49 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll

[2011/12/11 12:25:47 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll

[2011/12/11 12:25:46 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

[2011/12/11 12:25:46 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

[2011/09/20 08:29:13 | 000,000,144 | ---- | C] () -- C:\Windows\System32\ENoSignature.dll

[2011/09/15 12:18:13 | 000,001,728 | ---- | C] () -- C:\Users\Guy\QuickTime Player.lnk

[2011/08/26 12:27:01 | 000,005,120 | ---- | C] () -- C:\Users\Guy\AppData\Local\Databases.db

[2011/07/07 09:45:04 | 000,001,894 | ---- | C] () -- C:\Users\Guy\Adobe Reader X.lnk

[2011/06/19 09:37:03 | 000,002,098 | ---- | C] () -- C:\Users\Guy\BlackBerry Desktop Software.lnk

[2011/06/11 19:11:07 | 000,001,828 | ---- | C] () -- C:\Users\Guy\ViewNX.lnk

[2011/06/11 19:10:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices

[2011/06/11 19:10:45 | 000,000,268 | RH-- | C] () -- C:\Users\Guy\AppData\Roaming\Metadata Importer

[2011/06/11 19:10:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2011/06/11 19:10:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pedal Hard

[2011/06/11 19:09:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature

[2011/06/11 19:09:05 | 000,000,268 | RH-- | C] () -- C:\Users\Guy\AppData\Roaming\Master

[2011/06/11 19:09:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2011/06/11 19:09:05 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive

[2011/06/07 12:52:50 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/05/01 13:06:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/05/01 13:06:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/05/01 13:06:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/05/01 13:06:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/05/01 13:06:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/01/07 10:44:17 | 000,000,239 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\mainhst.zgh

[2010/12/03 17:40:25 | 000,000,794 | ---- | C] () -- C:\Users\Guy\Cheat Engine.lnk

[2010/12/03 12:46:28 | 000,001,726 | ---- | C] () -- C:\Users\Guy\Mozilla Firefox.lnk

[2010/11/28 12:00:14 | 000,001,612 | ---- | C] () -- C:\Users\Guy\Greeting Card Studio 3.1.lnk

[2010/11/21 11:09:23 | 000,000,866 | ---- | C] () -- C:\Users\Guy\PFPortChecker.lnk

[2010/11/18 10:03:45 | 000,001,059 | ---- | C] () -- C:\Users\Guy\Revo Uninstaller.lnk

[2010/11/18 09:58:37 | 000,001,118 | ---- | C] () -- C:\Users\Guy\Mz Ultimate Cleaner.lnk

[2010/10/31 15:31:53 | 000,023,888 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\UserTile.png

[2010/10/09 09:01:07 | 000,001,889 | ---- | C] () -- C:\Users\Guy\Adobe Reader 9.lnk

[2010/09/17 08:54:41 | 000,188,416 | ---- | C] () -- C:\Windows\System32\intelbth.dll

[2010/09/17 08:54:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ICE_JNIRegistry.dll

[2010/09/09 10:08:56 | 000,088,236 | ---- | C] () -- C:\Users\Guy\Copy_of_Circles_Resume.pdf

[2010/06/21 20:39:12 | 000,000,000 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\Application.set

[2010/06/19 09:45:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\fkl.dat

[2010/05/28 16:46:43 | 000,010,784 | ---- | C] () -- C:\Users\Guy\muttley.jpg

[2010/04/30 08:59:42 | 000,001,356 | ---- | C] () -- C:\Users\Guy\AppData\Local\d3d9caps.dat

[2009/10/22 15:05:30 | 000,000,876 | ---- | C] () -- C:\Users\Guy\Acrobat.com.lnk

[2009/10/09 12:17:53 | 000,001,986 | ---- | C] () -- C:\Users\Guy\Vodafone SMS.lnk

[2009/10/09 12:17:53 | 000,001,986 | ---- | C] () -- C:\Users\Guy\Vodafone Mobile Connect.lnk

[2009/08/25 09:30:18 | 000,000,728 | ---- | C] () -- C:\Users\Guy\Jarte.lnk

[2009/08/08 10:01:29 | 000,000,250 | ---- | C] () -- C:\Users\Guy\bk.rtf

[2009/02/14 10:32:27 | 000,001,635 | ---- | C] () -- C:\Users\Guy\Google Docs.lnk

[2008/08/20 16:37:10 | 000,000,388 | ---- | C] () -- C:\Users\Guy\Translator.url

[2008/08/20 16:37:10 | 000,000,296 | ---- | C] () -- C:\Users\Guy\Download programs.url

[2008/06/09 12:20:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/03/26 10:10:11 | 000,003,918 | ---- | C] () -- C:\ProgramData\dldf

[2008/02/05 19:40:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2008/02/01 16:30:09 | 000,009,442 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\wklnhst.dat

[2008/02/01 15:18:04 | 000,001,293 | ---- | C] () -- C:\Users\Guy\Roxio Creator Home.lnk

[2008/02/01 14:47:53 | 000,048,640 | ---- | C] () -- C:\Users\Guy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== LOP Check ==========

 

[2011/06/28 21:55:48 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\948 Series

[2011/04/06 08:33:28 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Azureus

[2009/11/08 12:27:38 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2009/09/16 08:52:00 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Citrix

[2009/10/22 15:16:52 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/04/13 19:08:24 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\com.yomego.dpals.DPalsWorld.7F1381133C7ABEEEEF1C66AC3F7CB1BC5DD3E822.1

[2009/06/20 16:03:34 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\DreamDale

[2010/06/21 20:17:14 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\DTS

[2008/11/26 19:22:07 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Farm Mania

[2012/02/01 09:33:58 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\FK_Monitor

[2009/01/27 20:15:29 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\funkitron

[2012/07/14 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Garmin

[2012/02/01 09:36:01 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\GetRightToGo

[2009/07/12 11:07:52 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\HSA

[2011/06/28 21:55:48 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\ICAClient

[2010/10/31 23:56:37 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\ImgBurn

[2011/03/29 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\InfraRecorder

[2009/07/12 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\iWin

[2012/02/07 09:26:25 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Juniper Networks

[2008/11/29 16:51:24 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\MagicBall3

[2009/06/20 16:12:50 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\MagicBall4

[2008/02/03 12:29:14 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\My Games

[2011/06/11 19:21:11 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Nikon

[2011/06/16 17:15:16 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Nokia

[2011/06/16 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Nseries

[2011/10/25 11:32:03 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Opera

[2009/09/16 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\PC Suite

[2010/10/31 15:31:51 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\PeerNetworking

[2009/07/10 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Pi Eye Games

[2009/06/18 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\PlayFirst

[2009/11/06 13:25:13 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\PrimoPDF

[2011/06/19 09:38:30 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Research In Motion

[2011/06/17 09:21:22 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Samsung

[2012/06/02 09:26:18 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\SecondLife

[2011/08/08 11:10:37 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Shareaza

[2010/07/03 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Skip-Bo

[2011/06/28 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\SmartDraw

[2010/07/26 17:26:31 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\SpinTop Games

[2009/04/03 17:51:03 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\temp

[2008/02/07 21:36:14 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Template

[2009/03/08 10:17:50 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Trusteer

[2008/11/25 20:13:03 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\UNOUndercover

[2009/10/09 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Vodafone

[2010/10/23 12:28:41 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Windows Live Writer

[2009/08/24 20:11:57 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Word Count

[2009/08/24 20:10:49 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\Word Count Setup

[2011/06/28 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\Guy\AppData\Roaming\ZipGenius

[2012/07/15 18:05:29 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2008/03/01 20:46:41 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2012/07/16 09:03:59 | 000,015,003 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008/01/29 09:05:13 | 000,004,584 | RH-- | M] () -- C:\dell.sdr

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2011/05/16 17:57:53 | 000,000,311 | ---- | M] () -- C:\faxend.log

[2011/05/16 17:57:53 | 000,000,162 | ---- | M] () -- C:\faxendPdoc.log

[2011/05/16 17:57:52 | 000,000,243 | ---- | M] () -- C:\faxfile.log

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2008/02/01 15:49:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/02/01 15:49:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012/07/16 08:14:50 | 2459,140,096 | -HS- | M] () -- C:\pagefile.sys

[2011/06/28 08:47:13 | 000,000,370 | ---- | M] () -- C:\rkill.log

[2008/09/11 19:35:18 | 000,000,024 | ---- | M] () -- C:\url_history.xml

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2009/07/16 10:46:37 | 000,000,162 | ---- | M] () -- C:\YServer.txt

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2007/05/02 16:38:36 | 000,113,664 | ---- | M] () -- C:\Windows\system32\Spool\prtprocs\w32x86\dldfdrpp.dll

[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %PROGRAMFILES%\* >

[2008/09/21 18:32:52 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2008/02/02 10:51:02 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/01 14:20:51 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/01 14:20:51 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/01 14:20:51 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/01 14:20:51 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/01 14:20:51 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/01 14:20:51 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 796 bytes -> C:\Users\Guy\Documents\panicccc.eml:OECustomProperty

@Alternate Data Stream - 76 bytes -> C:\Users\Guy\Documents\Sam.rtf:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Guy\Documents\Rose 2.rtf:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Guy\Documents\GUY.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Guy\Documents\Guy Pearson CV.pdf:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Guy\Documents\car insurance 240.727.118.pdf:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Guy\Documents\becs message tone by grace n bec.rtf:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Guy\Documents\Attach.txt:Roxio EMC Stream

@Alternate Data Stream - 16 bytes -> C:\Users\Guy\Downloads:Shareaza.GUID

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:56E2E879

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BD3317DE

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D1F691A

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0

 

< End of report >

Extras.Txt

OTL.Txt

Edited by Starbuck
Starbuck Newbie

Starbuck

Posted
Posted

Hi guypea

 

A couple of questions before i complete the fix:

 

Are you aware that a keylogger has been installed on this system?

[2012/02/07 09:09:58 | 000,097,280 | ---- | C] (Logixoft) -- C:\Users\Guy\rkfree_setup.exe

Related to: Revealer Keylogger

 

i see that it has been stopped by use of MsConfig

MsConfig - StartUpReg: rkfree - hkey= - key= - C:\Program Files\rkfree\rkfree.exe (Logixoft)

 

Do you want these entries removed?

 

Also

What is this for:

Rising Software Deployment System

I find very little about it in my searches.

The company themselves seem loathed to give out too much info either.

Member of:

UNITE

guypea Newbie

guypea

Posted
  • Author
Posted

i am aware of the keyloggers yes and i want to get rid completely

rising sun i think was part of an old anti virus thing, again, get rid

Starbuck Newbie

Starbuck

Posted
Posted (edited)

Hi Guypea,

 

Ok, let's make a start then.

 

Step 1

Try to uninstall Rising Software Deployment System

through the Add/Remove first.

I've added all the files/folders to the fix, so if it won't remove..... it doesn't matter too much.

But always best to try the uninstaller first.

If there are any left over files/folders, the fix will clean them off.

 

 

Step 2

Double click on OTL to run it.

Copy all of the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
PRC - C:\Program Files\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.)
PRC - C:\Program Files\Rising\RSD\popwndexe.exe (Beijing Rising Information Technology Co., Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (0276671207382884mcinstcleanup) McAfee Application Installer Cleanup (0276671207382884) -- C:\Users\Guy\AppData\Local\Temp\027667~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found
SRV - (RsMgrSvc) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
DRV - (rsdsys) -- C:\Windows\System32\drivers\protreg.sys (Beijing Rising Information Technology Co., Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: nngad.co.uk ([citrixwi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: northcliffemedia.co.uk ([ras] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ssnremote.co.uk ([]https in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
MsConfig - StartUpReg: rkfree - hkey= - key= - C:\Program Files\rkfree\rkfree.exe (Logixoft)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found
MsConfig - StartUpReg: iSafeCW - hkey= - key= - C:\Program Files\AthTek Kelogger\winsrv.exe (AthTek Kelogger)
[2012/02/07 09:09:58 | 000,097,280 | ---- | C] (Logixoft) -- C:\Users\Guy\rkfree_setup.exe
[2012/07/16 09:24:48 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{2886BEAB-A010-42FA-BB52-E126BCCDBE2E}
[2012/07/16 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{523F129D-BB2F-403E-94E6-3FFBBF619C0E}
[2012/07/15 13:06:31 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{05361BB8-1456-41AC-A956-4EE1901F0639}
[2012/07/15 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{8D7689D6-84E9-48D5-B113-25D451442235}
[2012/07/14 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{C2F533CB-9FAC-4817-95FB-D07559DF3845}
[2012/07/14 09:09:00 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{E51164AE-0803-41F9-A763-DD28C853298D}
[2012/07/11 16:00:04 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{BD443AD0-351F-4E12-88D6-C095DD4E312E}
[2012/07/11 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{9D35B0A4-9C23-4750-9CD6-0207A271FF13}
[2012/07/04 08:15:58 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{969F9EBB-CECA-4F73-8F53-5DA3A085DD8B}
[2012/07/04 08:15:48 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{99C3D29D-2A7C-44C5-B769-7CB312CF9AB8}
[2012/07/03 08:15:22 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{1CAFE556-D5E5-4651-993F-44BD1D0041FC}
[2012/07/03 08:15:12 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{6D222620-8FF7-4EC5-9D04-8E303CE8517D}
[2012/07/02 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{FCEEB59E-BCBA-4D07-9794-0938729B52F9}
[2012/07/02 17:27:50 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{24DD5A57-53CF-4E4D-B360-D0657E832586}
[2012/07/01 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{A34536FF-7FBC-461A-B4D4-58EE627EC5B1}
[2012/07/01 15:42:56 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{8970D7DD-5FC6-4729-B91F-7F12A68AB35B}
[2012/07/01 11:50:21 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{7FB85325-5550-415F-958C-72665412F469}
[2012/07/01 11:50:10 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{7F1F375B-6167-4F58-885D-ED44CEA94621}
[2012/06/30 12:32:02 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{F69543C6-F6A3-4215-BC3D-BBC1DA1788F4}
[2012/06/30 12:31:52 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{B529E0CB-348E-4F26-85A0-A9F1598A2464}
[2012/06/28 08:12:27 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{90D7FA5E-3F13-4AD5-8E68-E2E57132D4FC}
[2012/06/28 08:12:15 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{F02D5398-6358-446F-9183-5AFF279E3EA0}
[2012/06/24 10:28:06 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{B007AED8-9FDE-447D-8105-B97995FAFAF6}
[2012/06/24 10:27:56 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{32A051E5-1D36-4845-BAFA-3631A3BD1FE9}
[2012/06/20 07:51:36 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{B150A580-6E2C-40FD-AFD2-D7A9A9DD053D}
[2012/06/20 07:51:26 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{73FFEF58-691C-4583-BFCA-DCC8A256B12B}
[2012/06/19 18:08:00 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{2D9486DD-CBA3-4038-813A-1B330E877B37}
[2012/06/19 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{E4B050CB-08E8-4C4B-96C6-46A4C4C2DD6E}
[2012/06/17 15:47:29 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{085256D8-2D7F-4FD6-B480-6E32CBD40184}
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BD3317DE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D1F691A
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0

:Files
C:\Program Files\rkfree
C:\Program Files\Rising
C:\Program Files\AthTek Kelogger
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

 

Step 3

I'd like you to do an ESET OnlineScan

 

You may find it beneficial to close your resident AV program before running the scan.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
     
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
     
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

    [*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked

    [*]Click the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

    Include the contents of this report in your next reply.

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

Note:

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

 

Enable Anti-Stealth technology

 

http://img.photobucket.com/albums/v708/starbuck50/eset.png

 

 

 

In your next reply, please submit:

Otl fix report

Eset Scan report.

 

Thanks

Edited by Starbuck

Member of:

UNITE

guypea Newbie

guypea

Posted
  • Author
Posted

i ran eset - twice - and it didnt produce a report either time. looked in C:\Program Files\ESET\ESET Online Scanner\log.txt and nothing there. it did get rid of some stuff tho, and put others into quarantine, which is all good :)

 

otl..

 

All processes killed

========== OTL ==========

No active process named RsMgrSvc.exe was found!

No active process named popwndexe.exe was found!

Service ACDaemon stopped successfully!

Service ACDaemon deleted successfully!

File C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found not found.

Error: No service named 0276671207382884mcinstcleanup) McAfee Application Installer Cleanup (0276671207382884 was found to stop!

Service\Driver key 0276671207382884mcinstcleanup) McAfee Application Installer Cleanup (0276671207382884 not found.

File C:\Users\Guy\AppData\Local\Temp\027667~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found not found.

Error: No service named RsMgrSvc was found to stop!

Service\Driver key RsMgrSvc not found.

File C:\Program Files\Rising\RSD\RsMgrSvc.exe not found.

Service AntiVirSchedulerService stopped successfully!

Service AntiVirSchedulerService deleted successfully!

File move failed. C:\Program Files\Avira\AntiVir Desktop\sched.exe scheduled to be moved on reboot.

Service AntiVirService stopped successfully!

Service AntiVirService deleted successfully!

File move failed. C:\Program Files\Avira\AntiVir Desktop\avguard.exe scheduled to be moved on reboot.

Error: No service named rsdsys was found to stop!

Service\Driver key rsdsys not found.

File C:\Windows\System32\drivers\protreg.sys not found.

Service avipbb stopped successfully!

Service avipbb deleted successfully!

C:\Windows\System32\drivers\avipbb.sys moved successfully.

Error: Unable to stop service avgntflt!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt deleted successfully.

C:\Windows\System32\drivers\avgntflt.sys moved successfully.

Service ssmdrv stopped successfully!

Service ssmdrv deleted successfully!

C:\Windows\System32\drivers\ssmdrv.sys moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nngad.co.uk\citrixwi\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\northcliffemedia.co.uk\ras\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ssnremote.co.uk\ deleted successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\Windows\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\rkfree\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\avgnt\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NokiaMServer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\iSafeCW\ deleted successfully.

C:\Users\Guy\rkfree_setup.exe moved successfully.

C:\Users\Guy\AppData\Local\{2886BEAB-A010-42FA-BB52-E126BCCDBE2E} folder moved successfully.

C:\Users\Guy\AppData\Local\{523F129D-BB2F-403E-94E6-3FFBBF619C0E} folder moved successfully.

C:\Users\Guy\AppData\Local\{05361BB8-1456-41AC-A956-4EE1901F0639} folder moved successfully.

C:\Users\Guy\AppData\Local\{8D7689D6-84E9-48D5-B113-25D451442235} folder moved successfully.

C:\Users\Guy\AppData\Local\{C2F533CB-9FAC-4817-95FB-D07559DF3845} folder moved successfully.

C:\Users\Guy\AppData\Local\{E51164AE-0803-41F9-A763-DD28C853298D} folder moved successfully.

C:\Users\Guy\AppData\Local\{BD443AD0-351F-4E12-88D6-C095DD4E312E} folder moved successfully.

C:\Users\Guy\AppData\Local\{9D35B0A4-9C23-4750-9CD6-0207A271FF13} folder moved successfully.

C:\Users\Guy\AppData\Local\{969F9EBB-CECA-4F73-8F53-5DA3A085DD8B} folder moved successfully.

C:\Users\Guy\AppData\Local\{99C3D29D-2A7C-44C5-B769-7CB312CF9AB8} folder moved successfully.

C:\Users\Guy\AppData\Local\{1CAFE556-D5E5-4651-993F-44BD1D0041FC} folder moved successfully.

C:\Users\Guy\AppData\Local\{6D222620-8FF7-4EC5-9D04-8E303CE8517D} folder moved successfully.

C:\Users\Guy\AppData\Local\{FCEEB59E-BCBA-4D07-9794-0938729B52F9} folder moved successfully.

C:\Users\Guy\AppData\Local\{24DD5A57-53CF-4E4D-B360-D0657E832586} folder moved successfully.

C:\Users\Guy\AppData\Local\{A34536FF-7FBC-461A-B4D4-58EE627EC5B1} folder moved successfully.

C:\Users\Guy\AppData\Local\{8970D7DD-5FC6-4729-B91F-7F12A68AB35B} folder moved successfully.

C:\Users\Guy\AppData\Local\{7FB85325-5550-415F-958C-72665412F469} folder moved successfully.

C:\Users\Guy\AppData\Local\{7F1F375B-6167-4F58-885D-ED44CEA94621} folder moved successfully.

C:\Users\Guy\AppData\Local\{F69543C6-F6A3-4215-BC3D-BBC1DA1788F4} folder moved successfully.

C:\Users\Guy\AppData\Local\{B529E0CB-348E-4F26-85A0-A9F1598A2464} folder moved successfully.

C:\Users\Guy\AppData\Local\{90D7FA5E-3F13-4AD5-8E68-E2E57132D4FC} folder moved successfully.

C:\Users\Guy\AppData\Local\{F02D5398-6358-446F-9183-5AFF279E3EA0} folder moved successfully.

C:\Users\Guy\AppData\Local\{B007AED8-9FDE-447D-8105-B97995FAFAF6} folder moved successfully.

C:\Users\Guy\AppData\Local\{32A051E5-1D36-4845-BAFA-3631A3BD1FE9} folder moved successfully.

C:\Users\Guy\AppData\Local\{B150A580-6E2C-40FD-AFD2-D7A9A9DD053D} folder moved successfully.

C:\Users\Guy\AppData\Local\{73FFEF58-691C-4583-BFCA-DCC8A256B12B} folder moved successfully.

C:\Users\Guy\AppData\Local\{2D9486DD-CBA3-4038-813A-1B330E877B37} folder moved successfully.

C:\Users\Guy\AppData\Local\{E4B050CB-08E8-4C4B-96C6-46A4C4C2DD6E} folder moved successfully.

C:\Users\Guy\AppData\Local\{085256D8-2D7F-4FD6-B480-6E32CBD40184} folder moved successfully.

ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.

ADS C:\ProgramData\TEMP:BD3317DE deleted successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

ADS C:\ProgramData\TEMP:2D1F691A deleted successfully.

ADS C:\ProgramData\TEMP:F5FEB7C0 deleted successfully.

========== FILES ==========

C:\Program Files\rkfree folder moved successfully.

C:\Program Files\Rising folder moved successfully.

C:\Program Files\AthTek Kelogger\Skin folder moved successfully.

C:\Program Files\AthTek Kelogger\Log\Pic folder moved successfully.

C:\Program Files\AthTek Kelogger\Log folder moved successfully.

C:\Program Files\AthTek Kelogger folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Guy\Desktop\cmd.bat deleted successfully.

C:\Users\Guy\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Guy

->Temp folder emptied: 50799979 bytes

->Java cache emptied: 4165667 bytes

->Google Chrome cache emptied: 401300434 bytes

->Flash cache emptied: 8804783 bytes

 

User: IUSR_NMPR

->Temp folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 615222 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 444.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.53.1 log created on 07182012_083542

 

 

Files\Folders moved on Reboot...

C:\Program Files\Avira\AntiVir Desktop\sched.exe moved successfully.

C:\Program Files\Avira\AntiVir Desktop\avguard.exe moved successfully.

File\Folder C:\Windows\temp\TMP000000017BE988BCB22982D1 not found!

 

 

PendingFileRenameOperations files...

File C:\Program Files\Avira\AntiVir Desktop\sched.exe not found!

File C:\Program Files\Avira\AntiVir Desktop\avguard.exe not found!

File C:\Windows\temp\TMP000000017BE988BCB22982D1 not found!

 

 

Registry entries deleted on Reboot...

guypea Newbie

guypea

Posted
  • Author
Posted

ahh here's the second one...

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=639e7b574f45074db16aa8bfbde0ceee

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-18 11:59:07

# local_time=2012-07-18 12:59:07 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 37757094 37757094 0 0

# compatibility_mode=5121 16777214 0 3 135201622 135201622 0 0

# compatibility_mode=5892 16776574 100 100 33098481 180140541 0 0

# compatibility_mode=8192 67108863 100 0 10299 10299 0 0

# scanned=222578

# found=0

# cleaned=0

# scan_time=4933

Starbuck Newbie

Starbuck

Posted
Posted

Hi guypea,

 

Reports look good.

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 5".
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • select 'Windows x86'offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    .
    Java™ 6 Update 31
    .
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586-p.exe to install the newest version.

 

How is the system running now?

Member of:

UNITE

guypea Newbie

guypea

Posted
  • Author
Posted
still an unexplained delay on startup, where the whole comp kind of freezes for about 2 minutes. and 'processes' heard in the background, but running generally ok
Starbuck Newbie

Starbuck

Posted
Posted

Hi guypea

 

This problem may not be malware related, but let's take a very in depth look.

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
    Vista/Win7 users should right click on the icon and select Run as Administrator.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...