Trazza Posted October 4, 2012 Posted October 4, 2012 Hi can anyone help to see if I have malware or anything else that I should'nt have on my computer. I keep getting a message that I have high cpu usage whilst on the internet, mostly when i am playing facebook games. also the computer is running really slow when connected to the internet. I have included the scans that are recommended in the sticky by starbuck but will probably have to post them sereratly as memory serves me they are too big alltogether. Many thanks Trazza. Malwarebytes Anti-Malware 1.65.0.1400 http://www.malwarebytes.org Database version: v2012.10.04.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 USER :: ANY-6C5E521BE98 [administrator] 04/10/2012 11:11:05 mbam-log-2012-10-04 (11-11-05).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 274146 Time elapsed: 1 hour(s), 5 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte_playbryte (PUP.PlayBryte) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\ANEP9GMN\Installer.playbryte[1] (PUP.PlayBryte) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(3).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(4).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\outlook express setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully. C:\Program Files\Playbryte\uninstall.exe (PUP.PlayBryte) -> Quarantined and deleted successfully. (end) OTL logfile created on: 04/10/2012 12:36:38 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 579.71 Mb Available Physical Memory | 56.72% Memory free 2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 120.47 Gb Free Space | 80.83% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo000094fc.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (RPSKT) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) -- File not found DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121003.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121003.032\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121003.001\IDSXpx86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symefa.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symds.sys (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=410&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=hp IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E0E5DFB8-92ED-4D41-8713-7D0E3EF9268D&apn_sauid=81E0B527-26AD-4199-81FB-804D1AD468FC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=4157fad3-eb4a-4ea8-b8d3-0189ced08577&query={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=410&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=GB&ver=18 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012/05/17 11:07:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012/10/04 12:28:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 10:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/08/29 15:00:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:42:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:42:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/20 15:30:18 | 000,000,000 | ---D | M] [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/09/24 09:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2012/04/30 18:17:26 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\playbryte@playbryte.com [2012/04/30 18:17:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\plugin@yontoo.com [2012/09/06 11:42:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\toolbar@ask.com [2012/01/19 17:39:07 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012/04/30 18:15:55 | 000,172,310 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012/09/06 11:42:27 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\askcom.xml [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\Search_Results.xml [2012/04/30 18:16:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\sweetim.xml [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/07 19:42:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2012/06/08 10:24:50 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/08/29 15:01:20 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/31 01:21:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012/08/31 01:21:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/04/26 22:12:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe /scan File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\USER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F8D923-5ECA-4D42-A4D3-0A72B7E74F10}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\830\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\830\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/25 13:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\New Folder [2012/09/23 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/09/23 21:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2012/09/23 21:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software [2012/09/23 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\NCH Software [2012/09/23 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2012/09/23 19:38:22 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012/09/23 19:38:22 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012/09/23 19:38:22 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012/09/23 19:38:22 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012/09/23 19:38:22 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012/09/23 19:38:22 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012/09/23 19:38:22 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012/09/23 19:38:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012/09/23 19:38:22 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2012/09/23 19:38:22 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX [2012/09/23 19:38:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2012/09/23 19:38:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2012/09/23 19:38:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2012/09/23 19:38:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll [2012/09/23 19:38:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2012/09/23 19:38:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL [2012/09/23 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012/09/23 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Thunderbird [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2012/09/07 19:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2012/09/07 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/06 11:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/09/06 11:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\AskToolbar [2012/09/06 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/09/06 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/09/06 11:14:26 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/09/06 11:14:17 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:13:05 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012/10/04 12:42:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/10/04 12:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/10/04 12:35:40 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/10/04 12:33:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/04 12:30:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/04 12:28:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/10/04 12:27:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/04 12:27:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/04 12:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/10/04 12:03:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/04 11:09:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/03 10:52:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/10/03 10:42:51 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121002.018 [2012/10/03 08:18:37 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/10/03 08:18:26 | 000,750,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB [2012/09/30 20:29:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:31 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/30 19:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2012/09/21 18:03:20 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/09/21 18:03:20 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/09/21 18:03:16 | 010,213,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/09/12 21:27:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/09/06 11:12:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:21 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/09/06 11:12:21 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/09/06 11:12:21 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:12:21 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl ========== Files Created - No Company Name ========== [2012/10/04 11:09:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/30 20:29:29 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:30 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/23 21:16:41 | 000,043,425 | ---- | C] () -- C:\Documents [2012/09/23 19:38:22 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012/09/23 19:32:34 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk [2012/09/23 19:31:46 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2012/09/06 11:42:20 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/08/31 13:53:06 | 000,103,272 | ---- | C] () -- C:\Documents and Settings\USER\GoToAssistDownloadHelper.exe [2012/07/30 16:29:04 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2009/11/06 14:18:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat [2009/08/24 15:42:45 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Launch Internet Explorer Browser.lnk [2007/10/09 20:50:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat [2006/12/01 14:38:29 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/30 11:15:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/09/06 11:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/08/29 15:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2012/09/23 21:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2010/09/13 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/07/18 12:28:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/02/23 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager [2010/09/17 15:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2011/08/29 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2012/02/23 12:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper [2010/09/17 13:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/09/25 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2008/11/03 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/06/02 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2011/09/26 11:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/12/20 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2011/12/20 15:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2011/12/20 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/09/26 11:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2012/04/30 18:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2008/05/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2011/08/29 17:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband [2012/07/18 12:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG Secure Search [2011/10/16 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2012/07/18 12:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BlueSprig [2010/09/20 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CheckPoint [2012/09/23 21:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2011/08/30 17:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ElevatedDiagnostics [2012/07/13 19:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\EPSON [2012/09/07 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2006/11/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FotoWire [2012/09/23 21:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2006/11/30 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FUJIFILM [2012/07/18 12:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\IObit [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\iolo [2006/11/30 22:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech [2006/11/30 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MSNInstaller [2011/12/20 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia [2011/12/20 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia Suite [2009/11/23 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ntr [2012/07/29 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Oracle [2011/12/20 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PC Suite [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Pop mail bits [2012/07/30 16:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\SystemRequirementsLab [2007/01/19 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Teleca [2012/09/11 21:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2011/12/29 13:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Virgin Broadband ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST3160811AS Partitions: 1 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Interface type: USB Media Type: Model: Generic USB SD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - Interface type: USB Media Type: Model: Generic USB CF Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE3 - Interface type: USB Media Type: Model: Generic USB SM Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE4 - Interface type: USB Media Type: Model: Generic USB MS Reader USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 149.00GB Starting Offset: 32256 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/08/30 18:37:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/03/03 16:49:01 | 000,000,504 | ---- | M] () -- C:\dlbt.log [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/07/27 20:43:25 | 000,000,171 | ---- | M] () -- C:\itouch.log [2006/11/30 22:55:28 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log [2007/03/17 13:46:07 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/20 17:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/10/04 12:27:50 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document 1.txt [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document.txt [2007/09/11 11:53:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmdata01.sqm [2007/12/13 22:28:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2007/12/31 18:24:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/02/03 13:32:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/03/08 19:50:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/06/07 11:20:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/06/23 22:28:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/06/23 22:29:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/06/29 23:17:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2008/08/01 14:35:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2008/08/16 17:01:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/10/09 11:11:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/10/09 11:12:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/22 15:22:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/22 15:34:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/22 15:38:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/04/23 16:16:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2007/09/09 22:39:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2007/09/11 11:29:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt00.sqm [2007/12/13 22:28:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2007/12/31 18:24:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/02/03 13:32:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/03/08 19:50:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/06/07 11:20:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/06/23 22:28:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/06/23 22:29:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/06/29 23:17:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/08/01 14:35:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/08/16 17:01:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/10/09 11:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/10/09 11:12:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/22 15:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/22 15:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/22 15:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/04/23 16:16:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2007/09/09 22:39:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2007/09/11 11:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2007/09/11 11:53:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/29 17:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/11/29 17:20:09 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/11/29 17:20:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/26 07:40:35 | 000,634,504 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/26 07:40:35 | 000,634,504 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > Quote
Trazza Posted October 4, 2012 Author Posted October 4, 2012 Here is the extras log. OTL Extras logfile created on: 04/10/2012 12:36:38 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 579.71 Mb Available Physical Memory | 56.72% Memory free 2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 120.47 Gb Free Space | 80.83% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation) "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin N300 Micro USB Wireless Adapter "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite "{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "AVG Secure Search" = AVG Security Toolbar "BTHomeHub" = BTHomeHub "DealPly" = DealPly "DebugMode Wink" = DebugMode Wink "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "GoToAssist" = GoToAssist Corporate "Hardware Helper_is1" = Hardware Helper "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Logitech Print Service" = Logitech Print Service "Logitech Resource Center" = Logitech Resource Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MWASPINT" = MicroStaff WINASPI NT "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Suite" = Nokia Suite "QuickTime" = QuickTime "RealPlayer 15.0" = RealPlayer "SpeedFan" = SpeedFan (remove only) "Switch" = Switch Sound File Converter "WavePad" = WavePad Sound Editor "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/07/2012 13:38:22 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 06:18:42 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 06:55:13 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 07:01:45 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 07:02:26 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket 736169863. Error - 12/07/2012 08:15:10 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 08:17:11 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 08:17:24 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/07/2012 16:19:05 | Computer Name = ANY-6C5E521BE98 | Source = Application Error | ID = 1000 Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting module appwiz.cpl, version 5.1.2600.5512, fault address 0x0000c6c2. Error - 30/09/2012 12:13:02 | Computer Name = ANY-6C5E521BE98 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established [ System Events ] Error - 04/10/2012 03:57:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 04/10/2012 03:57:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 04/10/2012 03:59:07 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 04/10/2012 05:51:27 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 04/10/2012 05:51:27 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 04/10/2012 05:52:59 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 04/10/2012 07:27:58 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 04/10/2012 07:27:58 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 04/10/2012 07:29:29 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 04/10/2012 07:29:29 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IntelIde < End of report > Quote
KenB Posted October 5, 2012 Posted October 5, 2012 Hi Trazza I am sure one of our security experts will get to you soon. Please be patient - they are extremely busy people :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
etavares Posted October 5, 2012 Posted October 5, 2012 Hello, Trazza. My name is etavares and I will be helping you with this log. Here are some guidelines to ensure we are able to get your machine back under your control. Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place. Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times. Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done. Please reply within 3 days to be fair to other people asking for help. When in doubt, please stop and ask first. There's no harm in asking questions! Step 1 Install ERUNT This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished. Please download erunt-setup.exe to your desktop. Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use. Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK. You can find a complete guide to using the program here: http://www.larshederer.homepage.t-online.de/erunt/erunt.txt When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled. Step 2 Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove. Ask Toolbar Be sure to reboot when done. Step 3 We need run an OTL ScriptPlease download OTL from one of the following mirrors if you do not still have it. This is first Mirror This is the second mirror [*]Save it to your desktop. [*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. [*]Paste the following code under the Custom Scans/Fixes box at the bottom. :OTL DRV - (RPSKT) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) -- File not found DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=410&sr=0&q={searchTe rms} IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerm s}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E0E5 DFB8-92ED-4D41-8713-7D0E3EF9268D&apn_sauid=81E0B527-26AD-4199-81FB-804D1AD468FC IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=4157fad3-eb4a-4ea8-b8d3-0189ced08577&query={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=410&sr=0&q={searchTe rms} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=reta il&geo=GB&ver=18 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2611275 FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" [2012/04/30 18:17:26 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\ext ensions\playbryte@playbryte.com [2012/09/06 11:42:27 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\sea rchplugins\askcom.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\sea rchplugins\Search_Results.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll File not found O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx. dll File not found O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe /scan File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\USER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm File not found :files C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmdata05.sqm C:\sqmdata06.sqm C:\sqmdata07.sqm C:\sqmdata08.sqm C:\sqmdata09.sqm C:\sqmdata10.sqm C:\sqmdata11.sqm C:\sqmdata12.sqm C:\sqmdata13.sqm C:\sqmdata14.sqm C:\sqmdata15.sqm C:\sqmdata16.sqm C:\sqmdata17.sqm C:\sqmdata18.sqm C:\sqmdata19.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm C:\sqmnoopt06.sqm C:\sqmnoopt07.sqm C:\sqmnoopt08.sqm C:\sqmnoopt09.sqm C:\sqmnoopt10.sqm C:\sqmnoopt11.sqm C:\sqmnoopt12.sqm C:\sqmnoopt13.sqm C:\sqmnoopt14.sqm C:\sqmnoopt15.sqm C:\sqmnoopt16.sqm C:\sqmnoopt17.sqm C:\sqmnoopt18.sqm C:\sqmnoopt19.sqm [*]Click the Run Fix button at the top. [*]let the program run unhindered and reboot when it is done. [*]You will get a log when it is done, please post that in your reply. [*]Please then create a new OTL report.... [*]Click the "Scan All Users" checkbox. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button. [*]A report will open, copy and paste it in a reply here. Step 4 How is your computer running now? Do you know what process is using your CPU? When you get that warning or it becomes slow, please press Ctrl-Shift-Esc and the Task Manager will open. Click on the Processes tab, then see what process has a number >10 in the CPU column and let me know what that is. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Trazza Posted October 5, 2012 Author Posted October 5, 2012 Hello etavares and thanks for your time Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place. I will only do as you ask me to Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times. Sorry I dont know what you mean. Whilst I wait for your reply I will be getting on with list of things to do. Thanks very much Trazza Quote
Trazza Posted October 5, 2012 Author Posted October 5, 2012 This is the OTL fix log ========== OTL ========== Service RPSKT stopped successfully! Service RPSKT deleted successfully! File system32\DRIVERS\rp_skt32.sys File not found not found. Service PID_08A0 stopped successfully! Service PID_08A0 deleted successfully! File File not found not found. Service MRESP50 stopped successfully! Service MRESP50 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service MREMP50 stopped successfully! Service MREMP50 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Search Results" removed from browser.search.defaultenginename Prefs.js: "Search Results" removed from browser.search.order.1 Prefs.js: "Search Results" removed from browser.search.selectedEngine Folder C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\ext ensions\playbryte@playbryte.com\ not found. File C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\sea rchplugins\askcom.xml not found. File C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\sea rchplugins\Search_Results.xml not found. C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully. C:\Program Files\DealPly\DealPlyIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ErrorTeck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found. File C:\Program Files\Ask.com\Updater\Updater.exe not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully. ========== FILES ========== File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found. C:\sqmdata01.sqm moved successfully. C:\sqmdata02.sqm moved successfully. C:\sqmdata03.sqm moved successfully. C:\sqmdata04.sqm moved successfully. C:\sqmdata05.sqm moved successfully. C:\sqmdata06.sqm moved successfully. C:\sqmdata07.sqm moved successfully. C:\sqmdata08.sqm moved successfully. C:\sqmdata09.sqm moved successfully. C:\sqmdata10.sqm moved successfully. C:\sqmdata11.sqm moved successfully. C:\sqmdata12.sqm moved successfully. C:\sqmdata13.sqm moved successfully. C:\sqmdata14.sqm moved successfully. C:\sqmdata15.sqm moved successfully. C:\sqmdata16.sqm moved successfully. C:\sqmdata17.sqm moved successfully. C:\sqmdata18.sqm moved successfully. C:\sqmdata19.sqm moved successfully. C:\sqmnoopt00.sqm moved successfully. C:\sqmnoopt01.sqm moved successfully. C:\sqmnoopt02.sqm moved successfully. C:\sqmnoopt03.sqm moved successfully. C:\sqmnoopt04.sqm moved successfully. C:\sqmnoopt05.sqm moved successfully. C:\sqmnoopt06.sqm moved successfully. C:\sqmnoopt07.sqm moved successfully. C:\sqmnoopt08.sqm moved successfully. C:\sqmnoopt09.sqm moved successfully. C:\sqmnoopt10.sqm moved successfully. C:\sqmnoopt11.sqm moved successfully. C:\sqmnoopt12.sqm moved successfully. C:\sqmnoopt13.sqm moved successfully. C:\sqmnoopt14.sqm moved successfully. C:\sqmnoopt15.sqm moved successfully. C:\sqmnoopt16.sqm moved successfully. C:\sqmnoopt17.sqm moved successfully. C:\sqmnoopt18.sqm moved successfully. C:\sqmnoopt19.sqm moved successfully. OTL by OldTimer - Version 3.2.70.1 log created on 10052012_195520 I will do the OTL scan now and post it a little later. Thanks trazza Quote
KenB Posted October 5, 2012 Posted October 5, 2012 Hi Trazza Please subscribe to this topic I have altered your profile so that you should get an email when etavares replies to your thread. By subscribing to a thread you get emails when the helper replies. ( Hopefully this should not be necessary now :) ) If you need to click on "Thread Tools" at the top of the thread then click on "Subscribe" Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Trazza Posted October 5, 2012 Author Posted October 5, 2012 This is the new otl report. Thanks KenB what etavares said now makes sense I will run my computer for a bit and get back to you with it's performance. The cpu was something to do with a plugin by firefox OTL Report:- OTL logfile created on: 05/10/2012 20:31:51 - Run 2 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 516.65 Mb Available Physical Memory | 50.55% Memory free 2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.28% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 119.37 Gb Free Space | 80.09% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia) PRC - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo0000901a.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121005.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121005.002\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121004.001\IDSXpx86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symefa.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symds.sys (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=hp IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012/05/17 11:07:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012/10/05 20:22:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 10:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/08/29 15:00:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:42:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:42:20 | 000,000,000 | ---D | M] [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/09/24 09:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2012/04/30 18:17:26 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\playbryte@playbryte.com [2012/04/30 18:17:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\plugin@yontoo.com [2012/01/19 17:39:07 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012/04/30 18:15:55 | 000,172,310 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012/09/06 11:42:27 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\askcom.xml [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\Search_Results.xml [2012/04/30 18:16:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\sweetim.xml [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/07 19:42:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2012/06/08 10:24:50 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/08/29 15:01:20 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/31 01:21:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/08/31 01:21:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/04/26 22:12:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [] File not found O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F8D923-5ECA-4D42-A4D3-0A72B7E74F10}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\830\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\830\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/05 19:55:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012/10/05 19:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/10/05 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia [2012/10/05 11:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012/10/05 11:33:19 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012/10/05 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012/10/05 11:29:00 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2012/10/05 11:28:41 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2012/10/05 11:28:04 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2012/10/05 11:27:45 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2012/10/05 11:27:24 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2012/10/05 11:26:52 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2012/10/05 11:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Nokia Suite [2012/09/25 13:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\New Folder [2012/09/23 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/09/23 21:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2012/09/23 21:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software [2012/09/23 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\NCH Software [2012/09/23 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2012/09/23 19:38:22 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012/09/23 19:38:22 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012/09/23 19:38:22 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012/09/23 19:38:22 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012/09/23 19:38:22 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012/09/23 19:38:22 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012/09/23 19:38:22 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012/09/23 19:38:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012/09/23 19:38:22 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2012/09/23 19:38:22 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX [2012/09/23 19:38:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2012/09/23 19:38:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2012/09/23 19:38:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2012/09/23 19:38:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll [2012/09/23 19:38:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2012/09/23 19:38:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL [2012/09/23 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012/09/23 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Thunderbird [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2012/09/07 19:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2012/09/07 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/06 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/09/06 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/09/06 11:14:26 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/09/06 11:14:17 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:13:05 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012/10/05 20:41:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/10/05 20:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/05 20:23:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/05 20:21:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/10/05 20:21:44 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/10/05 20:21:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/05 20:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/05 20:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/10/05 20:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/05 19:37:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/10/05 19:37:37 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\NTREGOPT.lnk [2012/10/05 19:37:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\ERUNT.lnk [2012/10/05 19:29:20 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/10/05 11:39:26 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk [2012/10/05 11:33:23 | 000,750,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB [2012/10/03 10:42:51 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121002.018 [2012/10/03 08:18:37 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/09/30 20:29:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:31 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/30 19:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2012/09/21 18:03:20 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/09/21 18:03:20 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/09/21 18:03:16 | 010,213,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/09/12 21:27:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/09/06 11:12:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:21 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/09/06 11:12:21 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/09/06 11:12:21 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:12:21 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl ========== Files Created - No Company Name ========== [2012/10/05 19:37:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/10/05 19:37:37 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\NTREGOPT.lnk [2012/10/05 19:37:37 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\ERUNT.lnk [2012/10/05 11:39:23 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk [2012/09/30 20:29:29 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:30 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/23 21:16:41 | 000,043,425 | ---- | C] () -- C:\Documents [2012/09/23 19:38:22 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012/09/23 19:32:34 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk [2012/09/23 19:31:46 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2012/08/31 13:53:06 | 000,103,272 | ---- | C] () -- C:\Documents and Settings\USER\GoToAssistDownloadHelper.exe [2012/07/30 16:29:04 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2009/11/06 14:18:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat [2009/08/24 15:42:45 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Launch Internet Explorer Browser.lnk [2007/10/09 20:50:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat [2006/12/01 14:38:29 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/30 11:15:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > Quote
etavares Posted October 6, 2012 Posted October 6, 2012 Hello, I don't see any malicious FF plugin. You may want to uninstall/reinstall the offending one. Please run this OTL fix as you did before: :OTL [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????? ?????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????? ?????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g and post the resulting log and a fresh OTL Scan log. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Trazza Posted October 7, 2012 Author Posted October 7, 2012 Hi etavares sorry was away Saturday but am back now. You mention that you don't see any malicious FF plugin and that I may want to uninstall/reinstall the offending one. How would I do this? When I tried the computer earlier this morning again the box with high cpu usage appeared and I went to the Task Manager and everything was low apart from firefox which was 29 and plugin which was 79. I have done the reports you asked for but not sure if I've done it right as the fix was instant maybe 2 seconds then the otl scan log seemed to hang on firefox for a few mins before it then whizzed through the rest of the scan anyway here goes This is the report after the fix ========== OTL ========== File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g not found. File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g not found. OTL by OldTimer - Version 3.2.70.1 log created on 10072012_084721 And here is the new otl scan report OTL logfile created on: 07/10/2012 08:48:58 - Run 3 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 430.89 Mb Available Physical Memory | 42.16% Memory free 2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.49% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 119.30 Gb Free Space | 80.04% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia) PRC - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo0000e956.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121006.007\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121006.007\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121005.002\IDSXpx86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symefa.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symds.sys (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=hp IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012/05/17 11:07:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012/10/06 07:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 10:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/08/29 15:00:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:42:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:42:20 | 000,000,000 | ---D | M] [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/09/24 09:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2012/04/30 18:17:26 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\playbryte@playbryte.com [2012/04/30 18:17:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\plugin@yontoo.com [2012/01/19 17:39:07 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012/04/30 18:15:55 | 000,172,310 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012/09/06 11:42:27 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\askcom.xml [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\Search_Results.xml [2012/04/30 18:16:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\sweetim.xml [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/07 19:42:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2012/06/08 10:24:50 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/08/29 15:01:20 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/31 01:21:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/08/31 01:21:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/04/26 22:12:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [] File not found O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F8D923-5ECA-4D42-A4D3-0A72B7E74F10}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\830\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\830\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/05 19:55:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012/10/05 19:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/10/05 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia [2012/10/05 11:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012/10/05 11:33:19 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012/10/05 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012/10/05 11:29:00 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2012/10/05 11:28:41 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2012/10/05 11:28:04 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2012/10/05 11:27:45 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2012/10/05 11:27:24 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2012/10/05 11:26:52 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2012/10/05 11:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Nokia Suite [2012/09/25 13:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\New Folder [2012/09/23 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/09/23 21:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2012/09/23 21:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software [2012/09/23 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\NCH Software [2012/09/23 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2012/09/23 19:38:22 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012/09/23 19:38:22 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012/09/23 19:38:22 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012/09/23 19:38:22 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012/09/23 19:38:22 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012/09/23 19:38:22 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012/09/23 19:38:22 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012/09/23 19:38:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012/09/23 19:38:22 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2012/09/23 19:38:22 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX [2012/09/23 19:38:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2012/09/23 19:38:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2012/09/23 19:38:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2012/09/23 19:38:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll [2012/09/23 19:38:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2012/09/23 19:38:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL [2012/09/23 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012/09/23 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Thunderbird [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2012/09/07 19:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2012/09/07 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012/10/07 08:45:16 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/10/07 08:33:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/07 08:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/10/07 08:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/07 07:33:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/06 20:22:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/10/06 08:12:01 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/10/06 07:59:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/06 07:57:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/10/06 07:57:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/05 19:37:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/10/05 19:29:20 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/10/05 11:33:23 | 000,750,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB [2012/10/03 10:42:51 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121002.018 [2012/10/03 08:18:37 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/09/30 20:29:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 19:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2012/09/21 18:03:20 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/09/21 18:03:20 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/09/21 18:03:16 | 010,213,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/09/12 21:27:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/10/05 19:37:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/09/30 20:29:29 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:30 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/23 21:16:41 | 000,043,425 | ---- | C] () -- C:\Documents [2012/09/23 19:38:22 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012/09/23 19:32:34 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk [2012/09/23 19:31:46 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2012/08/31 13:53:06 | 000,103,272 | ---- | C] () -- C:\Documents and Settings\USER\GoToAssistDownloadHelper.exe [2012/07/30 16:29:04 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2009/11/06 14:18:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat [2009/08/24 15:42:45 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Launch Internet Explorer Browser.lnk [2007/10/09 20:50:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat [2006/12/01 14:38:29 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/30 11:15:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > Thanks for your time Trazza Quote
etavares Posted October 7, 2012 Posted October 7, 2012 Hi, Please launch Computer and navigate to C:\WINDOWS\System32\ and delete this file: 㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g Next, follow http://support.mozilla.org/en-US/kb/disable-or-remove-add-ons#w_how-to-disable-extensions-themes-and-plugins]These instructions to disable your plugins in Firefox. Then, reenable them one by one until you find which one is using up your CPU. Please let me know once you determine which plugin it is. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Trazza Posted October 7, 2012 Author Posted October 7, 2012 Sorry but I have'nt a clue what you mean. How do I navigate to C:\WINDOWS\System32\ and when you say launch computer do you mean start it? I really am PC Illiterate as it says in my profile. The second step you mention sounds a little easier but only a little. Once again thanks for your time Trazza Quote
Trazza Posted October 7, 2012 Author Posted October 7, 2012 Have been disabling and enabling the plugins on firefox and I think it may be the Adobe Acrobat 10.1.4.38 as since i disabled it the cpu issue seems to have gone, however I am now getting a noise from the speakers something like an interference of a mobile phone just before it starts to ring. Quote
Trazza Posted October 7, 2012 Author Posted October 7, 2012 Scratch that last reply, it's started again will continue to go through them one by one. When something seems too good to be true it usually is lol Quote
etavares Posted October 8, 2012 Posted October 8, 2012 Hi Trazza, For some reason my bold command didn't go through and gave a weird tag. CLick Start --> My Computer and navigate the folders to your C:\ drive then the Windows folder then the System32 folder so you are at C:\windows\system32 folder. Then, look for and delete this file: 㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g To delete it, click on the file to highlight it, then press Del on your keyboard to delete it. You can try to disable all plugins and use it that way for a while to confirm it is a plug in. We need to have good behavior first before we can conclude it is indeed a plugin for Firefox. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Trazza Posted October 8, 2012 Author Posted October 8, 2012 I found the file in system 32 and deleted it. What was it? I will disable all the firefox plugins and run the computer tomorrow and get back to you. Thanks Trazza Quote
Trazza Posted October 8, 2012 Author Posted October 8, 2012 Disabled all the plugins but then could not get my games to load from facebook and it's whilst i'm playing games that I get the high cpu warning so I turned some back on and will have to try them one by one. Quote
etavares Posted October 10, 2012 Posted October 10, 2012 Hi Trazza, OK, great! It's probably Flash then. Try uninstalling flash from add/remove programs, then reinstalling by going to adobe.com with the browser you use to play games. Any better? And yes, deleting that file is perfect! -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Trazza Posted October 10, 2012 Author Posted October 10, 2012 Have uninstalled flash and reinstalled it via adobe.com and the only plugin I have enabled on firefox is shockwave flash 11.4.402.287 and yet this afternoon whilst playing my facebook games I got the high cpu warning again. I am wondering if it is maybe because I am playing games because it rarely gives a warning on other things although it has happened a time or two whilst I have been viewing ebay. Don't want to stop playing the games but if you think it will harm something on my computer then I suppose I will have to. Thanks once again for the time you are spending trying to sort this out for me. Trazza Quote
etavares Posted October 10, 2012 Posted October 10, 2012 Try using internet explorer to play the games. You may need to install Flash or Shockwave...let me know if you experience the same high CPU usage. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Trazza Posted October 11, 2012 Author Posted October 11, 2012 I tried internet explorer today and not only do i get the same high cpu usage error it was extremely slow. On the games which are against the clock I had absolutely no chance as the games kept stalling. Trazza Quote
etavares Posted October 11, 2012 Posted October 11, 2012 Hello, Trazza. OK, let's bring out some more powerful tools. Step 1 Next, please download ComboFix from one of these locations: Bleepingcomputer InfoSpyware * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) Double click on etavaresCF.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs. Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear. Step 2 Download TDSSKiller.exe and save it to your desktop. Double-click TDSSKiller.exe to run it. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked. Click Start scan and allow it to scan for Malicious objects. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt. for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt If no reboot is required, click on Report. A log file should appear. Please post the contents of the logfile in your next reply etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Trazza Posted October 12, 2012 Author Posted October 12, 2012 Oh dear did what you asked and reports will be added at the bottom of this post but after the combofix I tried my games and the computer response was very jerky. I then did the TDSS killer and now the number section of my keyboard is not working. It just feels like its one problem after another. Really sorry about this. The reports are ComboFix 12-10-12.01 - USER 12/10/2012 14:17:04.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.455 [GMT 1:00] Running from: c:\documents and settings\USER\My Documents\Downloads\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 ))))))))))))))))))))))))))))))) . . 2012-10-10 07:44 . 2012-10-11 14:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 07:44 . 2012-10-11 14:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-05 18:55 . 2012-10-05 18:55 -------- d-----w- C:\_OTL 2012-10-05 18:37 . 2012-10-05 18:37 -------- d-----w- c:\program files\ERUNT 2012-10-05 10:38 . 2012-10-05 10:38 -------- d-----w- c:\program files\Common Files\Nokia 2012-10-05 10:33 . 2012-06-27 14:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2012-10-05 10:31 . 2012-10-05 10:31 -------- d-----w- c:\program files\PC Connectivity Solution 2012-10-05 10:29 . 2012-01-09 16:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys 2012-10-05 10:28 . 2012-01-09 16:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys 2012-10-05 10:28 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2012-10-05 10:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2012-10-05 10:27 . 2012-01-09 16:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2012-10-05 10:26 . 2012-01-09 16:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2012-10-02 07:46 . 2012-10-03 09:43 -------- d-----w- c:\windows\system32\drivers\NIS\1309000.009 2012-09-23 20:15 . 2012-09-23 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2012-09-23 20:10 . 2012-09-23 20:10 -------- d-----w- c:\documents and settings\USER\Application Data\FreeAudioPack 2012-09-23 20:10 . 2012-09-30 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2012-09-23 20:10 . 2012-09-30 18:32 -------- d-----w- c:\documents and settings\USER\Application Data\NCH Software 2012-09-23 19:23 . 2012-09-23 20:16 -------- d-----w- c:\documents and settings\USER\Application Data\DVDVideoSoft 2012-09-23 18:31 . 2012-09-23 20:10 -------- d-----w- c:\program files\NCH Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-07 16:04 . 2012-04-26 14:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-06 10:12 . 2012-09-06 10:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-06 10:12 . 2012-09-06 10:14 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-06 10:12 . 2012-07-29 11:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-06 10:12 . 2012-07-29 11:30 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-29 14:00 . 2012-07-18 11:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-27 19:12 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll 2012-08-27 19:12 . 2004-08-12 13:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-27 19:12 . 2011-02-16 13:38 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-08-27 19:12 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll 2012-08-24 13:53 . 2004-08-12 14:09 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2004-08-12 14:02 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-09-07 18:42 . 2012-09-07 18:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-08-29 14:01 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-29 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 67128] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-18 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-08 296056] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-29 947808] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\documents and settings\USER\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2004-10-1 565309] Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-24 67128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2012-09-24 18:08 13672 ----a-w- c:\program files\Citrix\GoToAssist\830\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [02/10/2012 08:47 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [02/10/2012 08:47 924320] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [18/07/2012 12:29 27496] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [01/10/2012 19:54 995488] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [02/10/2012 08:47 132768] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [02/10/2012 08:47 149624] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [02/10/2012 08:46 138272] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [29/08/2012 15:00 722528] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/08/2012 19:17 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121011.001\IDSXpx86.sys [12/10/2012 08:48 373728] R3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [30/07/2012 16:29 987904] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/02/2010 13:22 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/10/2012 08:44 250808] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25/02/2010 13:22 135664] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 23:38 114144] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [05/10/2012 11:28 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [05/10/2012 11:29 8576] . Contents of the 'Scheduled Tasks' folder . 2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 14:41] . 2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 12:22] . 2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 12:22] . 2012-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21] . 2012-10-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21] . 2012-10-06 c:\windows\Tasks\SwitchReminder.job - c:\program files\NCH Software\Switch\switch.exe [2012-09-23 15:41] . 2012-10-12 c:\windows\Tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58] . 2012-09-30 c:\windows\Tasks\WavePadReminder.job - c:\program files\NCH Software\WavePad\wavepad.exe [2012-09-23 18:32] . . ------- Supplementary Scan ------- . uStart Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29&v=12.2.5.32&sap=hp IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.254 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-12 14:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(900) c:\program files\Citrix\GoToAssist\830\G2AWinLogon.dll . Completion time: 2012-10-12 14:37:51 ComboFix-quarantined-files.txt 2012-10-12 13:37 . Pre-Run: 130,782,941,184 bytes free Post-Run: 130,815,102,976 bytes free . - - End Of File - - 946247CEA9CEA860D0CEFB06722A482B The TDSS report is 15:09:30.0859 3460 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 15:09:32.0250 3460 ============================================================ 15:09:32.0250 3460 Current date / time: 2012/10/12 15:09:32.0250 15:09:32.0250 3460 SystemInfo: 15:09:32.0250 3460 15:09:32.0250 3460 OS Version: 5.1.2600 ServicePack: 3.0 15:09:32.0250 3460 Product type: Workstation 15:09:32.0250 3460 ComputerName: ANY-6C5E521BE98 15:09:32.0250 3460 UserName: USER 15:09:32.0250 3460 Windows directory: C:\WINDOWS 15:09:32.0250 3460 System windows directory: C:\WINDOWS 15:09:32.0250 3460 Processor architecture: Intel x86 15:09:32.0250 3460 Number of processors: 1 15:09:32.0250 3460 Page size: 0x1000 15:09:32.0250 3460 Boot type: Normal boot 15:09:32.0250 3460 ============================================================ 15:09:33.0000 3460 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:09:33.0031 3460 ============================================================ 15:09:33.0031 3460 \Device\Harddisk0\DR0: 15:09:33.0031 3460 MBR partitions: 15:09:33.0031 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1 15:09:33.0031 3460 ============================================================ 15:09:33.0078 3460 C: <-> \Device\Harddisk0\DR0\Partition1 15:09:33.0078 3460 ============================================================ 15:09:33.0078 3460 Initialize success 15:09:33.0078 3460 ============================================================ 15:09:45.0203 3936 ============================================================ 15:09:45.0203 3936 Scan started 15:09:45.0203 3936 Mode: Manual; 15:09:45.0203 3936 ============================================================ 15:09:45.0453 3936 ================ Scan system memory ======================== 15:09:45.0453 3936 System memory - ok 15:09:45.0453 3936 ================ Scan services ============================= 15:09:45.0578 3936 Abiosdsk - ok 15:09:45.0578 3936 abp480n5 - ok 15:09:45.0640 3936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:09:45.0640 3936 ACPI - ok 15:09:45.0687 3936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 15:09:45.0687 3936 ACPIEC - ok 15:09:45.0750 3936 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:09:45.0765 3936 AdobeFlashPlayerUpdateSvc - ok 15:09:45.0765 3936 adpu160m - ok 15:09:45.0812 3936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 15:09:45.0812 3936 aec - ok 15:09:45.0875 3936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 15:09:45.0875 3936 AFD - ok 15:09:45.0890 3936 Aha154x - ok 15:09:45.0906 3936 aic78u2 - ok 15:09:45.0906 3936 aic78xx - ok 15:09:45.0953 3936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 15:09:45.0953 3936 Alerter - ok 15:09:46.0000 3936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 15:09:46.0000 3936 ALG - ok 15:09:46.0015 3936 AliIde - ok 15:09:46.0031 3936 amsint - ok 15:09:46.0031 3936 AppMgmt - ok 15:09:46.0046 3936 asc - ok 15:09:46.0062 3936 asc3350p - ok 15:09:46.0062 3936 asc3550 - ok 15:09:46.0171 3936 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:09:46.0171 3936 aspnet_state - ok 15:09:46.0218 3936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:09:46.0234 3936 AsyncMac - ok 15:09:46.0265 3936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 15:09:46.0265 3936 atapi - ok 15:09:46.0281 3936 Atdisk - ok 15:09:46.0328 3936 [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 15:09:46.0343 3936 Ati HotKey Poller - ok 15:09:46.0406 3936 [ 2BDD1D3403827CD1AF973A9CFAD4EDC7 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe 15:09:46.0421 3936 ATI Smart - ok 15:09:46.0500 3936 [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 15:09:46.0515 3936 ati2mtag - ok 15:09:46.0546 3936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:09:46.0546 3936 Atmarpc - ok 15:09:46.0593 3936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 15:09:46.0593 3936 AudioSrv - ok 15:09:46.0640 3936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 15:09:46.0640 3936 audstub - ok 15:09:46.0687 3936 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys 15:09:46.0718 3936 avgtp - ok 15:09:46.0750 3936 [ 4826FCF97C47B361A2E2F68CD487A19E ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys 15:09:46.0750 3936 b57w2k - ok 15:09:46.0812 3936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 15:09:46.0812 3936 Beep - ok 15:09:47.0046 3936 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys 15:09:47.0109 3936 BHDrvx86 - ok 15:09:47.0171 3936 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 15:09:47.0250 3936 BITS - ok 15:09:47.0375 3936 [ CC4E72A0FA7F62175C8BB42BA2CAA3D5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:09:47.0390 3936 Bonjour Service - ok 15:09:47.0437 3936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 15:09:47.0437 3936 Browser - ok 15:09:47.0484 3936 [ 1558A85F3F8108531C5BA376728905EF ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 15:09:47.0484 3936 btaudio - ok 15:09:47.0500 3936 [ 420713AF4B17E2A2BFC8B3CCF8AA2B77 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 15:09:47.0515 3936 BTDriver - ok 15:09:47.0546 3936 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys 15:09:47.0546 3936 BthEnum - ok 15:09:47.0578 3936 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys 15:09:47.0578 3936 BthPan - ok 15:09:47.0625 3936 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys 15:09:47.0656 3936 BTHPORT - ok 15:09:47.0687 3936 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll 15:09:47.0687 3936 BthServ - ok 15:09:47.0703 3936 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys 15:09:47.0703 3936 BTHUSB - ok 15:09:47.0750 3936 [ 797107044955DFE31223EECE0B8D3A4A ] BTKRNL C:\WINDOWS\system32\drivers\btkrnl.sys 15:09:47.0796 3936 BTKRNL - ok 15:09:47.0828 3936 [ EA3CBF6EC25BEE3304557CEE21C8819C ] btwdins C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe 15:09:47.0828 3936 btwdins - ok 15:09:47.0937 3936 [ B0C1F4B04D2C4E5D0B161DE865AC88F6 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 15:09:47.0953 3936 BTWDNDIS - ok 15:09:47.0984 3936 [ D61634722740421328973BB9F6AB6070 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 15:09:47.0984 3936 BTWUSB - ok 15:09:48.0031 3936 [ C945DC4EEE3F624DFD07788EA7F0DB0A ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys 15:09:48.0031 3936 bvrp_pci - ok 15:09:48.0171 3936 catchme - ok 15:09:48.0187 3936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 15:09:48.0187 3936 cbidf2k - ok 15:09:48.0218 3936 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:09:48.0218 3936 CCDECODE - ok 15:09:48.0328 3936 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys 15:09:48.0328 3936 ccSet_NIS - ok 15:09:48.0343 3936 cd20xrnt - ok 15:09:48.0390 3936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 15:09:48.0390 3936 Cdaudio - ok 15:09:48.0406 3936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 15:09:48.0406 3936 Cdfs - ok 15:09:48.0421 3936 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:09:48.0437 3936 Cdrom - ok 15:09:48.0468 3936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 15:09:48.0468 3936 CiSvc - ok 15:09:48.0500 3936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 15:09:48.0500 3936 ClipSrv - ok 15:09:48.0531 3936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:09:48.0562 3936 clr_optimization_v2.0.50727_32 - ok 15:09:48.0578 3936 CmdIde - ok 15:09:48.0593 3936 COMSysApp - ok 15:09:48.0609 3936 Cpqarray - ok 15:09:48.0656 3936 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys 15:09:48.0671 3936 cpudrv - ok 15:09:48.0703 3936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 15:09:48.0703 3936 CryptSvc - ok 15:09:48.0718 3936 dac2w2k - ok 15:09:48.0718 3936 dac960nt - ok 15:09:48.0796 3936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 15:09:48.0796 3936 DcomLaunch - ok 15:09:48.0843 3936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 15:09:48.0859 3936 Dhcp - ok 15:09:48.0890 3936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 15:09:48.0890 3936 Disk - ok 15:09:48.0906 3936 dmadmin - ok 15:09:48.0953 3936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 15:09:48.0968 3936 dmboot - ok 15:09:48.0984 3936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 15:09:48.0984 3936 dmio - ok 15:09:49.0031 3936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 15:09:49.0031 3936 dmload - ok 15:09:49.0078 3936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 15:09:49.0093 3936 dmserver - ok 15:09:49.0109 3936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 15:09:49.0109 3936 DMusic - ok 15:09:49.0171 3936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 15:09:49.0171 3936 Dnscache - ok 15:09:49.0218 3936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 15:09:49.0218 3936 Dot3svc - ok 15:09:49.0234 3936 dpti2o - ok 15:09:49.0265 3936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 15:09:49.0265 3936 drmkaud - ok 15:09:49.0312 3936 [ B15F9E526BA511A48B1B1B8537815740 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys 15:09:49.0312 3936 drvmcdb - ok 15:09:49.0328 3936 [ FA4670CAE95AE2BB857C68E535661145 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys 15:09:49.0328 3936 drvnddm - ok 15:09:49.0359 3936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 15:09:49.0359 3936 EapHost - ok 15:09:49.0468 3936 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 15:09:49.0484 3936 eeCtrl - ok 15:09:49.0515 3936 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:09:49.0515 3936 EraserUtilRebootDrv - ok 15:09:49.0578 3936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 15:09:49.0578 3936 ERSvc - ok 15:09:49.0625 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 15:09:49.0625 3936 Eventlog - ok 15:09:49.0687 3936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 15:09:49.0687 3936 EventSystem - ok 15:09:49.0734 3936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 15:09:49.0734 3936 Fastfat - ok 15:09:49.0781 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 15:09:49.0796 3936 FastUserSwitchingCompatibility - ok 15:09:49.0843 3936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 15:09:49.0843 3936 Fdc - ok 15:09:49.0890 3936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 15:09:49.0890 3936 Fips - ok 15:09:49.0937 3936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 15:09:49.0937 3936 Flpydisk - ok 15:09:49.0968 3936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 15:09:49.0984 3936 FltMgr - ok 15:09:50.0046 3936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:09:50.0046 3936 FontCache3.0.0.0 - ok 15:09:50.0093 3936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:09:50.0093 3936 Fs_Rec - ok 15:09:50.0140 3936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:09:50.0140 3936 Ftdisk - ok 15:09:50.0203 3936 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys 15:09:50.0203 3936 giveio - ok 15:09:50.0281 3936 [ 3EC75EA47770674767EC486393B411DC ] GoToAssist C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe 15:09:50.0296 3936 GoToAssist - ok 15:09:50.0328 3936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:09:50.0343 3936 Gpc - ok 15:09:50.0421 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 15:09:50.0421 3936 gupdate - ok 15:09:50.0437 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:09:50.0437 3936 gupdatem - ok 15:09:50.0500 3936 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:09:50.0500 3936 gusvc - ok 15:09:50.0578 3936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:09:50.0593 3936 helpsvc - ok 15:09:50.0593 3936 HidServ - ok 15:09:50.0625 3936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:09:50.0625 3936 HidUsb - ok 15:09:50.0671 3936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 15:09:50.0671 3936 hkmsvc - ok 15:09:50.0687 3936 hpn - ok 15:09:50.0734 3936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 15:09:50.0734 3936 HTTP - ok 15:09:50.0796 3936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 15:09:50.0796 3936 HTTPFilter - ok 15:09:50.0812 3936 i2omp - ok 15:09:50.0859 3936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:09:50.0875 3936 i8042prt - ok 15:09:50.0921 3936 [ F26BFD48B1C314E0F23BF77ACFA75940 ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys 15:09:50.0937 3936 iastor - ok 15:09:51.0015 3936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:09:51.0046 3936 idsvc - ok 15:09:51.0156 3936 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121011.001\IDSxpx86.sys 15:09:51.0187 3936 IDSxpx86 - ok 15:09:51.0218 3936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 15:09:51.0218 3936 Imapi - ok 15:09:51.0281 3936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 15:09:51.0281 3936 ImapiService - ok 15:09:51.0296 3936 ini910u - ok 15:09:51.0359 3936 [ 8E51BF1696821A72656444E0FD5081A3 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 15:09:51.0421 3936 IntelC51 - ok 15:09:51.0468 3936 [ 331CE31882754000CA2AFBF7BD480513 ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 15:09:51.0515 3936 IntelC52 - ok 15:09:51.0562 3936 [ 8001FAC548EB0285D0085F4EB53C1E3F ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 15:09:51.0562 3936 IntelC53 - ok 15:09:51.0578 3936 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 15:09:51.0578 3936 IntelIde - ok 15:09:51.0625 3936 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:09:51.0625 3936 intelppm - ok 15:09:51.0671 3936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 15:09:51.0671 3936 Ip6Fw - ok 15:09:51.0703 3936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:09:51.0718 3936 IpFilterDriver - ok 15:09:51.0718 3936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:09:51.0718 3936 IpInIp - ok 15:09:51.0781 3936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:09:51.0781 3936 IpNat - ok 15:09:51.0796 3936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:09:51.0796 3936 IPSec - ok 15:09:51.0812 3936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 15:09:51.0812 3936 IRENUM - ok 15:09:51.0843 3936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:09:51.0843 3936 isapnp - ok 15:09:51.0890 3936 [ 936123D83E80C1CB3EA042D7FB98DA25 ] itchfltr C:\WINDOWS\system32\DRIVERS\itchfltr.sys 15:09:51.0906 3936 itchfltr - ok 15:09:52.0031 3936 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 15:09:52.0031 3936 JavaQuickStarterService - ok 15:09:52.0062 3936 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\WINDOWS\system32\DRIVERS\k750bus.sys 15:09:52.0078 3936 k750bus - ok 15:09:52.0093 3936 [ F44521F63C0C00364FA3D59DB980DE6A ] k750mdfl C:\WINDOWS\system32\DRIVERS\k750mdfl.sys 15:09:52.0093 3936 k750mdfl - ok 15:09:52.0093 3936 [ E93323C3ED5E8923A177740A973C27B2 ] k750mdm C:\WINDOWS\system32\DRIVERS\k750mdm.sys 15:09:52.0109 3936 k750mdm - ok 15:09:52.0109 3936 [ 9D5F5A70CA0B7C428EFCD73DB50E6AC7 ] k750mgmt C:\WINDOWS\system32\DRIVERS\k750mgmt.sys 15:09:52.0109 3936 k750mgmt - ok 15:09:52.0125 3936 [ 81CA2D57B2C14F76F4BA80846784BB3D ] k750obex C:\WINDOWS\system32\DRIVERS\k750obex.sys 15:09:52.0125 3936 k750obex - ok 15:09:52.0187 3936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:09:52.0250 3936 Kbdclass - ok 15:09:52.0296 3936 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:09:52.0296 3936 kbdhid - ok 15:09:52.0328 3936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 15:09:52.0328 3936 kmixer - ok 15:09:52.0375 3936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 15:09:52.0375 3936 KSecDD - ok 15:09:52.0437 3936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 15:09:52.0437 3936 lanmanserver - ok 15:09:52.0484 3936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 15:09:52.0484 3936 lanmanworkstation - ok 15:09:52.0531 3936 [ 6DBFDE591322242ECEC5C48FCA325E82 ] LCcfltr C:\WINDOWS\system32\Drivers\LCcFltr.Sys 15:09:52.0531 3936 LCcfltr - ok 15:09:52.0546 3936 [ 387CB1E73B17656F406FC13DC17EDA6A ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys 15:09:52.0562 3936 LHidUsb - ok 15:09:52.0609 3936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 15:09:52.0609 3936 LmHosts - ok 15:09:52.0671 3936 [ 98312C9EAB656053BE1ACA3A8A5912B3 ] MASPINT C:\WINDOWS\system32\drivers\MASPINT.sys 15:09:52.0671 3936 MASPINT - ok 15:09:52.0765 3936 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe 15:09:52.0796 3936 MatSvc - ok 15:09:52.0859 3936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 15:09:52.0859 3936 Messenger - ok 15:09:52.0921 3936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 15:09:52.0921 3936 mnmdd - ok 15:09:52.0968 3936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 15:09:52.0968 3936 mnmsrvc - ok 15:09:53.0000 3936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 15:09:53.0000 3936 Modem - ok 15:09:53.0031 3936 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 15:09:53.0046 3936 MODEMCSA - ok 15:09:53.0046 3936 [ BDD406003C0C340CF6C5501165E83DCD ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys 15:09:53.0046 3936 mohfilt - ok 15:09:53.0093 3936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:09:53.0093 3936 Mouclass - ok 15:09:53.0140 3936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:09:53.0140 3936 mouhid - ok 15:09:53.0171 3936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 15:09:53.0171 3936 MountMgr - ok 15:09:53.0218 3936 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:09:53.0234 3936 MozillaMaintenance - ok 15:09:53.0234 3936 mraid35x - ok 15:09:53.0281 3936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:09:53.0281 3936 MRxDAV - ok 15:09:53.0359 3936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:09:53.0375 3936 MRxSmb - ok 15:09:53.0406 3936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 15:09:53.0406 3936 MSDTC - ok 15:09:53.0421 3936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 15:09:53.0421 3936 Msfs - ok 15:09:53.0437 3936 MSIServer - ok 15:09:53.0500 3936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:09:53.0515 3936 MSKSSRV - ok 15:09:53.0531 3936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:09:53.0531 3936 MSPCLOCK - ok 15:09:53.0546 3936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 15:09:53.0546 3936 MSPQM - ok 15:09:53.0578 3936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:09:53.0593 3936 mssmbios - ok 15:09:53.0593 3936 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 15:09:53.0609 3936 MSTEE - ok 15:09:53.0671 3936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 15:09:53.0671 3936 Mup - ok 15:09:53.0718 3936 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:09:53.0718 3936 NABTSFEC - ok 15:09:53.0765 3936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 15:09:53.0765 3936 napagent - ok 15:09:53.0890 3936 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121011.034\NAVENG.SYS 15:09:53.0890 3936 NAVENG - ok 15:09:53.0968 3936 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121011.034\NAVEX15.SYS 15:09:54.0062 3936 NAVEX15 - ok 15:09:54.0093 3936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 15:09:54.0093 3936 NDIS - ok 15:09:54.0140 3936 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:09:54.0140 3936 NdisIP - ok 15:09:54.0203 3936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:09:54.0203 3936 NdisTapi - ok 15:09:54.0250 3936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:09:54.0250 3936 Ndisuio - ok 15:09:54.0265 3936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:09:54.0265 3936 NdisWan - ok 15:09:54.0312 3936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 15:09:54.0328 3936 NDProxy - ok 15:09:54.0359 3936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 15:09:54.0359 3936 NetBIOS - ok 15:09:54.0375 3936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 15:09:54.0390 3936 NetBT - ok 15:09:54.0437 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 15:09:54.0437 3936 NetDDE - ok 15:09:54.0453 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 15:09:54.0453 3936 NetDDEdsdm - ok 15:09:54.0500 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 15:09:54.0500 3936 Netlogon - ok 15:09:54.0546 3936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 15:09:54.0562 3936 Netman - ok 15:09:54.0593 3936 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:09:54.0593 3936 NetTcpPortSharing - ok 15:09:54.0781 3936 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe 15:09:54.0859 3936 NIS - ok 15:09:55.0046 3936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 15:09:55.0093 3936 Nla - ok 15:09:55.0171 3936 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys 15:09:55.0171 3936 nmwcd - ok 15:09:55.0203 3936 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys 15:09:55.0203 3936 nmwcdc - ok 15:09:55.0250 3936 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys 15:09:55.0250 3936 nmwcdnsu - ok 15:09:55.0281 3936 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 15:09:55.0296 3936 nmwcdnsuc - ok 15:09:55.0328 3936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 15:09:55.0328 3936 Npfs - ok 15:09:55.0375 3936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 15:09:55.0406 3936 Ntfs - ok 15:09:55.0437 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 15:09:55.0437 3936 NtLmSsp - ok 15:09:55.0500 3936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 15:09:55.0515 3936 NtmsSvc - ok 15:09:55.0562 3936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 15:09:55.0578 3936 Null - ok 15:09:55.0609 3936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:09:55.0625 3936 NwlnkFlt - ok 15:09:55.0625 3936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:09:55.0625 3936 NwlnkFwd - ok 15:09:55.0687 3936 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 15:09:55.0703 3936 OMCI - ok 15:09:55.0750 3936 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:09:55.0765 3936 ose - ok 15:09:55.0812 3936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 15:09:55.0812 3936 Parport - ok 15:09:55.0843 3936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 15:09:55.0859 3936 PartMgr - ok 15:09:55.0906 3936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 15:09:55.0921 3936 ParVdm - ok 15:09:55.0968 3936 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 15:09:55.0968 3936 pccsmcfd - ok 15:09:56.0000 3936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 15:09:56.0000 3936 PCI - ok 15:09:56.0015 3936 PCIDump - ok 15:09:56.0046 3936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 15:09:56.0062 3936 PCIIde - ok 15:09:56.0109 3936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 15:09:56.0109 3936 Pcmcia - ok 15:09:56.0125 3936 perc2 - ok 15:09:56.0125 3936 perc2hib - ok 15:09:56.0171 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 15:09:56.0187 3936 PlugPlay - ok 15:09:56.0234 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 15:09:56.0234 3936 PolicyAgent - ok 15:09:56.0250 3936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:09:56.0250 3936 PptpMiniport - ok 15:09:56.0265 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 15:09:56.0265 3936 ProtectedStorage - ok 15:09:56.0281 3936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 15:09:56.0281 3936 PSched - ok 15:09:56.0296 3936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:09:56.0296 3936 Ptilink - ok 15:09:56.0343 3936 [ 0C8DA0A8B0D227319C285E0EAE65DEFD ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:09:56.0343 3936 PxHelp20 - ok 15:09:56.0359 3936 ql1080 - ok 15:09:56.0375 3936 Ql10wnt - ok 15:09:56.0375 3936 ql12160 - ok 15:09:56.0390 3936 ql1240 - ok 15:09:56.0406 3936 ql1280 - ok 15:09:56.0421 3936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:09:56.0421 3936 RasAcd - ok 15:09:56.0468 3936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 15:09:56.0468 3936 RasAuto - ok 15:09:56.0500 3936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:09:56.0500 3936 Rasl2tp - ok 15:09:56.0546 3936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 15:09:56.0562 3936 RasMan - ok 15:09:56.0562 3936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:09:56.0578 3936 RasPppoe - ok 15:09:56.0578 3936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 15:09:56.0578 3936 Raspti - ok 15:09:56.0609 3936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:09:56.0609 3936 Rdbss - ok 15:09:56.0625 3936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:09:56.0625 3936 RDPCDD - ok 15:09:56.0687 3936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 15:09:56.0687 3936 RDPWD - ok 15:09:56.0750 3936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 15:09:56.0750 3936 RDSessMgr - ok 15:09:56.0781 3936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 15:09:56.0781 3936 redbook - ok 15:09:56.0828 3936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 15:09:56.0828 3936 RemoteAccess - ok 15:09:56.0890 3936 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys 15:09:56.0890 3936 RFCOMM - ok 15:09:56.0937 3936 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys 15:09:56.0937 3936 RimUsb - ok 15:09:56.0968 3936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 15:09:56.0968 3936 RpcLocator - ok 15:09:57.0015 3936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 15:09:57.0015 3936 RpcSs - ok 15:09:57.0046 3936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 15:09:57.0062 3936 RSVP - ok 15:09:57.0156 3936 [ 5B3A5BC13614FFFA1BE65D434688ED3F ] RTL8192cu C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys 15:09:57.0281 3936 RTL8192cu - ok 15:09:57.0296 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 15:09:57.0296 3936 SamSs - ok 15:09:57.0328 3936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 15:09:57.0343 3936 SCardSvr - ok 15:09:57.0390 3936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 15:09:57.0406 3936 Schedule - ok 15:09:57.0453 3936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:09:57.0453 3936 Secdrv - ok 15:09:57.0484 3936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 15:09:57.0484 3936 seclogon - ok 15:09:57.0546 3936 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys 15:09:57.0562 3936 senfilt - ok 15:09:57.0578 3936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 15:09:57.0578 3936 SENS - ok 15:09:57.0609 3936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 15:09:57.0609 3936 serenum - ok 15:09:57.0625 3936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 15:09:57.0625 3936 Serial - ok 15:09:57.0734 3936 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 15:09:57.0750 3936 ServiceLayer - ok 15:09:57.0812 3936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 15:09:57.0812 3936 Sfloppy - ok 15:09:57.0843 3936 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 15:09:57.0843 3936 SharedAccess - ok 15:09:57.0937 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 15:09:57.0937 3936 ShellHWDetection - ok 15:09:59.0046 3936 Simbad - ok 15:09:59.0062 3936 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:09:59.0062 3936 SLIP - ok 15:09:59.0125 3936 [ 86C4D93B7B7818D066C52FDB03C6C921 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 15:09:59.0140 3936 smwdm - ok 15:09:59.0140 3936 Sparrow - ok 15:09:59.0156 3936 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys 15:09:59.0171 3936 speedfan - ok 15:09:59.0187 3936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 15:09:59.0187 3936 splitter - ok 15:09:59.0250 3936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 15:09:59.0250 3936 Spooler - ok 15:09:59.0281 3936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 15:09:59.0312 3936 sr - ok 15:09:59.0390 3936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 15:09:59.0406 3936 srservice - ok 15:09:59.0453 3936 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS 15:09:59.0468 3936 SRTSP - ok 15:09:59.0500 3936 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS 15:09:59.0515 3936 SRTSPX - ok 15:09:59.0578 3936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 15:09:59.0578 3936 Srv - ok 15:09:59.0625 3936 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys 15:09:59.0625 3936 sscdbhk5 - ok 15:09:59.0687 3936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 15:09:59.0687 3936 SSDPSRV - ok 15:09:59.0703 3936 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys 15:09:59.0703 3936 ssrtln - ok 15:09:59.0750 3936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 15:09:59.0765 3936 stisvc - ok 15:09:59.0796 3936 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:09:59.0796 3936 streamip - ok 15:09:59.0843 3936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 15:09:59.0843 3936 swenum - ok 15:09:59.0890 3936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 15:09:59.0890 3936 swmidi - ok 15:09:59.0890 3936 SwPrv - ok 15:09:59.0906 3936 symc810 - ok 15:09:59.0921 3936 symc8xx - ok 15:09:59.0968 3936 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS 15:09:59.0968 3936 SymDS - ok 15:10:00.0187 3936 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS 15:10:00.0234 3936 SymEFA - ok 15:10:00.0281 3936 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 15:10:00.0296 3936 SymEvent - ok 15:10:00.0343 3936 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS 15:10:00.0343 3936 SymIRON - ok 15:10:00.0406 3936 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS 15:10:00.0406 3936 SYMTDI - ok 15:10:00.0421 3936 sym_hi - ok 15:10:00.0437 3936 sym_u3 - ok 15:10:00.0453 3936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 15:10:00.0453 3936 sysaudio - ok 15:10:00.0500 3936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 15:10:00.0500 3936 SysmonLog - ok 15:10:00.0531 3936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 15:10:00.0546 3936 TapiSrv - ok 15:10:00.0593 3936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:10:00.0609 3936 Tcpip - ok 15:10:00.0625 3936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 15:10:00.0640 3936 TDPIPE - ok 15:10:00.0640 3936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 15:10:00.0640 3936 TDTCP - ok 15:10:00.0671 3936 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 15:10:00.0671 3936 TermDD - ok 15:10:00.0718 3936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 15:10:00.0718 3936 TermService - ok 15:10:00.0781 3936 [ 1D265CD2FB1673A0873BF8CEC19DDC7F ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys 15:10:00.0781 3936 tfsnboio - ok 15:10:00.0796 3936 [ 62E4901295E0467CAC78E5B4B131AE5C ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys 15:10:00.0796 3936 tfsncofs - ok 15:10:00.0812 3936 [ A2F380F9252AB3464C859ADF91EEAD9C ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys 15:10:00.0812 3936 tfsndrct - ok 15:10:00.0828 3936 [ EEE79BBEFE9C6A2A3CE6C8753CFEA950 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys 15:10:00.0828 3936 tfsndres - ok 15:10:00.0843 3936 [ 9D644EB11FEC9487450C4CFCD63A5DF4 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys 15:10:00.0843 3936 tfsnifs - ok 15:10:00.0859 3936 [ E656AF05C67EDB7C0E9230A5DF71ED1B ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys 15:10:00.0859 3936 tfsnopio - ok 15:10:00.0859 3936 [ 64FCCB9CCE703CA507DFFC3CEBF6B2CB ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys 15:10:00.0859 3936 tfsnpool - ok 15:10:00.0875 3936 [ 48BC9D8AB4E4B9BFF70FB18E55CEC3D6 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys 15:10:00.0875 3936 tfsnudf - ok 15:10:00.0890 3936 [ 79F60822224256B49BFC855DA8D651D5 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys 15:10:00.0890 3936 tfsnudfa - ok 15:10:00.0921 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 15:10:00.0921 3936 Themes - ok 15:10:00.0937 3936 TosIde - ok 15:10:00.0984 3936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 15:10:00.0984 3936 TrkWks - ok 15:10:01.0015 3936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 15:10:01.0015 3936 Udfs - ok 15:10:01.0031 3936 ultra - ok 15:10:01.0062 3936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 15:10:01.0078 3936 Update - ok 15:10:01.0125 3936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 15:10:01.0140 3936 upnphost - ok 15:10:01.0156 3936 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 15:10:01.0171 3936 upperdev - ok 15:10:01.0203 3936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 15:10:01.0203 3936 UPS - ok 15:10:01.0250 3936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 15:10:01.0250 3936 usbaudio - ok 15:10:01.0281 3936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:10:01.0281 3936 usbccgp - ok 15:10:01.0328 3936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:10:01.0328 3936 usbehci - ok 15:10:01.0343 3936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:10:01.0359 3936 usbhub - ok 15:10:01.0359 3936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:10:01.0359 3936 usbprint - ok 15:10:01.0375 3936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:10:01.0390 3936 usbscan - ok 15:10:01.0453 3936 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys 15:10:01.0453 3936 usbser - ok 15:10:01.0468 3936 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 15:10:01.0468 3936 UsbserFilt - ok 15:10:01.0500 3936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:10:01.0500 3936 USBSTOR - ok 15:10:01.0515 3936 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:10:01.0531 3936 usbuhci - ok 15:10:01.0578 3936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 15:10:01.0578 3936 VgaSave - ok 15:10:01.0593 3936 ViaIde - ok 15:10:01.0625 3936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 15:10:01.0625 3936 VolSnap - ok 15:10:01.0703 3936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 15:10:01.0703 3936 VSS - ok 15:10:01.0796 3936 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 15:10:01.0828 3936 vToolbarUpdater12.2.6 - ok 15:10:01.0859 3936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 15:10:01.0875 3936 W32Time - ok 15:10:01.0937 3936 [ 5E8B60606FC4173B69CDECD964F22D28 ] w810bus C:\WINDOWS\system32\DRIVERS\w810bus.sys 15:10:01.0937 3936 w810bus - ok 15:10:01.0953 3936 [ C0CC4F5A3C58B4C07EC4A82A5AE24714 ] w810mdfl C:\WINDOWS\system32\DRIVERS\w810mdfl.sys 15:10:01.0953 3936 w810mdfl - ok 15:10:01.0968 3936 [ 2AAFEEDC3BFE14419CBCE7CEEA59DD05 ] w810mdm C:\WINDOWS\system32\DRIVERS\w810mdm.sys 15:10:02.0015 3936 w810mdm - ok 15:10:02.0031 3936 [ B0037DB3F890D0FFCF7E35F356A435EC ] w810mgmt C:\WINDOWS\system32\DRIVERS\w810mgmt.sys 15:10:02.0031 3936 w810mgmt - ok 15:10:02.0046 3936 [ BF609636068F17246F94B490C5812483 ] w810obex C:\WINDOWS\system32\DRIVERS\w810obex.sys 15:10:02.0046 3936 w810obex - ok 15:10:02.0078 3936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:10:02.0078 3936 Wanarp - ok 15:10:02.0140 3936 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 15:10:02.0140 3936 Wdf01000 - ok 15:10:02.0218 3936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 15:10:02.0250 3936 wdmaud - ok 15:10:02.0296 3936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 15:10:02.0296 3936 WebClient - ok 15:10:02.0390 3936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 15:10:02.0406 3936 winmgmt - ok 15:10:02.0453 3936 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 15:10:02.0453 3936 WmdmPmSN - ok 15:10:02.0531 3936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:10:02.0531 3936 WmiApSrv - ok 15:10:02.0609 3936 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 15:10:02.0640 3936 WMPNetworkSvc - ok 15:10:02.0671 3936 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 15:10:02.0671 3936 WpdUsb - ok 15:10:02.0734 3936 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:10:02.0750 3936 WS2IFSL - ok 15:10:02.0812 3936 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 15:10:02.0812 3936 wscsvc - ok 15:10:02.0828 3936 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:10:02.0843 3936 WSTCODEC - ok 15:10:02.0859 3936 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 15:10:02.0859 3936 wuauserv - ok 15:10:02.0875 3936 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:10:02.0890 3936 WudfPf - ok 15:10:02.0890 3936 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:10:02.0890 3936 WudfRd - ok 15:10:02.0921 3936 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 15:10:02.0921 3936 WudfSvc - ok 15:10:02.0968 3936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 15:10:02.0984 3936 WZCSVC - ok 15:10:03.0031 3936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 15:10:03.0062 3936 xmlprov - ok 15:10:03.0093 3936 ================ Scan global =============================== 15:10:03.0125 3936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 15:10:03.0156 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 15:10:03.0187 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 15:10:03.0203 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 15:10:03.0218 3936 [Global] - ok 15:10:03.0218 3936 ================ Scan MBR ================================== 15:10:03.0234 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 15:10:03.0453 3936 \Device\Harddisk0\DR0 - ok 15:10:03.0453 3936 ================ Scan VBR ================================== 15:10:03.0453 3936 [ 60960144D8D0657DD9C0C87BCF0ED4EE ] \Device\Harddisk0\DR0\Partition1 15:10:03.0453 3936 \Device\Harddisk0\DR0\Partition1 - ok 15:10:03.0468 3936 ============================================================ 15:10:03.0468 3936 Scan finished 15:10:03.0468 3936 ============================================================ 15:10:03.0484 1604 Detected object count: 0 15:10:03.0484 1604 Actual detected object count: 0 15:11:05.0984 1200 Deinitialize success Cheers Trazza Quote
Trazza Posted October 12, 2012 Author Posted October 12, 2012 By the way did as you said and disabled all my norton security but when I downloaded combofix a warning came on the screen saying that norton was still on. I double checked norton and it said it was all disabled so I dont know what was going on. I deleted the 2 posts relating to double posting - it tidies up the thread :) KenB Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.