macp Posted April 12, 2013 Posted April 12, 2013 Afternoon all I work part time for a charitable radio station and they were having problems with a newish windows 7 laptop which looked like the browser had been hacked by snap-do.com. I took it home and managed to remove the problem browser and reinstalled chrome. I then noticed I could not get onto the radio website and none of the other laptops in the house can get on using chrome. I called a friend who was able to access on IE on his Windows 7 PC so I assume its something to do with my router and also assume the corrupted laptop has caused this issue. Interestingly when we try to connect to the radio website through explorer there is one laptop which comes back with worldsocialsurvey.com ? Restarting the router has not resolved the issue either. We can still access the internet normally though. Any help very much appreciated as I am trying to resolve this otherwise we are going to have to bring in the experts and quite frankly we dont have the funds currently. Quote
Plastic Nev Posted April 12, 2013 Posted April 12, 2013 Hi and welcome to Extreme Tech Support - Free PC Help. Apart from the original laptop belonging to the radio station, how many other laptops and computers are affected? Was the original corrupted laptop connected to a network which included all other laptops? If so and there is an infection involved it may have carried over to all other machines on the network if insuficient security is used within the network. Please take just one laptop, perhaps the original one or any other and then make sure all other laptops are disconnected from the network for now. Each laptop will need to be dealt with one at a time if malware is present in them all, reconnecting any one back to the network may re-infect any cleaned computer. Yes it will require patience and we understand, so hopefully this will be cleared up as soon as possible. However do be aware we offer the service for free as it is on a voluntary basis with most of us having other work or interests outside of this forum, so this may take a little time. OK if you are willing to carry on, let us first see if indeed it is a malware problem, and I would like you to follow all instructions below, and we can deal with one computer at a time. In the meantime I will alert one of our malware removal experts. Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check . . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Note: Running the above script with OTL will : turn on your system restore and set a new restore point (XP only) set a new restore point (if system restore is turned on) Vista & Win7. In your next reply, please submit: MBAM scan report Both reports from OTL Whilst we are helping you, please don't run other programs/scans without our knowledge .... it only confuses things. Thanks. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
macp Posted April 12, 2013 Author Posted April 12, 2013 Thankyou Nev maleware found nothing on on our laptops but the programme found 8 or 9 on the station laptop. They were removed successfully. Out of interest I used a proxy server (hidemyass) and successfully got onto the website. Thanks for all your help so far. Quote
macp Posted April 12, 2013 Author Posted April 12, 2013 Ok this the OTL results from the first PC a windows 8 machine: OTL logfile created on: 12/04/2013 21:59:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\macp\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.60 Gb Total Physical Memory | 4.31 Gb Available Physical Memory | 77.02% Memory free 11.35 Gb Paging File | 9.76 Gb Available in Paging File | 86.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.48 Gb Total Space | 246.41 Gb Free Space | 85.72% Space Free | Partition Type: NTFS Computer Name: MAINPC | User Name: macp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\macp\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (GFNEXSrv) -- C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe () SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) ========== Driver Services (SafeList) ========== DRV - (PEGAGFN) -- C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys (PEGATRON) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {DD63453B-CBF3-488B-A080-D8E0C9D16A99} IE - HKLM\..\SearchScopes\{DD63453B-CBF3-488B-A080-D8E0C9D16A99}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {DD63453B-CBF3-488B-A080-D8E0C9D16A99} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: Google Docs = C:\Users\macp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\macp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\macp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\macp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! WebRep = C:\Users\macp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Gmail = C:\Users\macp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TPUReg] C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe (Pegatron Corporation) O4 - HKLM..\Run: [TPUReg(x86)] "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D603105D-372F-41EA-9490-2C8F0BC7E836}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/12 21:00:59 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Roaming\Malwarebytes [2013/04/12 21:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/12 21:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/12 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/12 21:00:19 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Programs [2013/04/12 15:27:21 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Roaming\Macromedia [2013/04/11 12:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013/04/11 08:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2013/03/28 19:10:50 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/03/28 19:10:50 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/28 19:06:08 | 000,000,000 | R--D | C] -- C:\windows\BrowserChoice [2013/03/27 23:29:54 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100_clr0400.dll [2013/03/27 23:24:21 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe [2013/03/27 23:24:12 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll [2013/03/27 23:24:05 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll [2013/03/27 23:24:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wiaacmgr.exe [2013/03/27 23:24:02 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MP4SDECD.DLL [2013/03/27 23:22:15 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe [2013/03/27 23:21:42 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll [2013/03/27 23:21:33 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2013/03/27 23:21:25 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll [2013/03/27 23:21:24 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll [2013/03/27 23:21:24 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2013/03/27 23:21:23 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll [2013/03/27 23:21:23 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll [2013/03/27 23:21:23 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll [2013/03/27 23:21:22 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe [2013/03/27 23:21:21 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe [2013/03/27 23:21:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll [2013/03/27 23:21:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll [2013/03/27 23:21:05 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll [2013/03/27 23:20:57 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013/03/27 23:20:48 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll [2013/03/27 23:18:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgentc.exe [2013/03/27 23:18:22 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll [2013/03/27 23:18:20 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll [2013/03/27 22:33:17 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2013/03/25 23:35:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013/03/25 23:35:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013/03/25 23:35:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll [2013/03/25 23:35:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013/03/25 23:35:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013/03/25 23:34:35 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2013/03/25 23:34:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncryptsslp.dll [2013/03/25 23:33:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll [2013/03/25 23:33:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2013/03/25 23:33:19 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll [2013/03/25 23:33:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnathlp.dll [2013/03/25 23:33:18 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnsvr.exe [2013/03/25 23:33:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhupnp.dll [2013/03/25 23:33:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhpast.dll [2013/03/25 23:33:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnlobby.dll [2013/03/25 23:33:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnaddr.dll [2013/03/25 23:32:48 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2013/03/25 23:32:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll [2013/03/25 23:32:48 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2013/03/24 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier [2013/03/24 21:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gmail Notifier [2013/03/24 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\TOSHIBA [2013/03/24 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013/03/24 17:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2013/03/24 17:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013/03/24 17:45:53 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH [2013/03/24 17:42:02 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Microsoft Help [2013/03/24 17:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013/03/24 17:41:27 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013/03/24 17:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2013/03/24 16:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/03/24 16:46:51 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013/03/24 16:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/24 16:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/03/24 16:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/03/24 16:20:09 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Google [2013/03/24 16:19:44 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Apps [2013/03/24 16:19:43 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Deployment [2013/03/24 16:16:59 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Roaming\ATI [2013/03/24 16:16:59 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\ATI [2013/03/24 16:11:46 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\SRS Labs [2013/03/24 16:10:59 | 000,000,000 | R--D | C] -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/03/24 16:10:58 | 000,000,000 | R--D | C] -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/03/24 16:10:58 | 000,000,000 | R--D | C] -- C:\Users\macp\Searches [2013/03/24 16:10:58 | 000,000,000 | R--D | C] -- C:\Users\macp\Contacts [2013/03/24 16:10:46 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Roaming\Adobe [2013/03/24 16:07:34 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\VirtualStore [2013/03/24 16:07:19 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Packages [2013/03/24 16:07:13 | 000,000,000 | --SD | C] -- C:\Users\macp\AppData\Roaming\Microsoft [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Videos [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Saved Games [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Pictures [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Music [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Links [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Favorites [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Downloads [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Documents [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\Desktop [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/03/24 16:07:13 | 000,000,000 | R--D | C] -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013/03/24 16:07:13 | 000,000,000 | -H-D | C] -- C:\Users\macp\AppData [2013/03/24 16:07:13 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Temp [2013/03/24 16:07:13 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Local\Microsoft [2013/03/24 16:07:13 | 000,000,000 | ---D | C] -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/03/24 16:07:07 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2013/04/12 21:25:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/12 21:00:46 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/12 20:24:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/04/12 20:24:35 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/12 20:22:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/04/12 20:22:41 | 512,757,759 | -HS- | M] () -- C:\hiberfil.sys [2013/04/11 08:53:54 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/03/27 22:33:10 | 430,145,969 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/03/24 22:23:56 | 000,001,355 | ---- | M] () -- C:\Users\macp\Desktop\shutdown.lnk [2013/03/24 16:47:55 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/24 16:47:40 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt ========== Files Created - No Company Name ========== [2013/04/12 21:00:46 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/03/27 22:33:10 | 430,145,969 | ---- | C] () -- C:\windows\MEMORY.DMP [2013/03/24 22:24:33 | 000,001,551 | ---- | C] () -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\shutdown.lnk [2013/03/24 22:21:26 | 000,001,355 | ---- | C] () -- C:\Users\macp\Desktop\shutdown.lnk [2013/03/24 16:47:55 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/24 16:47:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2013/03/24 16:21:31 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/03/24 16:20:27 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/24 16:20:26 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/24 16:10:46 | 000,001,441 | ---- | C] () -- C:\Users\macp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/01/25 14:45:59 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2013/01/25 14:39:04 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012/11/22 19:45:50 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012/09/18 02:40:14 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012/09/18 02:40:14 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012/05/10 17:35:16 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll [2011/09/12 18:06:18 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/01/10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/01/10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Quote
macp Posted April 12, 2013 Author Posted April 12, 2013 This is the log from the 2nd PC a windows 7 machine. This was the corrupted machine: OTL logfile created on: 12/04/2013 22:20:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Celestial Radio\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.92 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 72.14% Memory free 11.83 Gb Paging File | 10.06 Gb Available in Paging File | 85.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 271.00 Gb Total Space | 222.63 Gb Free Space | 82.15% Space Free | Partition Type: NTFS Drive D: | 404.08 Gb Total Space | 382.83 Gb Free Space | 94.74% Space Free | Partition Type: NTFS Computer Name: CELESTIALRADIO | User Name: Celestial Radio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Celestial Radio\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {FEEB8035-FD6C-4010-BC8A-BA5298B79FFB} IE - HKCU\..\SearchScopes\{FEEB8035-FD6C-4010-BC8A-BA5298B79FFB}: "URL" = http://www.mysearchresults.com/search?c=4003&t=14&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) [2013/02/23 19:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - Extension: Docs = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Delta Toolbar = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnnabbonolmdccgncgckdfikehphiknc\1.0_0\ CHR - Extension: LastPass = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\ CHR - Extension: avast! WebRep = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Gmail = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKCU..\Run: [AVUS] C:\Program Files (x86)\AVUS\AVUS.exe (Andrea Bonfiglio) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [Yontoo Desktop] "C:\Users\Celestial Radio\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: LastPass - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DC4A43D-DFF3-46F7-9486-900957591144}: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/12 22:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/04/12 22:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013/04/12 15:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/04/12 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\Deployment [2013/04/12 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\Apps [2013/04/12 15:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/04/12 15:09:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013/04/12 14:55:07 | 000,000,000 | ---D | C] -- C:\windows\pss [2013/04/12 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\CrashDumps [2013/04/12 14:06:18 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Roaming\Malwarebytes [2013/04/12 14:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/12 14:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/12 14:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/12 14:05:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\Programs [2013/04/12 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{9F6F33F9-712F-4872-A82C-1048B513CF62} [2013/04/11 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{2E079235-56CB-4917-A9E0-D71234DF2CC0} [2013/04/10 22:05:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013/04/10 22:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013/04/10 22:05:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013/04/10 22:05:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013/04/10 22:05:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013/04/10 22:05:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013/04/10 09:32:34 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2013/04/10 09:32:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2013/04/10 09:32:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2013/04/10 09:32:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2013/04/10 09:32:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2013/04/10 09:32:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll [2013/04/10 09:26:32 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{DA49DAC7-FAF4-4207-88FB-B60A1D0CABDA} [2013/04/04 09:21:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{40CA6AB3-2A30-4991-AFE7-52DCCB70F15F} [2013/04/03 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{4E3FB2BD-5BB0-4D2A-BAB7-002BFFDD874A} [2013/03/28 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{C620115A-2845-4207-9131-66EB6180CC86} [2013/03/25 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{D423EE2D-69C7-407D-BAF4-D117642DF644} [2013/03/25 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{28F6B1A4-E6E1-402B-A4BD-E4B53A0FBC2A} [2013/03/25 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\Tracing [2013/01/14 15:42:07 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2013/04/12 22:13:15 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/12 22:12:56 | 000,002,279 | ---- | M] () -- C:\Users\Celestial Radio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/12 22:10:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/04/12 22:10:41 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys [2013/04/12 20:25:59 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/12 20:25:56 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/04/12 15:58:09 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/12 15:56:18 | 000,001,254 | ---- | M] () -- C:\Users\Celestial Radio\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/12 15:13:03 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/12 15:10:32 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/04/12 15:10:27 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013/04/12 14:30:11 | 000,000,097 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013/04/12 14:06:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/09 10:25:03 | 000,002,341 | ---- | M] () -- C:\Users\Celestial Radio\Desktop\Search.lnk [2013/03/19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2013/03/19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2013/03/19 05:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll ========== Files Created - No Company Name ========== [2013/04/12 15:58:09 | 000,002,279 | ---- | C] () -- C:\Users\Celestial Radio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/12 15:58:09 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/12 15:13:03 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/12 15:10:32 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/04/12 14:58:44 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013/04/12 14:29:43 | 000,000,097 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013/04/12 14:06:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/09 10:25:03 | 000,002,439 | ---- | C] () -- C:\Users\Celestial Radio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013/04/09 10:25:02 | 000,002,341 | ---- | C] () -- C:\Users\Celestial Radio\Desktop\Search.lnk [2013/02/24 00:50:59 | 000,000,258 | RHS- | C] () -- C:\Users\Celestial Radio\ntuser.pol [2011/11/26 01:31:24 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011/11/26 01:22:38 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe [2011/11/26 01:21:47 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/11/26 01:21:45 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/11/26 01:21:45 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/11/25 10:21:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011/11/25 09:29:38 | 000,002,558 | ---- | C] () -- C:\windows\HotFixList.ini [2011/11/25 09:11:17 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/02/23 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\Celestial Radio\AppData\Roaming\AVG [2012/12/20 13:51:10 | 000,000,000 | ---D | M] -- C:\Users\Celestial Radio\AppData\Roaming\ConverterLite [2013/02/25 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\Celestial Radio\AppData\Roaming\CRDeltaTB [2013/02/23 19:01:54 | 000,000,000 | ---D | M] -- C:\Users\Celestial Radio\AppData\Roaming\Driver Pro [2012/12/06 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\Celestial Radio\AppData\Roaming\FileAssociationManager [2012/12/06 22:34:35 | 000,000,000 | ---D | M] -- C:\Users\Celestial Radio\AppData\Roaming\TP [2013/02/23 19:06:22 | 000,000,000 | ---D | M] -- C:\Users\Celestial Radio\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Quote
macp Posted April 12, 2013 Author Posted April 12, 2013 So this is the remaining PC another windows 7 machine: OTL logfile created on: 4/12/2013 10:48:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pete & Julie\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1011.87 Mb Total Physical Memory | 145.25 Mb Available Physical Memory | 14.35% Memory free 2.36 Gb Paging File | 0.37 Gb Available in Paging File | 15.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216.94 Gb Total Space | 174.48 Gb Free Space | 80.43% Space Free | Partition Type: NTFS Drive D: | 11.79 Gb Total Space | 1.34 Gb Free Space | 11.38% Space Free | Partition Type: NTFS Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.82% Space Free | Partition Type: FAT32 Computer Name: ELLA-HP | User Name: Pete & Julie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Pete & Julie\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) PRC - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) PRC - C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) PRC - C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\_elementtree.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32api.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\_socket.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32ts.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\pysqlite2._sqlite.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32com.shell.shell.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\wx._html2.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32crypt.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\windows._cacheinvalidation.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\wx._gdi_.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32profile.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\wx._misc_.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\pythoncom27.dll () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\pywintypes27.dll () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\_ctypes.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\wx._core_.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32security.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\_ssl.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32process.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32pdh.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\wx._windows_.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\_hashlib.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\wx._wizard.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32file.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32inet.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\wx._controls_.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\win32event.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\pyexpat.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\unicodedata.pyd () MOD - C:\Users\PETE&J~1\AppData\Local\Temp\_MEI44522\select.pyd () MOD - C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll () MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files\Bluetooth Suite\AdminService.exe (Atheros Commnucations) SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/7 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{667A611C-60AF-4195-AAF3-011E33947955}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pete & Julie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pete & Julie\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pete & Julie\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/21 20:34:48 | 000,000,000 | ---D | M] [2012/09/18 17:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Pete & Julie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: BIODIGITAL HUMAN = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Virtual Yeast Cell = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bggcfkeamlabnkdllkkaeaeojiiphjhm\0.0.0.1_0\ CHR - Extension: YouTube = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: http://www.google.co.uk/ = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghejcmaiefeefmcdbmpkdjmfiphepccj\2012.7.14.1775_0\ CHR - Extension: Voice Search = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.1.1_0\ CHR - Extension: The Weather Channel for Chrome = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: eBay Extension for Google Chrome\u2122 (by eBay) = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\1.6.9_0\ CHR - Extension: Harvard Referencing = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\ CHR - Extension: Facebook Notifications = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Gmail = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: BIODIGITAL HUMAN = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Virtual Yeast Cell = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bggcfkeamlabnkdllkkaeaeojiiphjhm\0.0.0.1_0\ CHR - Extension: YouTube = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: http://www.google.co.uk/ = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghejcmaiefeefmcdbmpkdjmfiphepccj\2012.7.14.1775_0\ CHR - Extension: Voice Search = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.1.1_0\ CHR - Extension: The Weather Channel for Chrome = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: eBay Extension for Google Chrome\u2122 (by eBay) = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\1.6.9_0\ CHR - Extension: Harvard Referencing = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\ CHR - Extension: Facebook Notifications = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Gmail = C:\Users\Pete & Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Pete & Julie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: celestialradio.co.uk ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{707183F9-4990-4970-BDB6-ADCFF9B0696B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A20E6326-2516-44F8-89A0-4E8672EA30CE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/12 22:07:30 | 000,000,000 | ---D | C] -- C:\Users\Pete & Julie\AppData\Local\Programs [2013/04/12 15:29:48 | 000,000,000 | ---D | C] -- C:\Users\Pete & Julie\AppData\Local\Diagnostics [2013/04/03 09:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/04/02 21:43:31 | 000,000,000 | ---D | C] -- C:\Users\Pete & Julie\Documents\(1) Ella Macfarlane_files [2013/03/29 16:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/03/29 16:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/03/29 16:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/03/29 16:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/03/29 15:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013/03/29 15:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/03/29 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013/03/25 21:23:16 | 000,000,000 | ---D | C] -- C:\Users\Pete & Julie\AppData\Local\{93C80CF1-C42C-474B-9736-82A050AB2887} [2013/03/22 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Pete & Julie\AppData\Local\{277021DC-0C8C-4AF3-8435-2424DADB437F} [2013/03/21 20:35:12 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013/03/21 20:35:12 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013/03/21 20:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/03/21 20:35:09 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013/03/21 20:35:09 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013/03/21 20:35:08 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013/03/21 20:35:08 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013/03/21 20:35:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013/03/21 20:34:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/03/16 00:31:13 | 000,000,000 | ---D | C] -- C:\Users\Pete & Julie\AppData\Local\{6BAD2D01-1EBE-4872-AB33-B153255755FA} ========== Files - Modified Within 30 Days ========== [2013/04/12 22:57:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/12 22:51:15 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1001UA.job [2013/04/12 22:35:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1000UA.job [2013/04/12 22:08:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/12 22:07:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1001UA.job [2013/04/12 22:04:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/12 20:53:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1000UA.job [2013/04/12 19:07:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1001Core.job [2013/04/12 19:04:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/12 17:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1000Core.job [2013/04/12 16:02:55 | 000,664,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/04/12 16:02:55 | 000,124,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/12 16:00:47 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013/04/12 16:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/12 15:41:37 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/12 15:41:37 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/12 15:33:35 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys [2013/04/12 14:34:22 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1001Core.job [2013/04/12 14:25:20 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-407033430-3075815969-1047738828-1000Core.job [2013/04/09 23:10:49 | 000,002,398 | ---- | M] () -- C:\Users\Pete & Julie\Desktop\Google Chrome.lnk [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/04/02 21:43:30 | 000,618,036 | ---- | M] () -- C:\Users\Pete & Julie\Documents\(1) Ella Macfarlane.htm [2013/03/29 16:10:38 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/03/29 15:55:56 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/03/28 09:56:36 | 000,110,944 | ---- | M] () -- C:\Users\Pete & Julie\Documents\L4134516.pdf [2013/03/21 20:35:12 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/21 20:35:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt ========== Files Created - No Company Name ========== [2013/04/02 21:43:30 | 000,618,036 | ---- | C] () -- C:\Users\Pete & Julie\Documents\(1) Ella Macfarlane.htm [2013/03/29 16:10:38 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/03/29 15:55:56 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/03/28 09:56:36 | 000,110,944 | ---- | C] () -- C:\Users\Pete & Julie\Documents\L4134516.pdf [2013/03/21 20:35:12 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/21 20:35:08 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013/03/21 20:35:08 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2012/06/17 13:17:24 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2011/12/28 19:03:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/06/27 02:54:35 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/04/03 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Pete & Julie\AppData\Roaming\AVG [2012/09/18 17:56:30 | 000,000,000 | ---D | M] -- C:\Users\Pete & Julie\AppData\Roaming\CheckPoint [2012/08/27 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Pete & Julie\AppData\Roaming\OpenCandy [2011/10/08 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Pete & Julie\AppData\Roaming\Synaptics [2012/06/17 13:18:43 | 000,000,000 | ---D | M] -- C:\Users\Pete & Julie\AppData\Roaming\VDownloader ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > Quote
Starbuck Posted April 13, 2013 Posted April 13, 2013 Hi macp Ok, this is going to start to get confusing.... so let's concentrate on one system to start with. Start with the system that showed the infections. Step 1 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on the Delete button. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. Step 2 Now let's get a fresh set of OTL reports using the instructions below: Double click on OTL to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. In your next reply, please submit: ADWCleaner report 2 new reports from OTL Thanks. Quote Member of:UNITE
macp Posted April 13, 2013 Author Posted April 13, 2013 Thanks again So here is the 1st of two ADW reports as it made two passes ? # AdwCleaner v2.200 - Logfile created 04/13/2013 at 12:29:04 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Celestial Radio - CELESTIALRADIO # Boot Mode : Normal # Running from : C:\Users\Celestial Radio\Downloads\AdwCleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\BrowserProtect ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKCU\Software\SmartBar Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [28364 octets] - [12/04/2013 14:29:31] AdwCleaner[s2].txt - [1864 octets] - [13/04/2013 12:29:04] ########## EOF - C:\AdwCleaner[s2].txt - [1924 octets] ########## Quote
macp Posted April 13, 2013 Author Posted April 13, 2013 Here is the 2nd ADW report # AdwCleaner v2.200 - Logfile created 04/13/2013 at 12:34:44 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Celestial Radio - CELESTIALRADIO # Boot Mode : Normal # Running from : C:\Users\Celestial Radio\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [28364 octets] - [12/04/2013 14:29:31] AdwCleaner[s2].txt - [1993 octets] - [13/04/2013 12:29:04] AdwCleaner[s3].txt - [815 octets] - [13/04/2013 12:34:44] ########## EOF - C:\AdwCleaner[s3].txt - [874 octets] ########## Quote
macp Posted April 13, 2013 Author Posted April 13, 2013 Here is the 1st OTL report. Sorry I had to split the replies as they were rejected for being too large OTL logfile created on: 13/04/2013 12:49:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Celestial Radio\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.92 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 70.07% Memory free 11.83 Gb Paging File | 9.93 Gb Available in Paging File | 83.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 271.00 Gb Total Space | 222.68 Gb Free Space | 82.17% Space Free | Partition Type: NTFS Drive D: | 404.08 Gb Total Space | 382.83 Gb Free Space | 94.74% Space Free | Partition Type: NTFS Computer Name: CELESTIALRADIO | User Name: Celestial Radio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Celestial Radio\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{FEEB8035-FD6C-4010-BC8A-BA5298B79FFB}: "URL" = http://www.mysearchresults.com/search?c=4003&t=14&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) [2013/02/23 19:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - Extension: Google Docs = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Docs = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google Drive = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Search = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Delta Toolbar = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnnabbonolmdccgncgckdfikehphiknc\1.0_0\ CHR - Extension: LastPass = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\ CHR - Extension: avast! WebRep = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\ CHR - Extension: Gmail = C:\Users\Celestial Radio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKCU..\Run: [AVUS] C:\Program Files (x86)\AVUS\AVUS.exe (Andrea Bonfiglio) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [Yontoo Desktop] "C:\Users\Celestial Radio\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: LastPass - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DC4A43D-DFF3-46F7-9486-900957591144}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/13 12:35:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{31CD4276-19EC-40E2-955C-770EA36E801A} [2013/04/13 12:19:12 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{7DFFAC83-F7BA-4ABF-9022-39A8B032F1A5} [2013/04/12 22:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/04/12 22:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013/04/12 15:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/04/12 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\Deployment [2013/04/12 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\Apps [2013/04/12 15:10:32 | 000,377,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013/04/12 15:10:32 | 000,070,992 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013/04/12 15:10:32 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2013/04/12 15:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/04/12 15:10:31 | 000,068,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2013/04/12 15:10:30 | 001,025,808 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013/04/12 15:10:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2013/04/12 15:09:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013/04/12 14:55:07 | 000,000,000 | ---D | C] -- C:\windows\pss [2013/04/12 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\CrashDumps [2013/04/12 14:06:18 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Roaming\Malwarebytes [2013/04/12 14:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/12 14:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/12 14:06:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/04/12 14:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/12 14:05:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\Programs [2013/04/12 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{9F6F33F9-712F-4872-A82C-1048B513CF62} [2013/04/11 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{2E079235-56CB-4917-A9E0-D71234DF2CC0} [2013/04/10 22:05:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013/04/10 22:05:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013/04/10 22:05:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013/04/10 22:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013/04/10 22:05:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013/04/10 22:05:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013/04/10 22:05:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013/04/10 22:05:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013/04/10 22:05:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013/04/10 22:05:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013/04/10 22:05:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013/04/10 22:05:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013/04/10 22:05:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013/04/10 22:05:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013/04/10 22:05:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013/04/10 09:32:34 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2013/04/10 09:32:34 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2013/04/10 09:32:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll [2013/04/10 09:32:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2013/04/10 09:32:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll [2013/04/10 09:32:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2013/04/10 09:32:08 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2013/04/10 09:32:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2013/04/10 09:32:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2013/04/10 09:32:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe [2013/04/10 09:32:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll [2013/04/10 09:32:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll [2013/04/10 09:26:32 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{DA49DAC7-FAF4-4207-88FB-B60A1D0CABDA} [2013/04/04 09:21:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{40CA6AB3-2A30-4991-AFE7-52DCCB70F15F} [2013/04/03 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{4E3FB2BD-5BB0-4D2A-BAB7-002BFFDD874A} [2013/03/28 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{C620115A-2845-4207-9131-66EB6180CC86} [2013/03/26 14:07:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys [2013/03/25 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{D423EE2D-69C7-407D-BAF4-D117642DF644} [2013/03/25 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\AppData\Local\{28F6B1A4-E6E1-402B-A4BD-E4B53A0FBC2A} [2013/03/25 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Celestial Radio\Tracing [2013/01/14 15:42:07 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2013/04/13 12:44:12 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/13 12:44:12 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/13 12:41:01 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/13 12:37:13 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/13 12:36:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/04/13 12:36:36 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys [2013/04/13 12:25:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/04/12 22:12:56 | 000,002,279 | ---- | M] () -- C:\Users\Celestial Radio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/12 15:58:09 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/12 15:56:18 | 000,001,254 | ---- | M] () -- C:\Users\Celestial Radio\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/12 15:13:03 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/12 15:10:32 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/04/12 15:10:27 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013/04/12 14:30:11 | 000,000,097 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013/04/12 14:06:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/11 16:13:54 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/04/11 16:13:54 | 000,628,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/04/11 16:13:54 | 000,110,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/04/11 16:06:48 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/04/09 10:25:03 | 000,002,341 | ---- | M] () -- C:\Users\Celestial Radio\Desktop\Search.lnk [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/03/19 07:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2013/03/19 06:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll [2013/03/19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2013/03/19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2013/03/19 05:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll [2013/03/19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe ========== Files Created - No Company Name ========== [2013/04/12 15:58:09 | 000,002,279 | ---- | C] () -- C:\Users\Celestial Radio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/12 15:58:09 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/12 15:13:03 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/04/12 15:10:32 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/04/12 15:10:27 | 000,178,624 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys [2013/04/12 15:10:27 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys [2013/04/12 14:58:44 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013/04/12 14:29:43 | 000,000,097 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013/04/12 14:06:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/09 10:25:03 | 000,002,439 | ---- | C] () -- C:\Users\Celestial Radio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013/04/09 10:25:02 | 000,002,341 | ---- | C] () -- C:\Users\Celestial Radio\Desktop\Search.lnk [2013/02/24 00:50:59 | 000,000,258 | RHS- | C] () -- C:\Users\Celestial Radio\ntuser.pol [2011/11/26 01:31:24 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011/11/26 01:22:38 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe [2011/11/26 01:21:47 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/11/26 01:21:45 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/11/26 01:21:45 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/11/25 10:21:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011/11/25 09:29:38 | 000,002,558 | ---- | C] () -- C:\windows\HotFixList.ini [2011/11/25 09:11:17 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Quote
macp Posted April 13, 2013 Author Posted April 13, 2013 Here is the 2nd and last OTL report OTL Extras logfile created on: 13/04/2013 12:49:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Celestial Radio\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.92 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 70.07% Memory free 11.83 Gb Paging File | 9.93 Gb Available in Paging File | 83.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 271.00 Gb Total Space | 222.68 Gb Free Space | 82.17% Space Free | Partition Type: NTFS Drive D: | 404.08 Gb Total Space | 382.83 Gb Free Space | 94.74% Space Free | Partition Type: NTFS Computer Name: CELESTIALRADIO | User Name: Celestial Radio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006DBE7D-44C3-486B-86A7-26B0A767AB77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{01571090-4881-4321-BAE8-833747C97C8E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{05B3C6F3-5906-400F-9423-CF9E7198E1DE}" = lport=10243 | protocol=6 | dir=in | app=system | "{263DB1FB-D143-474F-AC3F-0B936A4AB3F1}" = rport=10243 | protocol=6 | dir=out | app=system | "{2D86311F-F9CD-4DBF-8F97-9BFFD15A2415}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{44313419-4D41-4517-AF6F-322DC85F2543}" = rport=139 | protocol=6 | dir=out | app=system | "{499E5431-5520-48E2-82DC-D9AC79FC4618}" = lport=137 | protocol=17 | dir=in | app=system | "{4C651F57-7615-4820-81A0-721DE4F9833C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F10E8E9-2689-46D9-8943-52BC350A5D2E}" = rport=137 | protocol=17 | dir=out | app=system | "{675F27F4-B997-4BFE-A26D-3A37A4D09061}" = lport=2869 | protocol=6 | dir=in | app=system | "{6E30ECAC-E48D-44C8-837C-1E1BDDC79F7B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{82C62C7D-BAE7-4E61-970A-AB84918CB33D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{94A4274B-E488-40CB-8A54-4C3F282311DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9695098A-73AE-4CF1-9595-EE71F280949D}" = lport=139 | protocol=6 | dir=in | app=system | "{A117F8A3-90E4-480C-A879-594170324B02}" = rport=445 | protocol=6 | dir=out | app=system | "{A8BAD371-EA25-49F9-BEE2-0046D2AFDD3D}" = rport=138 | protocol=17 | dir=out | app=system | "{C05E0E4A-1E65-4FFB-B60C-EFC18BED890C}" = lport=445 | protocol=6 | dir=in | app=system | "{C0FB5943-0330-492C-B54D-435DB340B451}" = lport=138 | protocol=17 | dir=in | app=system | "{C98C2FED-E886-4A80-AC09-4DC282BC7DE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D4ADB5DA-63B7-42F0-A4E6-C107EF09BBDE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D4FC32B4-3963-41DD-9A17-EDB72A82BA3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DCA758DB-31F4-4E32-BFF2-0408BF538EF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FBCC57EA-0A11-4540-8531-628D9C172D14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A99B565-F47B-4F46-A9B2-20299F24A238}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DBBB725-BBDC-49BA-BF1B-477EDCAEECB1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{142BC5CE-031F-449D-B29E-3A1360B20F81}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{28259714-0600-43CA-8BEE-BB228F91C27A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{292C60F6-4C6C-4E6E-AC4C-A9A4F6992C1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3962B203-1422-4993-ADF3-816313DB4BE1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{58963A5C-3C1B-4E86-9EA9-92B4D64A1488}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{59DB4B12-45B3-4892-83A8-BA0D65074447}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{6578BCB2-A5FD-44CF-9F6C-E385C670D489}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{820E0428-8F08-4FBB-AEBD-B2BA7AB1F1F7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{84DB00FD-7BCF-4F15-8A33-A97EBB7E33A2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{8B30E2BD-4FCF-49D1-84FF-0C46C0BAE73B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8E542713-BA92-465B-80FE-05122C310A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{91E81B13-36C6-4B87-B2AD-A652765A32BB}" = protocol=6 | dir=out | app=system | "{93B33629-CDC7-403F-90A3-40EEB6031E62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9ACC77C4-B002-4D8D-A351-2FF56BAF1F12}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{A0EC49B1-308C-487D-AE94-23F202911566}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1D83ECA-0A99-4DBC-B0A2-83C2CFD4DAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{C7A3C283-73E4-439C-82D9-9E5EA7C0E6CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CC201672-587B-4E72-AC96-C08BE0DF641B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CD9958F1-003F-406D-9124-D3F95D726D90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D681BCAE-5B92-4411-AB19-92A78C82962C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D7920214-FB6F-4553-902B-495B87B7C13F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D889AFB6-32F9-4F93-8E1F-2CAB6F91F7AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DD475A19-7742-4B4A-81C3-F884E1F4AD4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E1050CFD-A064-4820-82CC-D4626129A754}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F47FC27C-3383-4572-B73D-51738A774490}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{F85C9F36-637D-40A6-A93E-0B3506104954}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{FDD4170F-3FE2-4226-A852-46AF0BF312EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FFD0CC87-DEA0-4051-A59D-1655B86BB723}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지 "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“ "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17283B95-21A8-4996-97DA-547A48DB266F}" = Samsung Control Center "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21 "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print "{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{48C46AB8-3499-4976-9017-9BE52365443E}" = Delta "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일 "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{608FB285-F572-48DE-AE44-28ABFF3F6BF9}" = Internet Turbo "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}" = Eco Mode "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger "{CB383BE9-7518-4ABD-826E-8FC4695F7D52}" = Interactive Guide "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리 "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "avast" = avast! Free Antivirus "ConverterLite" = ConverterLite 1.6.2 "Driver Pro_is1" = Driver Pro v3.0 "FileAssociationManager" = File Association Manager 0.1 "Game Console - WildGames" = WildTangent ORB Game Console "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "LastPass" = LastPass(uninstall only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "ProInst" = Intel PROSet Wireless "Samsung Printer Live Update" = Samsung Printer Live Update "Samsung Universal Print Driver" = Samsung Universal Print Driver "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "Supreme Savings" = Supreme Savings "VLC media player" = VLC media player 2.0.4 "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live 程式集 "WT085559" = Diner Dash 2 Restaurant Rescue "WT085567" = Chuzzle Deluxe "WT085580" = John Deere Drive Green "WT085581" = Penguins! "WT085583" = Polar Golfer "WT085587" = Agatha Christie - Death on the Nile "WT085597" = Build-a-lot "WT085618" = Farm Frenzy "WT085622" = Insaniquarium Deluxe "WT085663" = Peggle "WT085669" = Plants vs. Zombies "WT089285" = Zuma Deluxe "WT089286" = Bejeweled 2 Deluxe ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27/11/2012 03:50:33 | Computer Name = CelestialRadio | Source = WinMgmt | ID = 10 Description = Error - 27/11/2012 12:53:57 | Computer Name = CelestialRadio | Source = WinMgmt | ID = 10 Description = Error - 06/12/2012 17:10:00 | Computer Name = CelestialRadio | Source = WinMgmt | ID = 10 Description = Error - 06/12/2012 17:20:12 | Computer Name = CelestialRadio | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 28/03/2013 14:11:01 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 28/03/2013 14:11:02 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7024 Description = The AVGIDSAgent service terminated with service-specific error %%-536753636. Error - 28/03/2013 14:11:07 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 28/03/2013 14:11:13 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7034 Description = The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). Error - 02/04/2013 04:17:08 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7023 Description = The WajamUpdater service terminated with the following error: %%3 Error - 02/04/2013 04:17:37 | Computer Name = CelestialRadio | Source = DCOM | ID = 10010 Description = Error - 02/04/2013 17:01:01 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 03/04/2013 14:10:05 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 03/04/2013 14:10:19 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7034 Description = The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). Error - 03/04/2013 17:13:12 | Computer Name = CelestialRadio | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 [ TuneUp Events ] Error - 12/04/2013 08:29:26 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:15:01 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:16:09 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:30:26 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:31:21 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:44:23 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:45:17 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:46:17 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:55:14 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12/04/2013 09:59:51 | Computer Name = CelestialRadio | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > Quote
Starbuck Posted April 13, 2013 Posted April 13, 2013 Hi macp Sorry I had to split the replies as they were rejected for being too large That's fine. Let's cleanup the Otl report now and get another deeper scan done. Step 1 If you encounter any freezing problems when running the Otl fix, you'll have to uninstall MalwareBytes AntiMalware. It can be reinstalled once the fix has completed. It doesn't happen on all systems, but sometimes MBAM and OTL conflict slightly. Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKCU..\Run: [AVUS] C:\Program Files (x86)\AVUS\AVUS.exe (Andrea Bonfiglio) O4 - HKCU..\Run: [Yontoo Desktop] "C:\Users\Celestial Radio\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: LastPass - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Celestial Radio\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. In your next reply, please submit: Otl fix report Combofix.txt Thanks. Quote Member of:UNITE
macp Posted April 13, 2013 Author Posted April 13, 2013 Evening and thanks again Here is the OTL fix report All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVUS deleted successfully. C:\Program Files (x86)\AVUS\AVUS.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Celestial Radio\Downloads\cmd.bat deleted successfully. C:\Users\Celestial Radio\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Celestial Radio ->Temp folder emptied: 1441501 bytes ->Temporary Internet Files folder emptied: 541074 bytes ->Google Chrome cache emptied: 7143508 bytes ->Flash cache emptied: 506 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15472 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 9.00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 04132013_181010 Files\Folders moved on Reboot... C:\Users\Celestial Radio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
macp Posted April 13, 2013 Author Posted April 13, 2013 And here is the combofix report. I could not turn off Avast for some reason. ComboFix 13-04-12.02 - Celestial Radio 13/04/2013 18:43:57.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4527 [GMT 1:00] Running from: c:\users\Celestial Radio\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 ))))))))))))))))))))))))))))))) . . 2013-04-13 17:53 . 2013-04-13 17:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-13 17:53 . 2013-04-13 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-13 17:10 . 2013-04-13 17:10 -------- d-----w- C:\_OTL 2013-04-12 21:16 . 2013-04-12 21:16 -------- d-----w- c:\program files (x86)\7-Zip 2013-04-12 14:57 . 2013-04-12 14:57 -------- d-----w- c:\users\Celestial Radio\AppData\Local\Deployment 2013-04-12 14:57 . 2013-04-12 14:57 -------- d-----w- c:\users\Celestial Radio\AppData\Local\Apps 2013-04-12 14:10 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-04-12 14:10 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-04-12 14:10 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-04-12 14:10 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-04-12 14:10 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-04-12 14:10 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-04-12 14:10 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-04-12 14:10 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-04-12 14:09 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr 2013-04-12 13:29 . 2013-04-12 13:30 97 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-12 13:29 . 2013-04-13 17:53 -------- d-----w- c:\users\Celestial Radio\AppData\Local\CrashDumps 2013-04-12 13:06 . 2013-04-12 13:06 -------- d-----w- c:\users\Celestial Radio\AppData\Roaming\Malwarebytes 2013-04-12 13:06 . 2013-04-12 13:06 -------- d-----w- c:\programdata\Malwarebytes 2013-04-12 13:06 . 2013-04-12 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-12 13:06 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-12 13:05 . 2013-04-12 13:05 -------- d-----w- c:\users\Celestial Radio\AppData\Local\Programs 2013-04-12 11:48 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFF16EC3-6614-4D5E-92A4-B765C8221CB4}\mpengine.dll 2013-04-10 08:32 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-03-26 13:07 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-25 19:23 . 2013-04-13 17:19 -------- d-----w- c:\users\Celestial Radio\Tracing . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 08:01 . 2012-12-06 21:30 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-06 22:32 . 2013-02-24 00:27 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-25 18:09 . 2013-02-25 18:09 927912 ----a-w- C:\OfferBrokerage_14003.exe 2013-02-25 18:09 . 2013-02-25 18:09 153440 ----a-w- C:\setup__120.exe 2013-02-12 05:45 . 2013-03-13 22:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 22:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 22:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 05:45 . 2013-03-13 22:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 04:48 . 2013-03-13 22:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 22:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-14 14:42 . 2013-01-14 14:42 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe 2013-01-13 21:17 . 2013-03-01 09:39 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17 . 2013-03-01 09:39 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16 . 2013-03-01 09:39 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12 . 2013-03-01 09:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11 . 2013-03-01 09:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11 . 2013-03-01 09:39 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11 . 2013-03-01 09:39 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11 . 2013-03-01 09:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11 . 2013-03-01 09:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35 . 2013-03-01 09:39 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35 . 2013-03-01 09:39 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35 . 2013-03-01 09:39 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32 . 2013-03-01 09:39 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31 . 2013-03-01 09:39 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31 . 2013-03-01 09:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31 . 2013-03-01 09:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31 . 2013-03-01 09:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31 . 2013-03-01 09:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31 . 2013-03-01 09:39 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-01-13 20:22 . 2013-03-01 09:39 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20 . 2013-03-01 09:39 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-01-13 20:09 . 2013-03-01 09:39 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08 . 2013-03-01 09:39 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08 . 2013-03-01 09:39 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-01-13 19:59 . 2013-03-01 09:39 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-01-13 19:58 . 2013-03-01 09:39 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-01-13 19:54 . 2013-03-01 09:39 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53 . 2013-03-01 09:39 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53 . 2013-03-01 09:39 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51 . 2013-03-01 09:39 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-01-13 19:49 . 2013-03-01 09:39 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-01-13 19:48 . 2013-03-01 09:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46 . 2013-03-01 09:39 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-01-13 19:43 . 2013-03-01 09:39 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38 . 2013-03-01 09:39 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-01-13 19:38 . 2013-03-01 09:39 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-01-13 19:38 . 2013-03-01 09:39 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-01-13 19:37 . 2013-03-01 09:39 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-01-13 19:25 . 2013-03-01 09:39 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-01-13 19:24 . 2013-03-01 09:39 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-01-13 19:24 . 2013-03-01 09:39 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-01-13 19:20 . 2013-03-01 09:39 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-01-13 19:20 . 2013-03-01 09:39 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-01-13 19:15 . 2013-03-01 09:39 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-01-13 19:10 . 2013-03-01 09:39 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-01-13 19:02 . 2013-03-01 09:39 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34 . 2013-03-01 09:39 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32 . 2013-03-01 09:39 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-01-13 18:09 . 2013-03-01 09:39 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Driver Pro"="c:\program files (x86)\Driver Pro\DPLauncher.exe" [2012-10-30 340512] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-03-25 6025496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-1-14 14794312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912] R3 aswVmm;aswVmm; [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704] R3 SBIOSIO;SBIOSIO;c:\users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 aswRvrt;aswRvrt; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-07 25960] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536] S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912] S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 59904] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-12 14:57 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 22:09] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 21:52] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 21:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Supreme Savings - c:\program files (x86)\Supreme Savings\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-13 18:57:04 ComboFix-quarantined-files.txt 2013-04-13 17:57 . Pre-Run: 239,035,580,416 bytes free Post-Run: 238,412,177,408 bytes free . - - End Of File - - A6FD2C5E51CBAD7ED1097B31B4979EA0 Quote
Starbuck Posted April 14, 2013 Posted April 14, 2013 Hi macp I could not turn off Avast for some reason. Right click the Taskbar icon and choose "avast! shields control". Options will appear for you to disable shields for varied amounts of time. It's normally best to choose them to restart on a reboot. Not a lot to cleanup here: Step 1 Close any open browsers. Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix: Open Notepad - it must be Notepad, not Wordpad. Copy the text below in the code box by highlighting all the text and pressing Ctrl+C RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] Go to the Notepad window and click Edit >> Paste Then click File >> Save Name the file "CFScript.txt" (including the quotes) Save the file to your Desktop The main ComboFix.exe program should be on your Desktop Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon as below. http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif Now please wait for ComboFix to finish running. Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash Step 2 I'd like you to do an ESET OnlineScan 64Bit users, please see note at the bottom. You may find it beneficial to close your resident AV program before running the scan. It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: As you are running a 64bit system: The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu. In your next reply, please submit: New Combofix.txt Eset scan report (if anything is found) also let me know how the system is running now. Thanks. Quote Member of:UNITE
macp Posted April 14, 2013 Author Posted April 14, 2013 Hi there Well as requested here is the new combo report ComboFix 13-04-14.01 - Celestial Radio 14/04/2013 19:24:07.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4429 [GMT 1:00] Running from: c:\users\Celestial Radio\Downloads\ComboFix.exe Command switches used :: c:\users\Celestial Radio\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 ))))))))))))))))))))))))))))))) . . 2013-04-14 18:33 . 2013-04-14 18:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-14 18:33 . 2013-04-14 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-13 17:10 . 2013-04-13 17:10 -------- d-----w- C:\_OTL 2013-04-12 21:16 . 2013-04-12 21:16 -------- d-----w- c:\program files (x86)\7-Zip 2013-04-12 14:57 . 2013-04-12 14:57 -------- d-----w- c:\users\Celestial Radio\AppData\Local\Deployment 2013-04-12 14:57 . 2013-04-12 14:57 -------- d-----w- c:\users\Celestial Radio\AppData\Local\Apps 2013-04-12 14:10 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-04-12 14:10 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-04-12 14:10 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-04-12 14:10 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-04-12 14:10 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-04-12 14:10 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-04-12 14:10 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-04-12 14:10 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-04-12 14:09 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr 2013-04-12 13:29 . 2013-04-12 13:30 97 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-12 13:29 . 2013-04-14 18:33 -------- d-----w- c:\users\Celestial Radio\AppData\Local\CrashDumps 2013-04-12 13:06 . 2013-04-12 13:06 -------- d-----w- c:\users\Celestial Radio\AppData\Roaming\Malwarebytes 2013-04-12 13:06 . 2013-04-12 13:06 -------- d-----w- c:\programdata\Malwarebytes 2013-04-12 13:06 . 2013-04-12 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-12 13:06 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-12 13:05 . 2013-04-12 13:05 -------- d-----w- c:\users\Celestial Radio\AppData\Local\Programs 2013-04-12 11:48 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFF16EC3-6614-4D5E-92A4-B765C8221CB4}\mpengine.dll 2013-04-10 08:32 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-03-26 13:07 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-25 19:23 . 2013-04-13 18:03 -------- d-----w- c:\users\Celestial Radio\Tracing . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 08:01 . 2012-12-06 21:30 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-06 22:32 . 2013-02-24 00:27 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-25 18:09 . 2013-02-25 18:09 927912 ----a-w- C:\OfferBrokerage_14003.exe 2013-02-25 18:09 . 2013-02-25 18:09 153440 ----a-w- C:\setup__120.exe 2013-02-12 05:45 . 2013-03-13 22:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 22:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 22:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 05:45 . 2013-03-13 22:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 04:48 . 2013-03-13 22:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 22:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-14 14:42 . 2013-01-14 14:42 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Driver Pro"="c:\program files (x86)\Driver Pro\DPLauncher.exe" [2012-10-30 340512] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-03-25 6025496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-1-14 14794312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912] R3 aswVmm;aswVmm; [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704] R3 SBIOSIO;SBIOSIO;c:\users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 aswRvrt;aswRvrt; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-07 25960] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536] S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912] S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 59904] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-12 14:57 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 22:09] . 2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 21:52] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 21:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Supreme Savings - c:\program files (x86)\Supreme Savings\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . Completion time: 2013-04-14 19:36:32 ComboFix-quarantined-files.txt 2013-04-14 18:36 ComboFix2.txt 2013-04-13 17:57 . Pre-Run: 238,076,776,448 bytes free Post-Run: 237,690,175,488 bytes free . - - End Of File - - 9807C61B70172F39F8309A9031225899 Quote
macp Posted April 14, 2013 Author Posted April 14, 2013 And here is the ESET scan C:\Program Files (x86)\Driver Pro\DPSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined C:\Users\Celestial Radio\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined The pc infact all of the PC`s still seem to run fine and access the web ok too but still refuse to access the radio station webpage which is http://www.celestialradio.co.uk. I have tried pinging both the url and the IP and still get request timed out. Would you recommend flushing the DNS on the router and what would be the effects of doing this ? Quote
macp Posted April 14, 2013 Author Posted April 14, 2013 I have now flushed the DNS and still cannot access the webpage mentioned above using google chrome or internet explorer ? Quote
KenB Posted April 15, 2013 Posted April 15, 2013 Hi macp ( we are almost neighbours :) ) I have tried the link above and can access the site no problem. Please wait for starbuck to give your machine a clean bill of health then we can take it from there :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
macp Posted April 15, 2013 Author Posted April 15, 2013 Hi macp ( we are almost neighbours :) ) I have tried the link above and can access the site no problem. Please wait for starbuck to give your machine a clean bill of health then we can take it from there :) Hi Ken yes pretty close I have been down to Hoy Lake a few times a very nice place. Sorry happy to wait for Starbuck and very much appreciate his time & attention I was just getting a little overzealous. Quote
macp Posted April 15, 2013 Author Posted April 15, 2013 Apparently the website host was blocking my IP and the log gives the right date but the time is wrong as it shows my IP blocked @ 9am but we were not doing anything with the infected laptop until probably 2 or 3pm in the afternoon. Ok got home and yes we can now access the website. Sorry guys feel a little stupid this never occurred to me. The only thing I am concerned about now is the security of my connection/router ? Quote
KenB Posted April 15, 2013 Posted April 15, 2013 Sorry guys feel a little stupid this never occurred to me. Don't beat yourself up ........ it is not your fault and how were you to know ? Normally if you have been effectively banned from a site you will get an error message when you try to log in. The only thing I am concerned about now is the security of my connection/router ? I will let starbuck advise you on this after he has completed advising you on the previous logs. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted April 15, 2013 Posted April 15, 2013 Hi macp Sorry guys feel a little stupid this never occurred to me. No worries.... it didn't occur to me either. We've cleaned everything we can see on this system. As the problem seemed to start after 'Snap Do' arrived on the scene...... the ADWCleaner you ran, can be run on all the other systems. Use the same instructions.... it'll clean any remnants of Snap Do and any other adware from the system. We just need to finish off the cleaning procedure on this system now. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please uninstall ComboFix by Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png This action will uninstall Combofix and also perform a few cleanup measures By default, Windows 7 does not have the "Run" command on the start menu. It's easy to get this back. 1. Open the start menu. 2. Right click on a non-icon area and select "Properties". 3. Press the "Customize" button. 4. Scroll down and find the "Run command" checkbox. 5. Check it and press OK. 6. Press OK. You now have your run command on the start menu. Step 3 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed if it's installed. Step 4 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools may not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click Start >> Computer >> System Properties >> System Protection. Here you have a list of hard drives and partitions available in your computer - mostly just one. Select the drive that has "(System)" written after it and click Configure. select Turn off system protection under Restore Settings and click Delete button. Click Continue in confirmation window and click Close after the restore points have been deleted. Then click OK to close properties for the drive. Now reboot the system. Follow the above procedure again, only this time click Restore system settings and previous Versions of files. Then click OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: How did i get infected? Feel free to post the ADWCleaner reports from the other systems if you want and i'll take a look at what was removed. How are the other systems running? Quote Member of:UNITE
macp Posted April 16, 2013 Author Posted April 16, 2013 Thanks again to Starbuck and everyone else who were involved in resolving this issue. I will finish off the last process when I am back in the studio on Wednesday this week. I took the PC into the studio last night and it is running very sweetly so we are extremely grateful for your help. Many thanks from us all @ Celestial radio. Quote
Starbuck Posted April 16, 2013 Posted April 16, 2013 You are more than welcome. If you have any problems in the future, you know where we are. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.