HELPREQUIRED Posted September 10, 2012 Posted September 10, 2012 Hi am completely stuck, I have just yesterday installed avg free on my netbook as my norton ran out. I turned my computer on today and kept getting warnings from Live security platinum and i just knew it was a virus so i uninstalled it (i don't know how it got there) and it wouldn't go away i looked everywhere and everywhere i found it i deleted it and restarted my computer. The live security thing seems to have gone but i keep getting Trojan horse Agent_r.BLB warnings from avg telling me i am at risk also i have had a warning for on_demand_detection_text. I have run a malwarebytes scan (for 6 1/2 hours!) and removed threat that it found and restarted my computer but how can i be sure it is gone? I haven't got a clue what i am looking for and with the detection text thing i am really wary about doing anything on here right now. Any help will be much appreciated thanks in advance Quote
KenB Posted September 10, 2012 Posted September 10, 2012 Hi and welcome to ExTS Until one of our security experts gets to you .... please post the log that MBAM produced. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
HELPREQUIRED Posted September 11, 2012 Author Posted September 11, 2012 Thank you :) Malwarebytes Anti-Malware 1.62.0.1300 http://www.malwarebytes.org Database version: v2012.09.10.05 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Laura's :: LAURAS-PC [administrator] 10/09/2012 17:57:43 mbam-log-2012-09-10 (17-57-43).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 340840 Time elapsed: 6 hour(s), 21 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\n.) Good: (shell32.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\ProgramData\036DFF8A193337C7D88A69B84F147CE7\036DFF8A193337C7D88A69B84F147CE7.exe (Trojan.LameShield) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\n (Trojan.Siredef) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\Users\Laura's\AppData\Local\Temp\msimg32.dll (Trojan.Siredef) -> Quarantined and deleted successfully. C:\Users\Laura's\AppData\Local\Temp\~!#807D.tmp (Spyware.Password) -> Quarantined and deleted successfully. C:\Users\Laura's\AppData\Local\Temp\~!#7075.tmp (Trojan.Siredef) -> Quarantined and deleted successfully. C:\Users\Laura's\AppData\Local\Temp\tsft.exe (Trojan.Delf) -> Quarantined and deleted successfully. C:\Users\Laura's\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\74606911-6440cf86 (Trojan.Delf) -> Quarantined and deleted successfully. C:\Users\Laura's\Desktop\7ZipSetup.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully. (end) Quote
HELPREQUIRED Posted September 11, 2012 Author Posted September 11, 2012 OTL scan results:OTL logfile created on: 9/11/2012 5:26:57 PM - Run 1OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Laura's\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.30 Mb Total Physical Memory | 402.12 Mb Available Physical Memory | 39.68% Memory free 1.99 Gb Paging File | 0.88 Gb Available in Paging File | 44.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 52.00 Gb Total Space | 24.12 Gb Free Space | 46.39% Space Free | Partition Type: NTFS Drive D: | 76.95 Gb Total Space | 38.08 Gb Free Space | 49.49% Space Free | Partition Type: NTFS Computer Name: LAURAS-PC | User Name: Laura's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Laura's\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe (Facebook) PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe () PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\libcef.dll () MOD - C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\CefSharp.WinForms.dll () MOD - C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\CefSharp.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe () MOD - C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Win32 Services (SafeList) ========== SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (RapportCerberus_42020) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys () DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120602.009\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120602.009\NAVENG.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20120601.001\IDSvix86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120517.001\BHDrvx86.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys (Symantec Corporation) DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys (Symantec Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys (Symantec Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=050412_30b&babsrc=SP_ss&mntrId=06880b7c000000000000e839dff4c547 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8138FC44-0C71-411E-81B6-F383F321D156}&mid=676ad4082ca747d0ba7dd16d123eae78-45c44ff189653c5ef845e2ef3c01d18c920e501e&lang=en&ds=AVG&pr=pr&d=2012-09-09 18:53:39&v=12.2.5.4&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Users\Laura's\Desktop\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Laura's\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Laura's\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2012/04/10 13:31:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2012/09/11 16:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/16 11:13:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.4\ [2012/09/09 18:54:01 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.co.uk/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.co.uk/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Laura's\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Users\Laura's\Desktop\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Secure Search = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.4_0\ CHR - Extension: Gmail = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Facebook Update] C:\Users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6A9D2E-77E5-4E94-89C2-53B310FCC1C3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5DFE1C9-7471-4C24-A3A5-EB040D3097B5}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/11 16:49:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Laura's\Desktop\OTL.exe [2012/09/11 16:21:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/09/10 17:55:06 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\Malwarebytes [2012/09/10 17:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/10 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/10 17:43:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/09/10 17:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/10 17:42:38 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Laura's\Desktop\FixExec.exe [2012/09/10 17:37:25 | 010,651,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laura's\Desktop\mbam-setup.exe [2012/09/10 16:06:49 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012/09/09 18:59:10 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\AVG2013 [2012/09/09 18:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/09/09 18:54:11 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\AVG Secure Search [2012/09/09 18:54:08 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\TuneUp Software [2012/09/09 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/09/09 18:53:27 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012/09/09 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/09/09 18:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012/09/09 18:50:35 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/09/09 18:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/09/09 18:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/09/09 18:41:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/09/09 18:41:23 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\MFAData [2012/09/09 18:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/09/09 18:41:23 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\Avg2013 [2012/09/09 18:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8A193337C7D88A69B84F147CE7 [2012/09/09 18:04:04 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\Vofuqo [2012/09/07 21:58:51 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012/09/07 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\{FE9BD7C6-A7FF-4D61-A629-7E5BB083539B} [2012/09/02 18:01:13 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\Bingoliner [2012/08/19 23:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/08/19 23:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/08/18 17:44:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/08/18 17:44:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/08/18 17:44:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012/08/18 17:44:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/08/18 17:44:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012/08/18 17:43:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/08/18 17:43:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012/08/15 10:39:13 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll [2012/08/15 10:39:10 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/08/15 10:39:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll [2012/08/13 16:40:54 | 000,176,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\windows\System32\drivers\avgidsdriverx.sys ========== Files - Modified Within 30 Days ========== [2012/09/11 17:24:36 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/09/11 17:24:08 | 000,000,934 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job [2012/09/11 17:23:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/11 17:06:09 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job [2012/09/11 16:49:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laura's\Desktop\OTL.exe [2012/09/11 16:34:44 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/11 16:34:44 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/11 16:09:21 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys [2012/09/10 20:16:20 | 000,000,912 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job [2012/09/10 17:43:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/10 17:42:34 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Laura's\Desktop\FixExec.exe [2012/09/10 17:33:38 | 010,651,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laura's\Desktop\mbam-setup.exe [2012/09/10 16:29:25 | 000,628,460 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/09/10 16:29:25 | 000,110,612 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/09/09 18:54:12 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/09/09 18:53:27 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012/09/09 13:06:50 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job [2012/09/07 21:58:54 | 000,001,280 | ---- | M] () -- C:\Users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012/08/19 23:18:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/08/19 13:25:37 | 000,332,840 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/08/15 12:24:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012/08/15 12:24:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012/08/13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\windows\System32\drivers\avgidsdriverx.sys ========== Files Created - No Company Name ========== [2012/09/10 17:43:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/09 18:54:10 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/08/19 23:18:35 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/06/17 18:13:33 | 000,005,632 | ---- | C] () -- C:\Users\Laura's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/08 20:01:45 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012/04/05 13:30:44 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012/09/09 18:59:10 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\AVG2013 [2012/04/16 23:01:11 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\Babylon [2012/07/26 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\funkitron [2012/06/17 21:20:03 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\Research In Motion [2012/07/16 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\Spotify [2012/09/09 18:54:08 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\TuneUp Software [2012/09/09 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\Vofuqo [2012/06/01 20:24:21 | 000,000,000 | ---D | M] -- C:\Users\Laura's\AppData\Roaming\Windows Live Writer [2012/09/10 20:16:20 | 000,000,912 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job [2012/09/11 17:24:08 | 000,000,934 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job [2009/07/14 06:53:46 | 000,030,642 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: SAMSUNG HM160HI Partitions: 4 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 20.00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 0.00GB Starting Offset: 21475885056 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 52.00GB Starting Offset: 21580742656 Hidden sectors: 0 DeviceID: Disk #0, Partition #3 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 77.00GB Starting Offset: 77415317504 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2012/09/11 16:09:21 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys [2012/09/11 16:09:20 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys [2010/08/16 10:03:54 | 000,002,047 | ---- | M] () -- C:\RHDSetup.log [2010/08/16 10:24:59 | 000,000,166 | ---- | M] () -- C:\Setup.log [2012/06/16 16:02:53 | 000,003,030 | ---- | M] () -- C:\user.js < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\windows\system32\Spool\prtprocs\w32x86\CNMPD9X.DLL [2010/04/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\windows\system32\Spool\prtprocs\w32x86\CNMPP9X.DLL [2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\winprint.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/09 12:11:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/09 12:11:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/09 12:11:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Laura's\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/09 12:11:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/09 12:11:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/09 12:11:26 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6FB93194 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2430E4FC @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8530A643 < End of report > Quote
HELPREQUIRED Posted September 11, 2012 Author Posted September 11, 2012 OTL EXTRAS results: OTL Extras logfile created on: 9/11/2012 5:26:57 PM - Run 1OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Laura's\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.30 Mb Total Physical Memory | 402.12 Mb Available Physical Memory | 39.68% Memory free 1.99 Gb Paging File | 0.88 Gb Available in Paging File | 44.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 52.00 Gb Total Space | 24.12 Gb Free Space | 46.39% Space Free | Partition Type: NTFS Drive D: | 76.95 Gb Total Space | 38.08 Gb Free Space | 49.49% Space Free | Partition Type: NTFS Computer Name: LAURAS-PC | User Name: Laura's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Users\Laura's\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Users\Laura's\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10661553-EBFD-4836-95FD-7F876050A9B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{22910718-8822-4EF7-BAFE-FD66EBC97F8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{28F5C2E3-AFD5-48B8-8F7A-FC2B34DB7304}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{2A3810C0-1E48-4A5D-9521-6E6FEA2860D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{359B1401-27E3-4D02-8412-EB9A025805C3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{425DEB7F-D45B-4AB9-BA9D-5DE250ECDFB3}" = lport=2869 | protocol=6 | dir=in | app=system | "{6D382758-3780-4872-9C59-DC8886F96E20}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{8B60D901-358E-48F5-8744-53703340E034}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{B8219107-C6C3-4711-829C-D88CD759F518}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{B82BEF7E-97E7-419C-A263-30F3C19217A4}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{BE853CEC-545F-4A2D-A6C1-B8470B9AD92B}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{CE4AB45A-F64B-4276-A844-11AEC3B4B93E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{42AC299D-BD3E-4735-BC05-6F8020B5CBCA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{4A823058-7F31-4534-9633-A25B58B40FC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{533640B0-1DAE-46DA-92D1-75BF3579819A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{57367B5F-2A4C-4B11-9C1E-4ED245EEF702}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{629F122E-1A43-4808-AA73-632CD40325D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{6D812403-902B-4455-A314-12E12D7B603D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{7A537CF1-F70C-4B38-AB18-F59CCEE7AE58}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{7E0FD23A-087C-4BA3-A51B-FD675ADB1CCF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{8DE9A2BE-452D-4670-AC12-91DAEC790DA0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8DF8AC94-E12B-4766-8644-DE5368CEBAD3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{9F26CB2B-CC83-4A2C-94C5-0DDE2854C376}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{9F5612A7-9ADC-47D1-A3D0-45C726283BDD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{A396AE11-53BB-4A63-80E8-380929185CC2}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{B4EAFBD1-067B-4B55-8EA4-CE19F1867F66}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{BBBFC7FF-7241-4DA1-AD99-E7AB119AF027}" = dir=in | app=c:\program files\itunes\itunes.exe | "{BE02BDB0-B552-4135-BD36-D485FD765F4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{D726D55A-76AE-4634-9D77-A624C5720BE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DA550689-5E0B-47C0-9ED7-173C913FD859}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{EDAB24CF-FAA5-497D-B4DF-0F4CB5BD81AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{F663A46F-1424-46A1-8F71-E59CBA204955}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{F99FEE9D-3F1D-46BC-A9A0-E66DA66BF5E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "TCP Query User{2C363B4E-1AEA-49FD-8498-08FEBE005D58}C:\users\laura's\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\laura's\appdata\roaming\spotify\spotify.exe | "TCP Query User{301FD775-81B7-45ED-8E6D-3F0DBA62CEAA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{61A81C16-C92E-4B70-A1EE-42DB27DB6C46}C:\users\laura's\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\laura's\appdata\roaming\spotify\spotify.exe | "UDP Query User{D33C20BA-6787-45DC-93E9-78C845C00754}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1234C1F4-603F-4C34-8796-3544CF8A83F5}" = Facebook Messenger 2.1.4631.0 "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{23697393-E392-4FFA-B8EF-193B5569C0B2}" = AVG 2013 "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender "{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DE2E198-17B2-4E2D-A884-1603CD32FD38}" = AVG 2013 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AVG" = AVG 2013 "BabylonToolbar" = Babylon toolbar on IE "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1 "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "CCleaner" = CCleaner "Easy Media Player" = Easy Media Player 1.1.12 "Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NIS" = Norton Internet Security "Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PKR" = PKR "Rapport_msi" = Rapport "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/9/2012 7:33:00 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6194 Error - 9/9/2012 7:33:00 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6194 Error - 9/9/2012 7:33:01 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 9/9/2012 7:33:01 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7613 Error - 9/9/2012 7:33:01 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7613 Error - 9/9/2012 7:33:03 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 9/9/2012 7:33:03 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9017 Error - 9/9/2012 7:33:03 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9017 Error - 9/9/2012 7:33:05 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 9/9/2012 7:33:05 AM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10874 [ System Events ] Error - 9/2/2012 5:47:06 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 9/3/2012 10:20:55 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 9/3/2012 3:58:14 PM | Computer Name = Lauras-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 9/3/2012 4:10:26 PM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/4/2012 2:17:12 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 9/4/2012 3:10:27 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/4/2012 3:04:25 PM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/6/2012 9:44:21 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/7/2012 6:29:47 AM | Computer Name = Lauras-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 9/7/2012 3:55:52 PM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. < End of report > Quote
KenB Posted September 11, 2012 Posted September 11, 2012 Thanks for the OTL results - one of our security experts should get to you soon :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted September 11, 2012 Posted September 11, 2012 Hi HELPREQUIRED Step 1 It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Therefore please go to add/remove in the control panel and remove either Norton Internet Security or AVG 2013. Step 2 Download TDSSKiller and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then on Start Scan. Vista/Win7 users should right-click and select Run As Administrator. http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png If an infected file is detected, the default action will be Cure, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png If a suspicious file is detected, the default action will be Skip, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png It may ask you to reboot the computer to complete the process. Click on Reboot Now. http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply. Note: If Cure is not available, please choose Skip instead, do not choose Delete In your next reply, please submit: TDSSKiller report. Thanks Quote Member of:UNITE
HELPREQUIRED Posted September 11, 2012 Author Posted September 11, 2012 Thank you so much i will do that now Quote
HELPREQUIRED Posted September 11, 2012 Author Posted September 11, 2012 Hi here it is says nothing was found does that mean it is clear now? :) 20:48:52.0717 5032 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 20:48:53.0607 5032 ============================================================ 20:48:53.0607 5032 Current date / time: 2012/09/11 20:48:53.0607 20:48:53.0607 5032 SystemInfo: 20:48:53.0607 5032 20:48:53.0607 5032 OS Version: 6.1.7600 ServicePack: 0.0 20:48:53.0607 5032 Product type: Workstation 20:48:53.0607 5032 ComputerName: LAURAS-PC 20:48:53.0607 5032 UserName: Laura's 20:48:53.0607 5032 Windows directory: C:\windows 20:48:53.0607 5032 System windows directory: C:\windows 20:48:53.0607 5032 Processor architecture: Intel x86 20:48:53.0607 5032 Number of processors: 2 20:48:53.0607 5032 Page size: 0x1000 20:48:53.0607 5032 Boot type: Normal boot 20:48:53.0607 5032 ============================================================ 20:48:55.0822 5032 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:48:55.0837 5032 ============================================================ 20:48:55.0837 5032 \Device\Harddisk0\DR0: 20:48:55.0837 5032 MBR partitions: 20:48:55.0837 5032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000 20:48:55.0837 5032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x6800000 20:48:55.0869 5032 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9033000, BlocksNum 0x99E6000 20:48:55.0869 5032 ============================================================ 20:48:55.0931 5032 C: <-> \Device\Harddisk0\DR0\Partition2 20:48:56.0009 5032 D: <-> \Device\Harddisk0\DR0\Partition3 20:48:56.0009 5032 ============================================================ 20:48:56.0009 5032 Initialize success 20:48:56.0009 5032 ============================================================ 20:48:58.0759 2588 ============================================================ 20:48:58.0759 2588 Scan started 20:48:58.0759 2588 Mode: Manual; 20:48:58.0759 2588 ============================================================ 20:48:59.0242 2588 ================ Scan system memory ======================== 20:48:59.0242 2588 System memory - ok 20:48:59.0258 2588 ================ Scan services ============================= 20:48:59.0601 2588 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys 20:48:59.0617 2588 1394ohci - ok 20:48:59.0679 2588 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys 20:48:59.0679 2588 ACPI - ok 20:48:59.0741 2588 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys 20:48:59.0741 2588 AcpiPmi - ok 20:48:59.0929 2588 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 20:48:59.0929 2588 AdobeARMservice - ok 20:49:00.0069 2588 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:49:00.0069 2588 AdobeFlashPlayerUpdateSvc - ok 20:49:00.0194 2588 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 20:49:00.0209 2588 adp94xx - ok 20:49:00.0272 2588 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 20:49:00.0287 2588 adpahci - ok 20:49:00.0334 2588 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 20:49:00.0350 2588 adpu320 - ok 20:49:00.0412 2588 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 20:49:00.0412 2588 AeLookupSvc - ok 20:49:00.0490 2588 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys 20:49:00.0490 2588 AFD - ok 20:49:00.0537 2588 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys 20:49:00.0537 2588 agp440 - ok 20:49:00.0615 2588 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys 20:49:00.0615 2588 aic78xx - ok 20:49:00.0693 2588 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe 20:49:00.0693 2588 ALG - ok 20:49:00.0724 2588 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys 20:49:00.0724 2588 aliide - ok 20:49:00.0771 2588 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys 20:49:00.0787 2588 amdagp - ok 20:49:00.0818 2588 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys 20:49:00.0818 2588 amdide - ok 20:49:00.0833 2588 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 20:49:00.0849 2588 AmdK8 - ok 20:49:00.0865 2588 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 20:49:00.0880 2588 AmdPPM - ok 20:49:00.0927 2588 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\windows\system32\drivers\amdsata.sys 20:49:00.0943 2588 amdsata - ok 20:49:00.0989 2588 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 20:49:01.0005 2588 amdsbs - ok 20:49:01.0052 2588 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\windows\system32\drivers\amdxata.sys 20:49:01.0052 2588 amdxata - ok 20:49:01.0099 2588 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys 20:49:01.0099 2588 AppID - ok 20:49:01.0145 2588 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll 20:49:01.0145 2588 AppIDSvc - ok 20:49:01.0177 2588 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll 20:49:01.0192 2588 Appinfo - ok 20:49:01.0301 2588 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:49:01.0317 2588 Apple Mobile Device - ok 20:49:01.0348 2588 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys 20:49:01.0364 2588 arc - ok 20:49:01.0395 2588 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 20:49:01.0411 2588 arcsas - ok 20:49:01.0442 2588 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 20:49:01.0442 2588 AsyncMac - ok 20:49:01.0489 2588 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys 20:49:01.0489 2588 atapi - ok 20:49:01.0613 2588 [ EE32C0A39B6D3D0834C4D46D8C45E1D0 ] athr C:\windows\system32\DRIVERS\athr.sys 20:49:01.0660 2588 athr - ok 20:49:01.0723 2588 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 20:49:01.0738 2588 AudioEndpointBuilder - ok 20:49:01.0785 2588 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll 20:49:01.0801 2588 Audiosrv - ok 20:49:02.0253 2588 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe 20:49:02.0409 2588 AVGIDSAgent - ok 20:49:02.0471 2588 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys 20:49:02.0487 2588 AVGIDSDriver - ok 20:49:02.0518 2588 [ 2667A345903A2EA0C1D827F86853E417 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys 20:49:02.0518 2588 AVGIDSHX - ok 20:49:02.0565 2588 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys 20:49:02.0565 2588 AVGIDSShim - ok 20:49:02.0627 2588 [ F0D3E3192F3B05E3A19C87DFDC320B50 ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys 20:49:02.0643 2588 Avgldx86 - ok 20:49:02.0721 2588 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\windows\system32\DRIVERS\avglogx.sys 20:49:02.0737 2588 Avglogx - ok 20:49:02.0768 2588 [ 3CDFD206BFE274A304D6373CD9E38F44 ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys 20:49:02.0768 2588 Avgmfx86 - ok 20:49:02.0830 2588 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys 20:49:02.0830 2588 Avgrkx86 - ok 20:49:02.0861 2588 [ B303F5E756C42DB96EA416FD0D2FF519 ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys 20:49:02.0877 2588 Avgtdix - ok 20:49:02.0924 2588 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\windows\system32\drivers\avgtpx86.sys 20:49:02.0924 2588 avgtp - ok 20:49:03.0080 2588 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe 20:49:03.0095 2588 avgwd - ok 20:49:03.0158 2588 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll 20:49:03.0173 2588 AxInstSV - ok 20:49:03.0251 2588 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys 20:49:03.0267 2588 b06bdrv - ok 20:49:03.0329 2588 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys 20:49:03.0329 2588 b57nd60x - ok 20:49:03.0470 2588 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe 20:49:03.0485 2588 BBSvc - ok 20:49:03.0517 2588 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe 20:49:03.0548 2588 BBUpdate - ok 20:49:03.0610 2588 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll 20:49:03.0610 2588 BDESVC - ok 20:49:03.0641 2588 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys 20:49:03.0641 2588 Beep - ok 20:49:03.0719 2588 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll 20:49:03.0735 2588 BFE - ok 20:49:03.0829 2588 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\System32\qmgr.dll 20:49:03.0860 2588 BITS - ok 20:49:03.0891 2588 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 20:49:03.0891 2588 blbdrive - ok 20:49:04.0063 2588 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:49:04.0078 2588 Bonjour Service - ok 20:49:04.0172 2588 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys 20:49:04.0187 2588 bowser - ok 20:49:04.0219 2588 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 20:49:04.0234 2588 BrFiltLo - ok 20:49:04.0265 2588 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 20:49:04.0281 2588 BrFiltUp - ok 20:49:04.0359 2588 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\windows\System32\browser.dll 20:49:04.0359 2588 Browser - ok 20:49:04.0437 2588 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys 20:49:04.0437 2588 Brserid - ok 20:49:04.0484 2588 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 20:49:04.0484 2588 BrSerWdm - ok 20:49:04.0515 2588 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 20:49:04.0515 2588 BrUsbMdm - ok 20:49:04.0546 2588 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 20:49:04.0546 2588 BrUsbSer - ok 20:49:04.0624 2588 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 20:49:04.0624 2588 BthEnum - ok 20:49:04.0655 2588 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 20:49:04.0655 2588 BTHMODEM - ok 20:49:04.0718 2588 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 20:49:04.0733 2588 BthPan - ok 20:49:04.0811 2588 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 20:49:04.0827 2588 BTHPORT - ok 20:49:04.0889 2588 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll 20:49:04.0905 2588 bthserv - ok 20:49:04.0953 2588 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 20:49:04.0953 2588 BTHUSB - ok 20:49:05.0000 2588 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 20:49:05.0000 2588 cdfs - ok 20:49:05.0062 2588 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 20:49:05.0078 2588 cdrom - ok 20:49:05.0109 2588 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll 20:49:05.0124 2588 CertPropSvc - ok 20:49:05.0156 2588 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys 20:49:05.0156 2588 circlass - ok 20:49:05.0202 2588 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys 20:49:05.0218 2588 CLFS - ok 20:49:05.0312 2588 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:49:05.0312 2588 clr_optimization_v2.0.50727_32 - ok 20:49:05.0452 2588 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:49:05.0452 2588 clr_optimization_v4.0.30319_32 - ok 20:49:05.0499 2588 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 20:49:05.0499 2588 CmBatt - ok 20:49:05.0546 2588 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys 20:49:05.0546 2588 cmdide - ok 20:49:05.0624 2588 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\windows\system32\Drivers\cng.sys 20:49:05.0624 2588 CNG - ok 20:49:05.0655 2588 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 20:49:05.0670 2588 Compbatt - ok 20:49:05.0717 2588 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 20:49:05.0733 2588 CompositeBus - ok 20:49:05.0795 2588 COMSysApp - ok 20:49:05.0842 2588 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 20:49:05.0842 2588 crcdisk - ok 20:49:05.0936 2588 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\windows\system32\cryptsvc.dll 20:49:05.0951 2588 CryptSvc - ok 20:49:06.0029 2588 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll 20:49:06.0060 2588 DcomLaunch - ok 20:49:06.0107 2588 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll 20:49:06.0123 2588 defragsvc - ok 20:49:06.0185 2588 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys 20:49:06.0185 2588 DfsC - ok 20:49:06.0263 2588 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll 20:49:06.0263 2588 Dhcp - ok 20:49:06.0310 2588 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys 20:49:06.0326 2588 discache - ok 20:49:06.0388 2588 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys 20:49:06.0388 2588 Disk - ok 20:49:06.0466 2588 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll 20:49:06.0482 2588 Dnscache - ok 20:49:06.0528 2588 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll 20:49:06.0544 2588 dot3svc - ok 20:49:06.0606 2588 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll 20:49:06.0606 2588 DPS - ok 20:49:06.0653 2588 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 20:49:06.0653 2588 drmkaud - ok 20:49:06.0747 2588 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 20:49:06.0762 2588 DXGKrnl - ok 20:49:06.0825 2588 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll 20:49:06.0840 2588 EapHost - ok 20:49:07.0074 2588 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys 20:49:07.0152 2588 ebdrv - ok 20:49:07.0215 2588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe 20:49:07.0215 2588 EFS - ok 20:49:07.0324 2588 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 20:49:07.0324 2588 elxstor - ok 20:49:07.0371 2588 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys 20:49:07.0371 2588 ErrDev - ok 20:49:07.0464 2588 [ DF4F000CFC05DEC947D928A8F3ADCD7A ] ETD C:\windows\system32\DRIVERS\ETD.sys 20:49:07.0464 2588 ETD - ok 20:49:07.0558 2588 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll 20:49:07.0558 2588 EventSystem - ok 20:49:07.0589 2588 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys 20:49:07.0605 2588 exfat - ok 20:49:07.0652 2588 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys 20:49:07.0683 2588 fastfat - ok 20:49:07.0745 2588 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe 20:49:07.0776 2588 Fax - ok 20:49:07.0854 2588 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys 20:49:07.0854 2588 fdc - ok 20:49:07.0901 2588 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll 20:49:07.0901 2588 fdPHost - ok 20:49:07.0932 2588 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll 20:49:07.0948 2588 FDResPub - ok 20:49:07.0979 2588 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 20:49:07.0995 2588 FileInfo - ok 20:49:08.0026 2588 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys 20:49:08.0026 2588 Filetrace - ok 20:49:08.0057 2588 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 20:49:08.0073 2588 flpydisk - ok 20:49:08.0104 2588 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 20:49:08.0120 2588 FltMgr - ok 20:49:08.0198 2588 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\windows\system32\FntCache.dll 20:49:08.0213 2588 FontCache - ok 20:49:08.0338 2588 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:49:08.0354 2588 FontCache3.0.0.0 - ok 20:49:08.0385 2588 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys 20:49:08.0400 2588 FsDepends - ok 20:49:08.0494 2588 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys 20:49:08.0494 2588 fssfltr - ok 20:49:08.0634 2588 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 20:49:08.0666 2588 fsssvc - ok 20:49:08.0728 2588 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 20:49:08.0744 2588 Fs_Rec - ok 20:49:08.0806 2588 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 20:49:08.0822 2588 fvevol - ok 20:49:08.0900 2588 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 20:49:08.0900 2588 gagp30kx - ok 20:49:08.0962 2588 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 20:49:08.0962 2588 GEARAspiWDM - ok 20:49:09.0071 2588 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll 20:49:09.0118 2588 gpsvc - ok 20:49:09.0149 2588 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 20:49:09.0165 2588 hcw85cir - ok 20:49:09.0212 2588 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 20:49:09.0227 2588 HdAudAddService - ok 20:49:09.0258 2588 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 20:49:09.0274 2588 HDAudBus - ok 20:49:09.0321 2588 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 20:49:09.0321 2588 HidBatt - ok 20:49:09.0368 2588 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 20:49:09.0383 2588 HidBth - ok 20:49:09.0430 2588 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys 20:49:09.0430 2588 HidIr - ok 20:49:09.0477 2588 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll 20:49:09.0492 2588 hidserv - ok 20:49:09.0539 2588 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 20:49:09.0539 2588 HidUsb - ok 20:49:09.0633 2588 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll 20:49:09.0648 2588 hkmsvc - ok 20:49:09.0680 2588 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll 20:49:09.0695 2588 HomeGroupListener - ok 20:49:09.0742 2588 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll 20:49:09.0758 2588 HomeGroupProvider - ok 20:49:09.0804 2588 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys 20:49:09.0804 2588 HpSAMD - ok 20:49:09.0914 2588 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys 20:49:09.0945 2588 HTTP - ok 20:49:09.0976 2588 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 20:49:09.0992 2588 hwpolicy - ok 20:49:10.0023 2588 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 20:49:10.0038 2588 i8042prt - ok 20:49:10.0116 2588 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 20:49:10.0132 2588 iaStor - ok 20:49:10.0257 2588 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 20:49:10.0272 2588 iaStorV - ok 20:49:10.0366 2588 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:49:10.0382 2588 idsvc - ok 20:49:10.0678 2588 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys 20:49:10.0787 2588 igfx - ok 20:49:10.0896 2588 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 20:49:10.0928 2588 iirsp - ok 20:49:11.0193 2588 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll 20:49:11.0224 2588 IKEEXT - ok 20:49:11.0505 2588 [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys 20:49:11.0676 2588 IntcAzAudAddService - ok 20:49:11.0708 2588 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys 20:49:11.0723 2588 intelide - ok 20:49:11.0801 2588 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 20:49:11.0817 2588 intelppm - ok 20:49:11.0864 2588 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll 20:49:11.0879 2588 IPBusEnum - ok 20:49:11.0942 2588 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 20:49:11.0973 2588 IpFilterDriver - ok 20:49:12.0035 2588 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 20:49:12.0051 2588 iphlpsvc - ok 20:49:12.0082 2588 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys 20:49:12.0113 2588 IPMIDRV - ok 20:49:12.0129 2588 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys 20:49:12.0160 2588 IPNAT - ok 20:49:12.0285 2588 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:49:12.0316 2588 iPod Service - ok 20:49:12.0378 2588 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys 20:49:12.0378 2588 IRENUM - ok 20:49:12.0410 2588 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys 20:49:12.0425 2588 isapnp - ok 20:49:12.0472 2588 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys 20:49:12.0503 2588 iScsiPrt - ok 20:49:12.0550 2588 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 20:49:12.0597 2588 kbdclass - ok 20:49:12.0628 2588 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 20:49:12.0659 2588 kbdhid - ok 20:49:12.0690 2588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe 20:49:12.0706 2588 KeyIso - ok 20:49:12.0768 2588 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 20:49:12.0768 2588 KSecDD - ok 20:49:12.0815 2588 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 20:49:12.0831 2588 KSecPkg - ok 20:49:12.0878 2588 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll 20:49:12.0924 2588 KtmRm - ok 20:49:13.0034 2588 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll 20:49:13.0049 2588 LanmanServer - ok 20:49:13.0112 2588 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll 20:49:13.0127 2588 LanmanWorkstation - ok 20:49:13.0205 2588 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 20:49:13.0221 2588 lltdio - ok 20:49:13.0268 2588 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll 20:49:13.0330 2588 lltdsvc - ok 20:49:13.0361 2588 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll 20:49:13.0377 2588 lmhosts - ok 20:49:13.0439 2588 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 20:49:13.0455 2588 LSI_FC - ok 20:49:13.0486 2588 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 20:49:13.0502 2588 LSI_SAS - ok 20:49:13.0533 2588 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 20:49:13.0595 2588 LSI_SAS2 - ok 20:49:13.0626 2588 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 20:49:13.0658 2588 LSI_SCSI - ok 20:49:13.0704 2588 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys 20:49:13.0720 2588 luafv - ok 20:49:13.0751 2588 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys 20:49:13.0767 2588 megasas - ok 20:49:13.0829 2588 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 20:49:13.0829 2588 MegaSR - ok 20:49:13.0876 2588 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll 20:49:13.0892 2588 MMCSS - ok 20:49:13.0954 2588 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys 20:49:14.0048 2588 Modem - ok 20:49:14.0079 2588 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys 20:49:14.0094 2588 monitor - ok 20:49:14.0141 2588 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 20:49:14.0157 2588 mouclass - ok 20:49:14.0266 2588 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 20:49:14.0282 2588 mouhid - ok 20:49:14.0547 2588 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys 20:49:14.0562 2588 mountmgr - ok 20:49:14.0609 2588 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys 20:49:14.0625 2588 mpio - ok 20:49:14.0640 2588 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 20:49:14.0672 2588 mpsdrv - ok 20:49:14.0765 2588 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll 20:49:14.0781 2588 MpsSvc - ok 20:49:14.0843 2588 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 20:49:14.0843 2588 MRxDAV - ok 20:49:14.0937 2588 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 20:49:14.0952 2588 mrxsmb - ok 20:49:15.0030 2588 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 20:49:15.0062 2588 mrxsmb10 - ok 20:49:15.0093 2588 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 20:49:15.0124 2588 mrxsmb20 - ok 20:49:15.0155 2588 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys 20:49:15.0186 2588 msahci - ok 20:49:15.0280 2588 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys 20:49:15.0296 2588 msdsm - ok 20:49:15.0342 2588 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe 20:49:15.0358 2588 MSDTC - ok 20:49:15.0420 2588 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys 20:49:15.0436 2588 Msfs - ok 20:49:15.0452 2588 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 20:49:15.0467 2588 mshidkmdf - ok 20:49:15.0498 2588 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys 20:49:15.0514 2588 msisadrv - ok 20:49:15.0608 2588 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll 20:49:15.0623 2588 MSiSCSI - ok 20:49:15.0639 2588 msiserver - ok 20:49:15.0701 2588 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 20:49:15.0717 2588 MSKSSRV - ok 20:49:15.0732 2588 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 20:49:15.0748 2588 MSPCLOCK - ok 20:49:15.0795 2588 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 20:49:15.0810 2588 MSPQM - ok 20:49:15.0888 2588 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys 20:49:15.0888 2588 MsRPC - ok 20:49:15.0951 2588 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 20:49:15.0982 2588 mssmbios - ok 20:49:16.0013 2588 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 20:49:16.0076 2588 MSTEE - ok 20:49:16.0107 2588 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 20:49:16.0122 2588 MTConfig - ok 20:49:16.0169 2588 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys 20:49:16.0200 2588 Mup - ok 20:49:16.0341 2588 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll 20:49:16.0372 2588 napagent - ok 20:49:16.0606 2588 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 20:49:16.0622 2588 NativeWifiP - ok 20:49:16.0715 2588 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys 20:49:16.0746 2588 NDIS - ok 20:49:16.0778 2588 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 20:49:16.0793 2588 NdisCap - ok 20:49:16.0871 2588 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 20:49:16.0918 2588 NdisTapi - ok 20:49:16.0934 2588 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 20:49:16.0980 2588 Ndisuio - ok 20:49:16.0996 2588 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 20:49:17.0012 2588 NdisWan - ok 20:49:17.0058 2588 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 20:49:17.0105 2588 NDProxy - ok 20:49:17.0152 2588 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 20:49:17.0152 2588 NetBIOS - ok 20:49:17.0183 2588 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 20:49:17.0199 2588 NetBT - ok 20:49:17.0246 2588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe 20:49:17.0261 2588 Netlogon - ok 20:49:17.0339 2588 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll 20:49:17.0370 2588 Netman - ok 20:49:17.0417 2588 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll 20:49:17.0433 2588 netprofm - ok 20:49:17.0542 2588 [ 954E3565A7D6951AF3DA5B0F649E42FB ] netr28u C:\windows\system32\DRIVERS\netr28u.sys 20:49:17.0651 2588 netr28u - ok 20:49:17.0714 2588 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:49:17.0714 2588 NetTcpPortSharing - ok 20:49:17.0807 2588 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 20:49:17.0823 2588 nfrd960 - ok 20:49:17.0948 2588 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll 20:49:17.0963 2588 NlaSvc - ok 20:49:18.0010 2588 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys 20:49:18.0026 2588 Npfs - ok 20:49:18.0072 2588 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll 20:49:18.0088 2588 nsi - ok 20:49:18.0119 2588 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 20:49:18.0150 2588 nsiproxy - ok 20:49:18.0447 2588 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\windows\system32\drivers\Ntfs.sys 20:49:18.0509 2588 Ntfs - ok 20:49:18.0587 2588 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys 20:49:18.0603 2588 Null - ok 20:49:18.0681 2588 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\windows\system32\drivers\nvraid.sys 20:49:18.0696 2588 nvraid - ok 20:49:18.0743 2588 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\windows\system32\drivers\nvstor.sys 20:49:18.0743 2588 nvstor - ok 20:49:18.0806 2588 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys 20:49:18.0821 2588 nv_agp - ok 20:49:18.0852 2588 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys 20:49:18.0868 2588 ohci1394 - ok 20:49:19.0102 2588 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:49:19.0118 2588 ose - ok 20:49:19.0445 2588 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:49:19.0586 2588 osppsvc - ok 20:49:19.0664 2588 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll 20:49:19.0679 2588 p2pimsvc - ok 20:49:19.0773 2588 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll 20:49:19.0804 2588 p2psvc - ok 20:49:19.0851 2588 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys 20:49:19.0882 2588 Parport - ok 20:49:19.0929 2588 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\windows\system32\drivers\partmgr.sys 20:49:19.0929 2588 partmgr - ok 20:49:19.0960 2588 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys 20:49:19.0991 2588 Parvdm - ok 20:49:20.0038 2588 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll 20:49:20.0054 2588 PcaSvc - ok 20:49:20.0116 2588 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys 20:49:20.0178 2588 pci - ok 20:49:20.0241 2588 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys 20:49:20.0256 2588 pciide - ok 20:49:20.0335 2588 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 20:49:20.0367 2588 pcmcia - ok 20:49:20.0429 2588 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys 20:49:20.0445 2588 pcw - ok 20:49:20.0523 2588 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys 20:49:20.0538 2588 PEAUTH - ok 20:49:20.0757 2588 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll 20:49:20.0819 2588 pla - ok 20:49:20.0913 2588 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll 20:49:20.0928 2588 PlugPlay - ok 20:49:20.0959 2588 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 20:49:20.0975 2588 PNRPAutoReg - ok 20:49:21.0006 2588 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll 20:49:21.0037 2588 PNRPsvc - ok 20:49:21.0115 2588 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 20:49:21.0131 2588 PolicyAgent - ok 20:49:21.0240 2588 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll 20:49:21.0256 2588 Power - ok 20:49:21.0318 2588 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 20:49:21.0334 2588 PptpMiniport - ok 20:49:21.0365 2588 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys 20:49:21.0427 2588 Processor - ok 20:49:21.0490 2588 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\windows\system32\profsvc.dll 20:49:21.0505 2588 ProfSvc - ok 20:49:21.0552 2588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe 20:49:21.0552 2588 ProtectedStorage - ok 20:49:21.0615 2588 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys 20:49:21.0615 2588 Psched - ok 20:49:21.0786 2588 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 20:49:21.0849 2588 ql2300 - ok 20:49:21.0911 2588 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 20:49:21.0911 2588 ql40xx - ok 20:49:21.0989 2588 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll 20:49:22.0036 2588 QWAVE - ok 20:49:22.0067 2588 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 20:49:22.0067 2588 QWAVEdrv - ok 20:49:22.0285 2588 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys 20:49:22.0285 2588 RapportCerberus_42020 - ok 20:49:22.0441 2588 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 20:49:22.0457 2588 RapportEI - ok 20:49:22.0473 2588 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\windows\system32\Drivers\RapportKELL.sys 20:49:22.0488 2588 RapportKELL - ok 20:49:22.0582 2588 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 20:49:22.0613 2588 RapportMgmtService - ok 20:49:22.0660 2588 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 20:49:22.0675 2588 RapportPG - ok 20:49:22.0722 2588 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 20:49:22.0738 2588 RasAcd - ok 20:49:22.0800 2588 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 20:49:22.0800 2588 RasAgileVpn - ok 20:49:22.0878 2588 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll 20:49:22.0909 2588 RasAuto - ok 20:49:22.0956 2588 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 20:49:22.0972 2588 Rasl2tp - ok 20:49:23.0034 2588 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll 20:49:23.0065 2588 RasMan - ok 20:49:23.0097 2588 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 20:49:23.0112 2588 RasPppoe - ok 20:49:23.0143 2588 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 20:49:23.0143 2588 RasSstp - ok 20:49:23.0190 2588 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 20:49:23.0206 2588 rdbss - ok 20:49:23.0268 2588 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 20:49:23.0315 2588 rdpbus - ok 20:49:23.0346 2588 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 20:49:23.0362 2588 RDPCDD - ok 20:49:23.0424 2588 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 20:49:23.0440 2588 RDPENCDD - ok 20:49:23.0502 2588 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 20:49:23.0502 2588 RDPREFMP - ok 20:49:23.0580 2588 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\windows\system32\drivers\RDPWD.sys 20:49:23.0580 2588 RDPWD - ok 20:49:23.0611 2588 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 20:49:23.0627 2588 rdyboost - ok 20:49:23.0689 2588 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll 20:49:23.0705 2588 RemoteAccess - ok 20:49:23.0736 2588 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll 20:49:23.0752 2588 RemoteRegistry - ok 20:49:23.0814 2588 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 20:49:23.0845 2588 RFCOMM - ok 20:49:23.0939 2588 RimUsb - ok 20:49:24.0001 2588 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial.sys 20:49:24.0017 2588 RimVSerPort - ok 20:49:24.0048 2588 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys 20:49:24.0048 2588 ROOTMODEM - ok 20:49:24.0095 2588 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 20:49:24.0111 2588 RpcEptMapper - ok 20:49:24.0173 2588 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe 20:49:24.0204 2588 RpcLocator - ok 20:49:24.0251 2588 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll 20:49:24.0282 2588 RpcSs - ok 20:49:24.0360 2588 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 20:49:24.0360 2588 rspndr - ok 20:49:24.0454 2588 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys 20:49:24.0485 2588 RTL8167 - ok 20:49:24.0579 2588 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys 20:49:24.0594 2588 SABI - ok 20:49:24.0672 2588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe 20:49:24.0672 2588 SamSs - ok 20:49:24.0766 2588 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys 20:49:24.0781 2588 sbp2port - ok 20:49:24.0859 2588 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll 20:49:24.0875 2588 SCardSvr - ok 20:49:24.0906 2588 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 20:49:24.0922 2588 scfilter - ok 20:49:25.0062 2588 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll 20:49:25.0093 2588 Schedule - ok 20:49:25.0140 2588 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll 20:49:25.0140 2588 SCPolicySvc - ok 20:49:25.0203 2588 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll 20:49:25.0218 2588 SDRSVC - ok 20:49:25.0327 2588 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys 20:49:25.0327 2588 secdrv - ok 20:49:25.0374 2588 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll 20:49:25.0374 2588 seclogon - ok 20:49:25.0421 2588 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll 20:49:25.0421 2588 SENS - ok 20:49:25.0483 2588 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys 20:49:25.0499 2588 Serenum - ok 20:49:25.0530 2588 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys 20:49:25.0546 2588 Serial - ok 20:49:25.0561 2588 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 20:49:25.0577 2588 sermouse - ok 20:49:25.0639 2588 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll 20:49:25.0655 2588 SessionEnv - ok 20:49:25.0717 2588 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys 20:49:25.0717 2588 sffdisk - ok 20:49:25.0780 2588 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys 20:49:25.0780 2588 sffp_mmc - ok 20:49:25.0795 2588 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys 20:49:25.0811 2588 sffp_sd - ok 20:49:25.0842 2588 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 20:49:25.0858 2588 sfloppy - ok 20:49:25.0920 2588 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll 20:49:25.0936 2588 SharedAccess - ok 20:49:25.0998 2588 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll 20:49:26.0014 2588 ShellHWDetection - ok 20:49:26.0045 2588 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys 20:49:26.0061 2588 sisagp - ok 20:49:26.0107 2588 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 20:49:26.0107 2588 SiSRaid2 - ok 20:49:26.0154 2588 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 20:49:26.0170 2588 SiSRaid4 - ok 20:49:26.0201 2588 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys 20:49:26.0217 2588 Smb - ok 20:49:26.0295 2588 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe 20:49:26.0326 2588 SNMPTRAP - ok 20:49:26.0373 2588 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys 20:49:26.0373 2588 spldr - ok 20:49:26.0466 2588 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\windows\System32\spoolsv.exe 20:49:26.0482 2588 Spooler - ok 20:49:26.0731 2588 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe 20:49:26.0809 2588 sppsvc - ok 20:49:26.0872 2588 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll 20:49:26.0887 2588 sppuinotify - ok 20:49:26.0950 2588 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys 20:49:26.0981 2588 srv - ok 20:49:27.0028 2588 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 20:49:27.0043 2588 srv2 - ok 20:49:27.0075 2588 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 20:49:27.0090 2588 srvnet - ok 20:49:27.0137 2588 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 20:49:27.0153 2588 SSDPSRV - ok 20:49:27.0168 2588 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll 20:49:27.0184 2588 SstpSvc - ok 20:49:27.0262 2588 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 20:49:27.0277 2588 stexstor - ok 20:49:27.0480 2588 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll 20:49:27.0511 2588 StiSvc - ok 20:49:27.0543 2588 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys 20:49:27.0543 2588 swenum - ok 20:49:27.0636 2588 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll 20:49:27.0683 2588 swprv - ok 20:49:27.0823 2588 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll 20:49:27.0870 2588 SysMain - ok 20:49:27.0917 2588 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll 20:49:27.0933 2588 TabletInputService - ok 20:49:27.0979 2588 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll 20:49:27.0995 2588 TapiSrv - ok 20:49:28.0026 2588 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll 20:49:28.0042 2588 TBS - ok 20:49:28.0135 2588 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\windows\system32\drivers\tcpip.sys 20:49:28.0182 2588 Tcpip - ok 20:49:28.0245 2588 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 20:49:28.0276 2588 TCPIP6 - ok 20:49:28.0338 2588 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 20:49:28.0338 2588 tcpipreg - ok 20:49:28.0401 2588 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 20:49:28.0416 2588 TDPIPE - ok 20:49:28.0479 2588 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 20:49:28.0479 2588 TDTCP - ok 20:49:28.0510 2588 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys 20:49:28.0525 2588 tdx - ok 20:49:28.0557 2588 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 20:49:28.0557 2588 TermDD - ok 20:49:28.0619 2588 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll 20:49:28.0635 2588 TermService - ok 20:49:28.0681 2588 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll 20:49:28.0697 2588 Themes - ok 20:49:28.0728 2588 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll 20:49:28.0744 2588 THREADORDER - ok 20:49:28.0775 2588 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll 20:49:28.0791 2588 TrkWks - ok 20:49:28.0869 2588 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 20:49:28.0884 2588 TrustedInstaller - ok 20:49:28.0931 2588 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 20:49:28.0947 2588 tssecsrv - ok 20:49:28.0993 2588 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 20:49:28.0993 2588 tunnel - ok 20:49:29.0040 2588 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 20:49:29.0056 2588 uagp35 - ok 20:49:29.0118 2588 [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs C:\windows\system32\DRIVERS\udfs.sys 20:49:29.0118 2588 udfs - ok 20:49:29.0196 2588 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe 20:49:29.0212 2588 UI0Detect - ok 20:49:29.0259 2588 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys 20:49:29.0259 2588 uliagpkx - ok 20:49:29.0321 2588 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys 20:49:29.0337 2588 umbus - ok 20:49:29.0352 2588 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys 20:49:29.0368 2588 UmPass - ok 20:49:29.0415 2588 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll 20:49:29.0446 2588 upnphost - ok 20:49:29.0508 2588 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys 20:49:29.0524 2588 USBAAPL - ok 20:49:29.0571 2588 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 20:49:29.0586 2588 usbccgp - ok 20:49:29.0617 2588 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys 20:49:29.0617 2588 usbcir - ok 20:49:29.0664 2588 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\windows\system32\drivers\usbehci.sys 20:49:29.0664 2588 usbehci - ok 20:49:29.0742 2588 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 20:49:29.0758 2588 usbhub - ok 20:49:29.0805 2588 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\windows\system32\drivers\usbohci.sys 20:49:29.0836 2588 usbohci - ok 20:49:29.0914 2588 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 20:49:29.0929 2588 usbprint - ok 20:49:30.0054 2588 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 20:49:30.0054 2588 usbscan - ok 20:49:30.0117 2588 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 20:49:30.0117 2588 USBSTOR - ok 20:49:30.0195 2588 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\windows\system32\drivers\usbuhci.sys 20:49:30.0226 2588 usbuhci - ok 20:49:30.0351 2588 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 20:49:30.0382 2588 usbvideo - ok 20:49:30.0444 2588 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll 20:49:30.0491 2588 UxSms - ok 20:49:30.0522 2588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe 20:49:30.0538 2588 VaultSvc - ok 20:49:30.0600 2588 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys 20:49:30.0616 2588 vdrvroot - ok 20:49:30.0663 2588 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe 20:49:30.0725 2588 vds - ok 20:49:30.0772 2588 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys 20:49:30.0803 2588 vga - ok 20:49:30.0834 2588 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys 20:49:30.0850 2588 VgaSave - ok 20:49:30.0928 2588 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys 20:49:30.0959 2588 vhdmp - ok 20:49:31.0006 2588 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys 20:49:31.0006 2588 viaagp - ok 20:49:31.0053 2588 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys 20:49:31.0068 2588 ViaC7 - ok 20:49:31.0131 2588 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys 20:49:31.0131 2588 viaide - ok 20:49:31.0177 2588 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys 20:49:31.0209 2588 volmgr - ok 20:49:31.0287 2588 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys 20:49:31.0318 2588 volmgrx - ok 20:49:31.0349 2588 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys 20:49:31.0380 2588 volsnap - ok 20:49:31.0443 2588 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 20:49:31.0443 2588 vsmraid - ok 20:49:31.0630 2588 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe 20:49:31.0661 2588 VSS - ok 20:49:31.0817 2588 [ 52591834B0FA3293D35FD407FC230F7D ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 20:49:31.0833 2588 vToolbarUpdater12.2.6 - ok 20:49:31.0879 2588 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 20:49:31.0911 2588 vwifibus - ok 20:49:31.0957 2588 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 20:49:31.0973 2588 vwififlt - ok 20:49:32.0020 2588 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll 20:49:32.0051 2588 W32Time - ok 20:49:32.0113 2588 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 20:49:32.0145 2588 WacomPen - ok 20:49:32.0191 2588 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 20:49:32.0207 2588 WANARP - ok 20:49:32.0223 2588 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 20:49:32.0238 2588 Wanarpv6 - ok 20:49:32.0551 2588 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe 20:49:32.0614 2588 wbengine - ok 20:49:32.0692 2588 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 20:49:32.0723 2588 WbioSrvc - ok 20:49:32.0894 2588 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\windows\System32\wcncsvc.dll 20:49:32.0926 2588 wcncsvc - ok 20:49:33.0035 2588 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 20:49:33.0066 2588 WcsPlugInService - ok 20:49:33.0160 2588 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys 20:49:33.0175 2588 Wd - ok 20:49:33.0238 2588 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 20:49:33.0269 2588 Wdf01000 - ok 20:49:33.0316 2588 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll 20:49:33.0347 2588 WdiServiceHost - ok 20:49:33.0362 2588 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll 20:49:33.0378 2588 WdiSystemHost - ok 20:49:33.0503 2588 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\windows\System32\webclnt.dll 20:49:33.0581 2588 WebClient - ok 20:49:33.0628 2588 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll 20:49:33.0659 2588 Wecsvc - ok 20:49:33.0706 2588 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll 20:49:33.0737 2588 wercplsupport - ok 20:49:33.0799 2588 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll 20:49:33.0830 2588 WerSvc - ok 20:49:33.0893 2588 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 20:49:33.0893 2588 WfpLwf - ok 20:49:33.0940 2588 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys 20:49:33.0955 2588 WIMMount - ok 20:49:34.0142 2588 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:49:34.0174 2588 WinDefend - ok 20:49:34.0205 2588 WinHttpAutoProxySvc - ok 20:49:34.0517 2588 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 20:49:34.0548 2588 Winmgmt - ok 20:49:34.0766 2588 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll 20:49:34.0813 2588 WinRM - ok 20:49:34.0938 2588 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll 20:49:34.0985 2588 Wlansvc - ok 20:49:35.0078 2588 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:49:35.0094 2588 wlcrasvc - ok 20:49:35.0266 2588 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:49:35.0312 2588 wlidsvc - ok 20:49:35.0359 2588 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys 20:49:35.0390 2588 WmiAcpi - ok 20:49:35.0515 2588 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 20:49:35.0531 2588 wmiApSrv - ok 20:49:35.0765 2588 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:49:35.0812 2588 WMPNetworkSvc - ok 20:49:35.0890 2588 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll 20:49:35.0905 2588 WPCSvc - ok 20:49:35.0952 2588 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 20:49:35.0983 2588 WPDBusEnum - ok 20:49:36.0046 2588 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 20:49:36.0061 2588 ws2ifsl - ok 20:49:36.0124 2588 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\windows\System32\wscsvc.dll 20:49:36.0155 2588 wscsvc - ok 20:49:36.0170 2588 WSearch - ok 20:49:36.0467 2588 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll 20:49:36.0529 2588 wuauserv - ok 20:49:36.0592 2588 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys 20:49:36.0607 2588 WudfPf - ok 20:49:36.0701 2588 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 20:49:36.0716 2588 WUDFRd - ok 20:49:36.0794 2588 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll 20:49:36.0826 2588 wudfsvc - ok 20:49:36.0950 2588 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll 20:49:36.0982 2588 WwanSvc - ok 20:49:37.0153 2588 [ 49D10B542DACFBB0E2EBF3E59F83EF21 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys 20:49:37.0169 2588 yukonw7 - ok 20:49:37.0262 2588 ================ Scan global =============================== 20:49:37.0309 2588 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll 20:49:37.0372 2588 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll 20:49:37.0403 2588 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll 20:49:37.0450 2588 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll 20:49:37.0481 2588 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe 20:49:37.0512 2588 [Global] - ok 20:49:37.0528 2588 ================ Scan MBR ================================== 20:49:37.0559 2588 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 20:49:38.0963 2588 \Device\Harddisk0\DR0 - ok 20:49:38.0963 2588 ================ Scan VBR ================================== 20:49:39.0010 2588 [ A82C1552C834D692AE2C7C1E7016B574 ] \Device\Harddisk0\DR0\Partition1 20:49:39.0010 2588 \Device\Harddisk0\DR0\Partition1 - ok 20:49:39.0025 2588 [ 391AAF98AFA5860DE669F27EA731038E ] \Device\Harddisk0\DR0\Partition2 20:49:39.0041 2588 \Device\Harddisk0\DR0\Partition2 - ok 20:49:39.0072 2588 [ 1165327539E87ECDF1F33D5AE88C9962 ] \Device\Harddisk0\DR0\Partition3 20:49:39.0103 2588 \Device\Harddisk0\DR0\Partition3 - ok 20:49:39.0103 2588 ============================================================ 20:49:39.0103 2588 Scan finished 20:49:39.0103 2588 ============================================================ 20:49:39.0134 5004 Detected object count: 0 20:49:39.0134 5004 Actual detected object count: 0 Quote
Starbuck Posted September 11, 2012 Posted September 11, 2012 says nothing was found does that mean it is clear now? With this type of rootkit infection, it's a bit early to say..... But the results are encouraging. Let's dig a little deeper. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Thanks Quote Member of:UNITE
HELPREQUIRED Posted September 11, 2012 Author Posted September 11, 2012 Thank you here are the results: ComboFix 12-09-11.02 - Laura's 11/09/2012 21:42:39.1.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.150 [GMT 2:00] Running from: c:\users\Laura's\Desktop\Combo-Fix.exe AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\$recycle.bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\@ c:\$recycle.bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\U\800000cb.@ c:\programdata\FullRemove.exe c:\windows\system32\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 ))))))))))))))))))))))))))))))) . . 2012-09-11 20:06 . 2012-09-11 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-11 19:44 . 2012-09-11 19:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DDC5813-840B-4A71-B6F4-1106F58B1AB8}\offreg.dll 2012-09-10 15:55 . 2012-09-10 15:55 -------- d-----w- c:\users\Laura's\AppData\Roaming\Malwarebytes 2012-09-10 15:43 . 2012-09-10 15:43 -------- d-----w- c:\programdata\Malwarebytes 2012-09-10 15:43 . 2012-09-10 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-10 15:43 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-09 16:59 . 2012-09-09 16:59 -------- d-----w- c:\users\Laura's\AppData\Roaming\AVG2013 2012-09-09 16:54 . 2012-09-09 16:54 -------- d-----w- c:\users\Laura's\AppData\Local\AVG Secure Search 2012-09-09 16:54 . 2012-09-09 16:54 -------- d-----w- c:\users\Laura's\AppData\Roaming\TuneUp Software 2012-09-09 16:54 . 2012-09-09 16:54 -------- d-----w- c:\programdata\AVG Secure Search 2012-09-09 16:53 . 2012-09-09 16:53 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-09-09 16:53 . 2012-09-09 16:53 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-09-09 16:53 . 2012-09-09 16:53 -------- d-----w- c:\program files\AVG Secure Search 2012-09-09 16:50 . 2012-09-09 16:50 -------- d-----w- C:\$AVG 2012-09-09 16:50 . 2012-09-09 17:08 -------- d-----w- c:\programdata\AVG2013 2012-09-09 16:47 . 2012-09-09 16:47 -------- d-----w- c:\program files\AVG 2012-09-09 16:41 . 2012-09-09 16:41 -------- d--h--w- c:\programdata\Common Files 2012-09-09 16:41 . 2012-09-11 16:52 -------- d-----w- c:\programdata\MFAData 2012-09-09 16:41 . 2012-09-09 17:08 -------- d-----w- c:\users\Laura's\AppData\Local\Avg2013 2012-09-09 16:41 . 2012-09-09 16:41 -------- d-----w- c:\users\Laura's\AppData\Local\MFAData 2012-09-09 16:05 . 2012-09-10 22:23 -------- d-----w- c:\programdata\036DFF8A193337C7D88A69B84F147CE7 2012-09-09 16:04 . 2012-09-09 16:04 -------- d-----w- c:\users\Laura's\AppData\Roaming\Vofuqo 2012-09-07 10:36 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DDC5813-840B-4A71-B6F4-1106F58B1AB8}\mpengine.dll 2012-09-02 16:01 . 2012-09-02 16:32 -------- d-----w- c:\users\Laura's\AppData\Local\Bingoliner 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-08-19 21:16 . 2012-08-19 21:20 -------- d-----w- c:\program files\QuickTime 2012-08-18 15:50 . 2012-07-06 19:31 393216 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-18 15:44 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-18 15:44 . 2012-06-29 01:00 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-08-18 15:44 . 2012-06-29 00:06 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-08-18 15:44 . 2012-06-29 00:06 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-08-18 15:44 . 2012-06-29 00:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-18 15:44 . 2012-06-29 00:09 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-18 15:44 . 2012-06-29 00:16 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-18 15:43 . 2012-06-29 01:00 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2012-08-18 15:43 . 2012-06-29 00:10 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-08-18 15:43 . 2012-06-29 00:10 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-08-18 15:43 . 2012-06-29 00:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-15 08:39 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 08:39 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 08:39 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 08:39 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 08:39 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 08:39 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 08:39 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll 2012-08-13 14:40 . 2012-08-13 14:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 10:24 . 2012-04-17 19:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 10:24 . 2012-04-17 19:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-10 02:52 . 2012-08-10 02:52 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-08-10 02:52 . 2012-08-10 02:52 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-08-10 02:52 . 2012-08-10 02:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-08-10 02:52 . 2012-08-10 02:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-08-09 11:56 . 2012-08-09 11:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-08-09 11:56 . 2012-08-09 11:56 54112 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-08-09 11:56 . 2012-08-09 11:56 151520 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-07-29 18:52 . 2012-07-29 18:52 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-09 16:53 2045536 ----a-w- c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll" [2012-09-09 2045536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-24 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-24 173848] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-24 150808] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-08-29 3039352] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-09 950368] . c:\users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [x] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 57007092 *NewlyCreated* - 92105180 *Deregistered* - 57007092 *Deregistered* - 92105180 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 10:24] . 2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job - c:\users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 18:11] . 2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job - c:\users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 18:11] . 2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job - c:\users\Laura's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 14:56] . 2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job - c:\users\Laura's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 14:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3750202769-359497215-3729716061-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3750202769-359497215-3729716061-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-11 22:12:37 ComboFix-quarantined-files.txt 2012-09-11 20:12 . Pre-Run: 26,015,993,856 bytes free Post-Run: 25,790,849,024 bytes free . - - End Of File - - 42AB10820429E6E76E7C94E3AAAE5E78 Quote
Starbuck Posted September 11, 2012 Posted September 11, 2012 (edited) Hi HELPREQUIRED Ok, here we go again............. Step 1 Close any open browsers. Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix: Open Notepad - it must be Notepad, not Wordpad. Copy the text below in the code box by highlighting all the text and pressing Ctrl+C Folder:: c:\programdata\036DFF8A193337C7D88A69B84F147CE7 c:\users\Laura's\AppData\Roaming\Vofuqo RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] Go to the Notepad window and click Edit >> Paste Then click File >> Save Name the file "CFScript.txt" (including the quotes) Save the file to your Desktop The main ComboFix.exe program should be on your Desktop Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon as below. http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif Now please wait for ComboFix to finish running. Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash When finished a new combofix.txt will be produced. Please post this in your next reply. Step 2 Double click on OTL to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. In your next reply, please submit: New combofix.txt 2 new OTL reports Thanks. Edited September 11, 2012 by Starbuck Quote Member of:UNITE
HELPREQUIRED Posted September 12, 2012 Author Posted September 12, 2012 Combo-fix result: ComboFix 12-09-11.02 - Laura's 12/09/2012 18:18:09.2.2 - x86Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.207 [GMT 2:00] Running from: c:\users\Laura's\Desktop\Combo-Fix.exe Command switches used :: c:\users\Laura's\Desktop\CFScript.txt AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\036DFF8A193337C7D88A69B84F147CE7 c:\programdata\036DFF8A193337C7D88A69B84F147CE7\036DFF8A193337C7D88A69B84F147CE7 c:\programdata\036DFF8A193337C7D88A69B84F147CE7\036DFF8A193337C7D88A69B84F147CE7.ico c:\users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum c:\users\Laura's\AppData\Roaming\Vofuqo . . ((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 ))))))))))))))))))))))))))))))) . . 2012-09-12 16:49 . 2012-09-12 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-12 16:21 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16A76197-E91A-45E0-815C-76A4CF25A0A5}\mpengine.dll 2012-09-11 20:56 . 2012-09-11 20:56 -------- d-----w- c:\program files\Common Files\Skype 2012-09-11 19:36 . 2012-09-11 20:12 -------- d-----w- C:\Combo-Fix 2012-09-10 15:55 . 2012-09-10 15:55 -------- d-----w- c:\users\Laura's\AppData\Roaming\Malwarebytes 2012-09-10 15:43 . 2012-09-10 15:43 -------- d-----w- c:\programdata\Malwarebytes 2012-09-10 15:43 . 2012-09-10 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-10 15:43 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-09 16:59 . 2012-09-09 16:59 -------- d-----w- c:\users\Laura's\AppData\Roaming\AVG2013 2012-09-09 16:54 . 2012-09-09 16:54 -------- d-----w- c:\users\Laura's\AppData\Local\AVG Secure Search 2012-09-09 16:54 . 2012-09-09 16:54 -------- d-----w- c:\users\Laura's\AppData\Roaming\TuneUp Software 2012-09-09 16:54 . 2012-09-09 16:54 -------- d-----w- c:\programdata\AVG Secure Search 2012-09-09 16:53 . 2012-09-09 16:53 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-09-09 16:53 . 2012-09-09 16:53 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-09-09 16:53 . 2012-09-09 16:53 -------- d-----w- c:\program files\AVG Secure Search 2012-09-09 16:50 . 2012-09-09 16:50 -------- d-----w- C:\$AVG 2012-09-09 16:50 . 2012-09-09 17:08 -------- d-----w- c:\programdata\AVG2013 2012-09-09 16:47 . 2012-09-09 16:47 -------- d-----w- c:\program files\AVG 2012-09-09 16:41 . 2012-09-09 16:41 -------- d--h--w- c:\programdata\Common Files 2012-09-09 16:41 . 2012-09-12 16:05 -------- d-----w- c:\programdata\MFAData 2012-09-09 16:41 . 2012-09-09 17:08 -------- d-----w- c:\users\Laura's\AppData\Local\Avg2013 2012-09-09 16:41 . 2012-09-09 16:41 -------- d-----w- c:\users\Laura's\AppData\Local\MFAData 2012-09-02 16:01 . 2012-09-02 16:32 -------- d-----w- c:\users\Laura's\AppData\Local\Bingoliner 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-08-19 21:20 . 2012-08-19 21:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-08-19 21:16 . 2012-08-19 21:20 -------- d-----w- c:\program files\QuickTime 2012-08-18 15:50 . 2012-07-06 19:31 393216 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-18 15:44 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-18 15:44 . 2012-06-29 01:00 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-08-18 15:44 . 2012-06-29 00:06 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-08-18 15:44 . 2012-06-29 00:06 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-08-18 15:44 . 2012-06-29 00:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-18 15:44 . 2012-06-29 00:09 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-18 15:44 . 2012-06-29 00:16 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-18 15:43 . 2012-06-29 01:00 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2012-08-18 15:43 . 2012-06-29 00:10 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-08-18 15:43 . 2012-06-29 00:10 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-08-18 15:43 . 2012-06-29 00:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-15 08:39 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 08:39 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 08:39 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 08:39 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 08:39 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 08:39 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 08:39 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 10:24 . 2012-04-17 19:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 10:24 . 2012-04-17 19:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-13 14:40 . 2012-08-13 14:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-08-10 02:52 . 2012-08-10 02:52 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-08-10 02:52 . 2012-08-10 02:52 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-08-10 02:52 . 2012-08-10 02:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-08-10 02:52 . 2012-08-10 02:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-08-09 11:56 . 2012-08-09 11:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-08-09 11:56 . 2012-08-09 11:56 54112 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-08-09 11:56 . 2012-08-09 11:56 151520 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-07-29 18:52 . 2012-07-29 18:52 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-09 16:53 2045536 ----a-w- c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll" [2012-09-09 2045536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-24 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-24 173848] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-24 150808] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-08-29 3039352] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-09 950368] . c:\users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [x] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 10:24] . 2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job - c:\users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 18:11] . 2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job - c:\users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 18:11] . 2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job - c:\users\Laura's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 14:56] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job - c:\users\Laura's\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 14:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3750202769-359497215-3729716061-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3750202769-359497215-3729716061-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . Completion time: 2012-09-12 18:58:57 ComboFix-quarantined-files.txt 2012-09-12 16:58 ComboFix2.txt 2012-09-11 20:12 . Pre-Run: 25,501,364,224 bytes free Post-Run: 25,137,356,800 bytes free . - - End Of File - - B9968033FAF7F68480257AB99F00D669 OTL.txt result: OTL logfile created on: 9/12/2012 7:50:55 PM - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Laura's\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.30 Mb Total Physical Memory | 529.76 Mb Available Physical Memory | 52.28% Memory free 1.99 Gb Paging File | 1.12 Gb Available in Paging File | 56.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 52.00 Gb Total Space | 23.47 Gb Free Space | 45.14% Space Free | Partition Type: NTFS Drive D: | 76.95 Gb Total Space | 38.08 Gb Free Space | 49.49% Space Free | Partition Type: NTFS Computer Name: LAURAS-PC | User Name: Laura's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Laura's\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll () MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () ========== Win32 Services (SafeList) ========== SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found DRV - (mbr) -- C:\Combo-Fix10078C\mbr.sys File not found DRV - (catchme) -- C:\Users\Laura's\AppData\Local\Temp\catchme.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (RapportCerberus_42020) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys () DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=050412_30b&babsrc=SP_ss&mntrId=06880b7c000000000000e839dff4c547 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8138FC44-0C71-411E-81B6-F383F321D156}&mid=676ad4082ca747d0ba7dd16d123eae78-45c44ff189653c5ef845e2ef3c01d18c920e501e&lang=en&ds=AVG&pr=pr&d=2012-09-09 18:53:39&v=12.2.5.4&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Users\Laura's\Desktop\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Laura's\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Laura's\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/16 11:13:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.4\ [2012/09/09 18:54:01 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.co.uk/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.co.uk/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Laura's\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Users\Laura's\Desktop\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Secure Search = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.4_0\ CHR - Extension: Gmail = C:\Users\Laura's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/09/12 18:49:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Facebook Update] C:\Users\Laura's\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Laura's\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe (Facebook) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6A9D2E-77E5-4E94-89C2-53B310FCC1C3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5DFE1C9-7471-4C24-A3A5-EB040D3097B5}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/12 18:59:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/09/12 18:11:45 | 000,000,000 | ---D | C] -- C:\Combo-Fix10078C [2012/09/11 22:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/09/11 22:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/09/11 21:36:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/09/11 21:36:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/09/11 21:36:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/09/11 21:36:12 | 000,000,000 | ---D | C] -- C:\Combo-Fix [2012/09/11 21:34:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/11 21:34:02 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/09/11 21:31:32 | 004,759,433 | R--- | C] (Swearware) -- C:\Users\Laura's\Desktop\Combo-Fix.exe [2012/09/11 20:34:52 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Laura's\Desktop\tdsskiller.exe [2012/09/11 16:49:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Laura's\Desktop\OTL.exe [2012/09/10 17:55:06 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\Malwarebytes [2012/09/10 17:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/10 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/10 17:43:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/09/10 17:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/10 17:42:38 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Laura's\Desktop\FixExec.exe [2012/09/10 17:37:25 | 010,651,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laura's\Desktop\mbam-setup.exe [2012/09/09 18:59:10 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\AVG2013 [2012/09/09 18:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/09/09 18:54:11 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\AVG Secure Search [2012/09/09 18:54:08 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\TuneUp Software [2012/09/09 18:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/09/09 18:53:27 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012/09/09 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/09/09 18:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012/09/09 18:50:35 | 000,000,000 | ---D | C] -- C:\$AVG [2012/09/09 18:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/09/09 18:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/09/09 18:41:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/09/09 18:41:23 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\MFAData [2012/09/09 18:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/09/09 18:41:23 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\Avg2013 [2012/09/07 21:58:51 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012/09/07 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\{FE9BD7C6-A7FF-4D61-A629-7E5BB083539B} [2012/09/02 18:01:13 | 000,000,000 | ---D | C] -- C:\Users\Laura's\AppData\Local\Bingoliner [2012/08/19 23:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/08/19 23:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/08/18 17:44:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/08/18 17:44:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/08/18 17:44:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012/08/18 17:44:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/08/18 17:44:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012/08/18 17:43:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/08/18 17:43:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012/08/15 10:39:13 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll [2012/08/15 10:39:10 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/08/15 10:39:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll ========== Files - Modified Within 30 Days ========== [2012/09/12 20:06:01 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job [2012/09/12 19:49:27 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/09/12 19:49:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/12 18:49:56 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012/09/12 18:16:58 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/12 18:16:58 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/12 17:54:54 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys [2012/09/11 21:32:04 | 004,759,433 | R--- | M] (Swearware) -- C:\Users\Laura's\Desktop\Combo-Fix.exe [2012/09/11 20:34:39 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Laura's\Desktop\tdsskiller.exe [2012/09/11 20:16:04 | 000,000,934 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000UA.job [2012/09/11 20:16:02 | 000,000,912 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job [2012/09/11 16:49:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laura's\Desktop\OTL.exe [2012/09/10 17:43:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/10 17:42:34 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Laura's\Desktop\FixExec.exe [2012/09/10 17:33:38 | 010,651,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laura's\Desktop\mbam-setup.exe [2012/09/10 16:29:25 | 000,628,460 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/09/10 16:29:25 | 000,110,612 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/09/09 18:54:12 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/09/09 18:53:27 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012/09/09 13:06:50 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750202769-359497215-3729716061-1000Core.job [2012/09/07 21:58:54 | 000,001,280 | ---- | M] () -- C:\Users\Laura's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012/08/19 23:18:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/08/19 13:25:37 | 000,332,840 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/08/15 12:24:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012/08/15 12:24:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/09/11 21:36:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/09/11 21:36:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/09/11 21:36:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/09/11 21:36:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/09/11 21:36:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/09/10 17:43:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/09 18:54:10 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/08/19 23:18:35 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/06/17 18:13:33 | 000,005,632 | ---- | C] () -- C:\Users\Laura's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/08 20:01:45 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6FB93194 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2430E4FC @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8530A643 < End of report > ETRAS.txt result: OTL Extras logfile created on: 9/12/2012 7:50:55 PM - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Laura's\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.30 Mb Total Physical Memory | 529.76 Mb Available Physical Memory | 52.28% Memory free 1.99 Gb Paging File | 1.12 Gb Available in Paging File | 56.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 52.00 Gb Total Space | 23.47 Gb Free Space | 45.14% Space Free | Partition Type: NTFS Drive D: | 76.95 Gb Total Space | 38.08 Gb Free Space | 49.49% Space Free | Partition Type: NTFS Computer Name: LAURAS-PC | User Name: Laura's | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Users\Laura's\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Users\Laura's\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10661553-EBFD-4836-95FD-7F876050A9B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{22910718-8822-4EF7-BAFE-FD66EBC97F8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{28F5C2E3-AFD5-48B8-8F7A-FC2B34DB7304}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{2A3810C0-1E48-4A5D-9521-6E6FEA2860D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{359B1401-27E3-4D02-8412-EB9A025805C3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{425DEB7F-D45B-4AB9-BA9D-5DE250ECDFB3}" = lport=2869 | protocol=6 | dir=in | app=system | "{6D382758-3780-4872-9C59-DC8886F96E20}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{8B60D901-358E-48F5-8744-53703340E034}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{B8219107-C6C3-4711-829C-D88CD759F518}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{B82BEF7E-97E7-419C-A263-30F3C19217A4}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{BE853CEC-545F-4A2D-A6C1-B8470B9AD92B}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{CE4AB45A-F64B-4276-A844-11AEC3B4B93E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{42AC299D-BD3E-4735-BC05-6F8020B5CBCA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{4A823058-7F31-4534-9633-A25B58B40FC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{533640B0-1DAE-46DA-92D1-75BF3579819A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{57367B5F-2A4C-4B11-9C1E-4ED245EEF702}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{629F122E-1A43-4808-AA73-632CD40325D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{6D812403-902B-4455-A314-12E12D7B603D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{7A537CF1-F70C-4B38-AB18-F59CCEE7AE58}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{7E0FD23A-087C-4BA3-A51B-FD675ADB1CCF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{8DE9A2BE-452D-4670-AC12-91DAEC790DA0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8DF8AC94-E12B-4766-8644-DE5368CEBAD3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{9F26CB2B-CC83-4A2C-94C5-0DDE2854C376}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{9F5612A7-9ADC-47D1-A3D0-45C726283BDD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{A396AE11-53BB-4A63-80E8-380929185CC2}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{B4EAFBD1-067B-4B55-8EA4-CE19F1867F66}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{BBBFC7FF-7241-4DA1-AD99-E7AB119AF027}" = dir=in | app=c:\program files\itunes\itunes.exe | "{BE02BDB0-B552-4135-BD36-D485FD765F4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{D726D55A-76AE-4634-9D77-A624C5720BE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DA550689-5E0B-47C0-9ED7-173C913FD859}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{EDAB24CF-FAA5-497D-B4DF-0F4CB5BD81AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{F663A46F-1424-46A1-8F71-E59CBA204955}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{F99FEE9D-3F1D-46BC-A9A0-E66DA66BF5E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "TCP Query User{2C363B4E-1AEA-49FD-8498-08FEBE005D58}C:\users\laura's\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\laura's\appdata\roaming\spotify\spotify.exe | "TCP Query User{301FD775-81B7-45ED-8E6D-3F0DBA62CEAA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{61A81C16-C92E-4B70-A1EE-42DB27DB6C46}C:\users\laura's\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\laura's\appdata\roaming\spotify\spotify.exe | "UDP Query User{D33C20BA-6787-45DC-93E9-78C845C00754}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1234C1F4-603F-4C34-8796-3544CF8A83F5}" = Facebook Messenger 2.1.4631.0 "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{23697393-E392-4FFA-B8EF-193B5569C0B2}" = AVG 2013 "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender "{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DE2E198-17B2-4E2D-A884-1603CD32FD38}" = AVG 2013 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AVG" = AVG 2013 "BabylonToolbar" = Babylon toolbar on IE "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1 "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "CCleaner" = CCleaner "Easy Media Player" = Easy Media Player 1.1.12 "Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PKR" = PKR "Rapport_msi" = Rapport "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/9/2012 2:09:26 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6848 Error - 9/9/2012 2:09:27 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 9/9/2012 2:09:27 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7846 Error - 9/9/2012 2:09:27 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7846 Error - 9/9/2012 2:09:28 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 9/9/2012 2:09:28 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8876 Error - 9/9/2012 2:09:28 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8876 Error - 9/9/2012 2:09:29 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 9/9/2012 2:09:29 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9906 Error - 9/9/2012 2:09:29 PM | Computer Name = Lauras-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9906 [ System Events ] Error - 9/3/2012 4:10:26 PM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/4/2012 2:17:12 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 9/4/2012 3:10:27 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/4/2012 3:04:25 PM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/6/2012 9:44:21 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/7/2012 6:29:47 AM | Computer Name = Lauras-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 9/7/2012 3:55:52 PM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/8/2012 2:20:41 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 9/8/2012 9:21:42 AM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 9/8/2012 12:54:51 PM | Computer Name = Lauras-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. < End of report > Quote
Starbuck Posted September 12, 2012 Posted September 12, 2012 Hi HELPREQUIRED Things are looking a lot better now. Still a few things to do though. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=050412_30b&babsrc =SP_ss&mntrId=06880b7c000000000000e839dff4c547 O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\Ba bylonToolbar.dll (Babylon BHO) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarTlbr.dll (Babylon Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6FB93194 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2430E4FC @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8530A643 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 7 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 7". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x86'offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u7-windows-i586-p.exe to install the newest version. Step 3 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png In your next reply, please submit: Otl fix report Eset scan report also let me know how the system is running.... any problems? Thanks. Quote Member of:UNITE
HELPREQUIRED Posted September 12, 2012 Author Posted September 12, 2012 Ok will do that as soon as i finish work tomorrow if that's ok. At the minute things seem to be running fine. Thanks again for all your help i will make a donation when i get paid. I am so grateful :) Quote
Starbuck Posted September 12, 2012 Posted September 12, 2012 I added the eset scan this evening instead of waiting to add it tomorrow ( after the OTLfix) as i'll be out tomorrow evening and may not be back until late. Going go karting with my daughters and their partners.... should be a fun evening. I'll pick up any reply when i get in. Thanks again for all your help i will make a donation when i get paid. I am so grateful It's no problem at all... glad i could help. Many thanks for the offer of the donation. :) Quote Member of:UNITE
HELPREQUIRED Posted September 13, 2012 Author Posted September 13, 2012 OTL: All processes killed========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\Ba bylonToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarTlbr.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ADS C:\ProgramData\Temp:6FB93194 deleted successfully. ADS C:\ProgramData\Temp:2430E4FC deleted successfully. ADS C:\ProgramData\Temp:8530A643 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Laura's\Desktop\cmd.bat deleted successfully. C:\Users\Laura's\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Laura's ->Temp folder emptied: 292309 bytes ->Temporary Internet Files folder emptied: 376966 bytes ->Java cache emptied: 411 bytes ->Google Chrome cache emptied: 294816586 bytes ->Flash cache emptied: 68427 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 533147 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 282.00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.56.0 log created on 09132012_133317 Files\Folders moved on Reboot... File\Folder C:\windows\temp\TMP00000995128248314D47B672 not found! PendingFileRenameOperations files... File C:\windows\temp\TMP00000995128248314D47B672 not found! Registry entries deleted on Reboot... ESET: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=35f77df742fd6c4b9305b119a161ca36 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-13 06:45:45 # local_time=2012-09-13 08:45:45 (+0100, W. Europe Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1024 16777215 100 0 329736 329736 0 0 # compatibility_mode=5893 16776574 100 94 72093 99170180 0 0 # compatibility_mode=8192 67108863 100 0 329 329 0 0 # scanned=157195 # found=7 # cleaned=7 # scan_time=22957 C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\U\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Laura's\Downloads\gtk2130-setup.exe a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-3750202769-359497215-3729716061-1000\$1d08dbf547c53be78f5332239e20b3f7\U\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined C:\Users\Laura's\Downloads\gtk2130-setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined Quote
Starbuck Posted September 13, 2012 Posted September 13, 2012 Hi HELPREQUIRED, Those reports look good. We did remove a few 'Babylon' entries with the OTL fix, but it seems that Eset found some more. The other entries Eset removed had already been removed and were cleared from the quarantine folder. Run the system for a day or two just to make sure everything is ok. Let me know on Saturday if it's still running ok and we'll finish off the cleaning process. Quote Member of:UNITE
HELPREQUIRED Posted September 13, 2012 Author Posted September 13, 2012 Do you mean run the computer as normal? will i be safe to use my internet banking and things? thanks :) Quote
HELPREQUIRED Posted September 15, 2012 Author Posted September 15, 2012 Hi all seems to be running OK, although as I typed this the first time Google chrome crashed but i think that's pretty normal as it happens sometimes :) Am I OK with it now or is there still some stuff i need to do? Thanks, Laura :) Quote
Starbuck Posted September 16, 2012 Posted September 16, 2012 Hi HELPREQUIRED will i be safe to use my internet banking and things? With this type of infection, it's always best to change any passwords that you have for all of your accounts. Internet banking, email, forums etc .... just to be on the safe side. Some banks now give you a little gadget that changes your logon eachtime you access the banking site.... these types of banking procedures will give a lot more security. If you have one of these, your details will obviously be more secure. But there's still no harm in changing your actual password as well. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please uninstall ComboFix by Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png This action will uninstall Combofix and also perform a few cleanup measures Step 3 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed if it's installed. Step 4 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools may not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click Start >> Computer >> System Properties >> System Protection. Here you have a list of hard drives and partitions available in your computer - mostly just one. Select the drive that has "(System)" written after it and click Configure. select Turn off system protection under Restore Settings and click Delete button. Click Continue in confirmation window and click Close after the restore points have been deleted. Then click OK to close properties for the drive. Now reboot the system. Follow the above procedure again, only this time click Restore system settings and previous Versions of files. Then click OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: How did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ... see note* ....installation guide Here Avast free MS Security Essentials ... see note** ... installation guide Here Note*: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation. Note**: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
HELPREQUIRED Posted September 16, 2012 Author Posted September 16, 2012 Thank you again for all your help :) am I OK to remove the other programs eset and fixexec now too? I was just looking at my programs and the babylon toolbar is still there should i uninstall it? Quote
Starbuck Posted September 17, 2012 Posted September 17, 2012 am I OK to remove the other programs eset and fixexec now too? Yes those can be removed now. I was just looking at my programs and the babylon toolbar is still there should i uninstall it? There may still be a reference to it in the add/remove programs but the files relating to it have already been removed. The uninstaller may not work now. (it'll probably just be an orphan entry) But it's nothing to worry about as the reference won't actually lead to a program. Effectively that entry is dead now. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.