PDA

View Full Version : Rootkit.0access infection



jeff1955
2012-10-11, 21:22
Noticed my computer running a bit slow, and my browser (Chrome) behaving strangely. I ran Spybot and Malwarebytes which reported 3 instances of Rootkit.0access. Malwarebytes reported the infections quarantined and removed but the symptoms persist. Reading a little tells me that this virus is hard to eradicate, and since, in the past, you have proved Ace Eradicators I thought I'd post for help.

Requested files/attachments below;

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Owner at 15:38:11 on 2012-10-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.1969 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\lxbccoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40512.2579166667
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3A6A56F4-96DF-4F86-9C5E-8E784021646C} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 ezGOSvc;Easybits GO Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe -service --> C:\Windows\system32\lxbccoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-20 2253120]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SaiH0004;SaiH0004;C:\Windows\system32\DRIVERS\SaiH0004.sys --> C:\Windows\system32\DRIVERS\SaiH0004.sys [?]
R3 SaiL0004;SaiL0004;C:\Windows\system32\DRIVERS\SaiL0004.sys --> C:\Windows\system32\DRIVERS\SaiL0004.sys [?]
R3 SaiU0004;SaiU0004;C:\Windows\system32\DRIVERS\SaiU0004.sys --> C:\Windows\system32\DRIVERS\SaiU0004.sys [?]
R3 SaiUFF52;SaiUFF52;C:\Windows\system32\DRIVERS\SaiUFF52.sys --> C:\Windows\system32\DRIVERS\SaiUFF52.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
S2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-11 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 SaiHFF52;SaiHFF52;C:\Windows\system32\DRIVERS\SaiHFF52.sys --> C:\Windows\system32\DRIVERS\SaiHFF52.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-10-11 13:26:43 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF114C03-5975-46D9-94EB-587641225D92}\mpengine.dll
2012-10-10 05:57:37 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 05:54:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 05:54:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 05:54:37 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 05:54:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 05:54:36 1268736 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 05:54:35 985088 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 05:54:35 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 05:54:35 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 05:54:35 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 05:54:35 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 05:54:33 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-06 07:51:30 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AE51929-5C9C-446C-BF11-19983DE67E94}\gapaengine.dll
2012-09-16 16:52:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\pdfforge
2012-09-16 16:52:14 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-09-16 16:52:14 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2012-09-16 16:52:13 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
.
==================== Find3M ====================
.
2012-10-08 17:53:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 17:53:53 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:06:52 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 18:06:49 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-31 18:06:49 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-30 21:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 21:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-31 08:05:07 103272 ----a-w- C:\Users\Owner\GoToAssistDownloadHelper.exe
2012-07-29 12:59:32 96768 ----a-w- C:\Windows\System32\pdfcmon.dll
.
============= FINISH: 15:38:58.24 ===============

aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 15:41:04
-----------------------------
15:41:04.579 OS Version: Windows x64 6.0.6002 Service Pack 2
15:41:04.579 Number of processors: 4 586 0x170A
15:41:04.579 ComputerName: PACKARDBELL UserName: Owner
15:41:05.653 Initialize success
15:42:04.490 AVAST engine defs: 12101100
15:46:22.533 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
15:46:22.537 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
15:46:22.559 Disk 0 MBR read successfully
15:46:22.561 Disk 0 MBR scan
15:46:22.656 Disk 0 unknown MBR code
15:46:22.676 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
15:46:22.710 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 297763 MB offset 30722048
15:46:22.751 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 297715 MB offset 640540672
15:46:22.851 Disk 0 scanning C:\Windows\system32\drivers
15:46:45.253 Service scanning
15:47:07.202 Modules scanning
15:47:07.209 Disk 0 trace - called modules:
15:47:07.233 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
15:47:07.238 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f0d790]
15:47:07.242 3 CLASSPNP.SYS[fffffa60007d4c33] -> nt!IofCallDriver -> [0xfffffa8004cc7e40]
15:47:07.248 5 acpi.sys[fffffa60008c8fde] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8004104570]
15:47:08.733 AVAST engine scan C:\Windows
15:47:43.950 AVAST engine scan C:\Windows\system32
15:51:44.043 AVAST engine scan C:\Windows\system32\drivers
15:51:57.585 AVAST engine scan C:\Users\Owner
15:53:18.494 File: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Local State **SUSPICIOUS**
16:53:04.961 AVAST engine scan C:\ProgramData
17:04:35.667 Scan finished successfully
18:59:10.555 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:59:10.618 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Attach.txt (attached in Zip)

Jeff Simpson

.... subsequent to my thread starter I have discovered through Task Manager that when I load Chrome Browser the task manager reports 5 separate instances of Chrome as running processes, I don't know if this is significant but it smells strange to me! :(

Jeff

ken545
2012-10-13, 03:06
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR




Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

jeff1955
2012-10-13, 09:43
Thanks for the prompt attention Ken. I assume its ok to re-enable my security software and have done so.

ComboFix.txt report follows;

ComboFix 12-10-12.01 - Owner 13/10/2012 7:25.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2504 [GMT 1:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
c:\users\Owner\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\SysWow64\tmp9476.tmp
c:\windows\SysWow64\tmp9477.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-13 06:33 . 2012-10-13 06:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-13 06:33 . 2012-10-13 06:33 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-10-13 06:33 . 2012-10-13 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 06:14 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06C7020C-4221-47F8-8258-DDED650255E5}\mpengine.dll
2012-10-11 13:26 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 05:54 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 05:54 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 05:54 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 05:54 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 05:54 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 05:54 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 05:54 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 05:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 05:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 05:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 05:54 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-06 07:51 . 2012-10-04 05:56 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AE51929-5C9C-446C-BF11-19983DE67E94}\gapaengine.dll
2012-09-16 16:52 . 2012-09-20 05:58 -------- d-----w- c:\users\Owner\AppData\Roaming\pdfforge
2012-09-16 16:52 . 2012-05-05 10:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-09-16 16:52 . 2012-05-05 10:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-09-16 16:52 . 2012-05-05 10:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 06:33 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-10-08 17:53 . 2012-03-30 12:45 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 17:53 . 2011-08-11 12:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 05:56 . 2012-02-10 07:31 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-31 18:06 . 2012-08-31 18:07 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 18:06 . 2012-07-31 08:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 18:06 . 2010-09-11 18:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2011-04-27 15:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-29 12:59 . 2012-06-30 10:03 96768 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:53]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 09:16]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 09:16]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535933430-1658810301-3209298353-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 12:45]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535933430-1658810301-3209298353-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 12:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1535933430-1658810301-3209298353-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:07,9d,e8,0e,38,1c,e7,70,13,8e,5b,31,03,18,a1,d8,1d,c1,04,ce,77,f1,9a,
c2,df,d9,39,49,3d,df,5d,c9,12,da,f6,dc,9c,b7,e9,d5,9e,fa,12,99,e5,61,83,e2,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1535933430-1658810301-3209298353-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,91,93,32,0b,10,b6,07,9b,33,de,9d,89,1f,96,ae,60,af,cc,dd,20,
07,65,88,f7,ea,d2,09,24,bb,3b,1a,aa,ad,80,e1,08,d9,e0,71,82,aa,6f,3d,ae,48,\
"rkeysecu"=hex:3e,9c,76,39,6a,1c,27,d4,d1,81,6a,f6,e9,f8,08,55
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-10-13 07:37:01
ComboFix-quarantined-files.txt 2012-10-13 06:37
.
Pre-Run: 147,621,650,432 bytes free
Post-Run: 146,957,475,840 bytes free
.
- - End Of File - - E781B5762A6FB27BD42838526C5F8E38

Thanks again,

Jeff

ken545
2012-10-13, 12:16
Good Morning Jeff,

Combofix just removed some leftovers, do me a favor and open Malwarebytes and go to the report tab and copy and paste the last report that found and removed the latest threats into this thread for me to see.


Are you getting any browser redirects taking you to unwanted sites ?


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

jeff1955
2012-10-13, 21:22
Hi Ken,

No I am not getting any redirects.

Malwarebytes Log;

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 912101107

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/10/2012 14:12:56
mbam-log-2012-10-11 (14-12-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 572211
Time elapsed: 1 hour(s), 33 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Owner\Desktop\Backup\WINDOWS\Driver Cache\i386\mrxsmb.sys (Rootkit.0access) -> Quarantined and deleted successfully.
C:\Users\Owner\Desktop\Backup\WINDOWS\system32\dllcache\mrxsmb.sys (Rootkit.0access) -> Quarantined and deleted successfully.
C:\Users\Owner\Desktop\Backup\WINDOWS\system32\drivers\mrxsmb.sys (Rootkit.0access) -> Quarantined and deleted successfully.

TDSSKiller Log;

18:45:42.0339 1616 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:45:42.0526 1616 ============================================================
18:45:42.0526 1616 Current date / time: 2012/10/13 18:45:42.0526
18:45:42.0526 1616 SystemInfo:
18:45:42.0526 1616
18:45:42.0526 1616 OS Version: 6.0.6002 ServicePack: 2.0
18:45:42.0526 1616 Product type: Workstation
18:45:42.0526 1616 ComputerName: PACKARDBELL
18:45:42.0526 1616 UserName: Owner
18:45:42.0526 1616 Windows directory: C:\Windows
18:45:42.0526 1616 System windows directory: C:\Windows
18:45:42.0526 1616 Running under WOW64
18:45:42.0526 1616 Processor architecture: Intel x64
18:45:42.0526 1616 Number of processors: 4
18:45:42.0526 1616 Page size: 0x1000
18:45:42.0526 1616 Boot type: Normal boot
18:45:42.0526 1616 ============================================================
18:45:43.0197 1616 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:43.0228 1616 ============================================================
18:45:43.0228 1616 \Device\Harddisk0\DR0:
18:45:43.0228 1616 MBR partitions:
18:45:43.0228 1616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x24591800
18:45:43.0228 1616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x262DE000, BlocksNum 0x24579800
18:45:43.0228 1616 ============================================================
18:45:43.0244 1616 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:43.0291 1616 D: <-> \Device\Harddisk0\DR0\Partition2
18:45:43.0291 1616 ============================================================
18:45:43.0291 1616 Initialize success
18:45:43.0291 1616 ============================================================
18:45:49.0390 2892 ============================================================
18:45:49.0390 2892 Scan started
18:45:49.0390 2892 Mode: Manual;
18:45:49.0390 2892 ============================================================
18:45:49.0531 2892 ================ Scan system memory ========================
18:45:49.0531 2892 System memory - ok
18:45:49.0531 2892 ================ Scan services =============================
18:45:49.0624 2892 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:45:49.0640 2892 ACPI - ok
18:45:49.0702 2892 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:45:49.0702 2892 AdobeARMservice - ok
18:45:49.0780 2892 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:49.0780 2892 AdobeFlashPlayerUpdateSvc - ok
18:45:49.0827 2892 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:45:49.0843 2892 adp94xx - ok
18:45:49.0874 2892 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:45:49.0874 2892 adpahci - ok
18:45:49.0905 2892 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:45:49.0905 2892 adpu160m - ok
18:45:49.0921 2892 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:45:49.0921 2892 adpu320 - ok
18:45:49.0952 2892 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:45:49.0952 2892 AeLookupSvc - ok
18:45:49.0983 2892 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
18:45:49.0983 2892 AFD - ok
18:45:50.0014 2892 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:45:50.0014 2892 agp440 - ok
18:45:50.0045 2892 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:45:50.0045 2892 aic78xx - ok
18:45:50.0045 2892 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
18:45:50.0061 2892 ALG - ok
18:45:50.0077 2892 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
18:45:50.0077 2892 aliide - ok
18:45:50.0092 2892 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
18:45:50.0092 2892 amdide - ok
18:45:50.0108 2892 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:45:50.0108 2892 AmdK8 - ok
18:45:50.0123 2892 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
18:45:50.0139 2892 Appinfo - ok
18:45:50.0170 2892 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
18:45:50.0170 2892 arc - ok
18:45:50.0201 2892 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:45:50.0201 2892 arcsas - ok
18:45:50.0217 2892 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:45:50.0217 2892 AsyncMac - ok
18:45:50.0248 2892 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
18:45:50.0248 2892 atapi - ok
18:45:50.0264 2892 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:45:50.0279 2892 AudioEndpointBuilder - ok
18:45:50.0295 2892 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:45:50.0295 2892 AudioSrv - ok
18:45:50.0295 2892 Beep - ok
18:45:50.0326 2892 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
18:45:50.0342 2892 BFE - ok
18:45:50.0389 2892 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
18:45:50.0404 2892 BITS - ok
18:45:50.0420 2892 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:45:50.0420 2892 blbdrive - ok
18:45:50.0451 2892 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:45:50.0451 2892 bowser - ok
18:45:50.0467 2892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:45:50.0482 2892 BrFiltLo - ok
18:45:50.0482 2892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:45:50.0482 2892 BrFiltUp - ok
18:45:50.0498 2892 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
18:45:50.0498 2892 Browser - ok
18:45:50.0513 2892 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
18:45:50.0529 2892 Brserid - ok
18:45:50.0529 2892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:45:50.0529 2892 BrSerWdm - ok
18:45:50.0545 2892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:45:50.0545 2892 BrUsbMdm - ok
18:45:50.0560 2892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:45:50.0560 2892 BrUsbSer - ok
18:45:50.0576 2892 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:45:50.0576 2892 BTHMODEM - ok
18:45:50.0591 2892 catchme - ok
18:45:50.0623 2892 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:45:50.0623 2892 cdfs - ok
18:45:50.0654 2892 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:45:50.0654 2892 cdrom - ok
18:45:50.0685 2892 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
18:45:50.0685 2892 CertPropSvc - ok
18:45:50.0701 2892 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
18:45:50.0701 2892 circlass - ok
18:45:50.0732 2892 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
18:45:50.0732 2892 CLFS - ok
18:45:50.0763 2892 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:50.0779 2892 clr_optimization_v2.0.50727_32 - ok
18:45:50.0810 2892 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:45:50.0810 2892 clr_optimization_v2.0.50727_64 - ok
18:45:50.0857 2892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:50.0857 2892 clr_optimization_v4.0.30319_32 - ok
18:45:50.0888 2892 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:45:50.0888 2892 clr_optimization_v4.0.30319_64 - ok
18:45:50.0903 2892 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:45:50.0903 2892 cmdide - ok
18:45:50.0919 2892 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:45:50.0919 2892 Compbatt - ok
18:45:50.0919 2892 COMSysApp - ok
18:45:50.0950 2892 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:45:50.0950 2892 crcdisk - ok
18:45:50.0997 2892 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:45:50.0997 2892 CryptSvc - ok
18:45:51.0044 2892 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:45:51.0059 2892 DcomLaunch - ok
18:45:51.0075 2892 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:45:51.0075 2892 DfsC - ok
18:45:51.0153 2892 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
18:45:51.0215 2892 DFSR - ok
18:45:51.0247 2892 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:45:51.0262 2892 Dhcp - ok
18:45:51.0278 2892 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
18:45:51.0278 2892 disk - ok
18:45:51.0309 2892 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:45:51.0309 2892 Dnscache - ok
18:45:51.0340 2892 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
18:45:51.0340 2892 dot3svc - ok
18:45:51.0356 2892 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
18:45:51.0356 2892 DPS - ok
18:45:51.0387 2892 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:45:51.0387 2892 drmkaud - ok
18:45:51.0418 2892 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:45:51.0418 2892 DXGKrnl - ok
18:45:51.0434 2892 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
18:45:51.0449 2892 E1G60 - ok
18:45:51.0465 2892 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
18:45:51.0465 2892 EapHost - ok
18:45:51.0481 2892 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
18:45:51.0481 2892 Ecache - ok
18:45:51.0527 2892 [ 33510BE001CCDB5A01FCC88F4DD8DFC7 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:45:51.0543 2892 ehRecvr - ok
18:45:51.0559 2892 [ 1ABC6436B0EDAA3D496D9C827F92820D ] ehSched C:\Windows\ehome\ehsched.exe
18:45:51.0559 2892 ehSched - ok
18:45:51.0590 2892 [ 08F48CB2CD4019AFB0456869B49CD76F ] ehstart C:\Windows\ehome\ehstart.dll
18:45:51.0590 2892 ehstart - ok
18:45:51.0637 2892 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:45:51.0637 2892 elxstor - ok
18:45:51.0683 2892 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:45:51.0683 2892 EMDMgmt - ok
18:45:51.0699 2892 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:45:51.0699 2892 ErrDev - ok
18:45:51.0746 2892 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
18:45:51.0746 2892 EventSystem - ok
18:45:51.0777 2892 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
18:45:51.0777 2892 exfat - ok
18:45:51.0824 2892 [ BC680DC833672E54DB07F5F39D259B03 ] ezGOSvc C:\Windows\SysWOW64\ezGOSvc.dll
18:45:51.0824 2892 ezGOSvc - ok
18:45:51.0839 2892 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:45:51.0855 2892 fastfat - ok
18:45:51.0871 2892 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:45:51.0871 2892 fdc - ok
18:45:51.0886 2892 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
18:45:51.0886 2892 fdPHost - ok
18:45:51.0902 2892 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
18:45:51.0917 2892 FDResPub - ok
18:45:51.0933 2892 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:45:51.0933 2892 FileInfo - ok
18:45:51.0949 2892 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:45:51.0949 2892 Filetrace - ok
18:45:51.0949 2892 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:45:51.0964 2892 flpydisk - ok
18:45:51.0980 2892 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:45:51.0980 2892 FltMgr - ok
18:45:52.0058 2892 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
18:45:52.0073 2892 FontCache - ok
18:45:52.0105 2892 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:45:52.0105 2892 FontCache3.0.0.0 - ok
18:45:52.0136 2892 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:45:52.0136 2892 Fs_Rec - ok
18:45:52.0151 2892 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:45:52.0151 2892 gagp30kx - ok
18:45:52.0214 2892 [ 3EC75EA47770674767EC486393B411DC ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\830\g2aservice.exe
18:45:52.0214 2892 GoToAssist - ok
18:45:52.0245 2892 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
18:45:52.0261 2892 gpsvc - ok
18:45:52.0307 2892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:45:52.0307 2892 gupdate - ok
18:45:52.0323 2892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:45:52.0323 2892 gupdatem - ok
18:45:52.0339 2892 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:45:52.0354 2892 HdAudAddService - ok
18:45:52.0385 2892 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:45:52.0401 2892 HDAudBus - ok
18:45:52.0432 2892 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:45:52.0432 2892 HidBth - ok
18:45:52.0448 2892 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:45:52.0448 2892 HidIr - ok
18:45:52.0463 2892 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
18:45:52.0463 2892 hidserv - ok
18:45:52.0479 2892 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:45:52.0479 2892 HidUsb - ok
18:45:52.0495 2892 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
18:45:52.0510 2892 hkmsvc - ok
18:45:52.0526 2892 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:45:52.0526 2892 HpCISSs - ok
18:45:52.0557 2892 [ 894A75A3D6BFD97D73BF60D3022B567A ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:45:52.0557 2892 HTCAND64 - ok
18:45:52.0588 2892 [ 4F6C3122817049997CD696D4A38BFACB ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
18:45:52.0588 2892 htcnprot - ok
18:45:52.0619 2892 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:45:52.0635 2892 HTTP - ok
18:45:52.0666 2892 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:45:52.0666 2892 i2omp - ok
18:45:52.0697 2892 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:45:52.0697 2892 i8042prt - ok
18:45:52.0713 2892 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:45:52.0713 2892 iaStorV - ok
18:45:52.0760 2892 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:45:52.0775 2892 IDriverT - ok
18:45:52.0807 2892 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:45:52.0822 2892 idsvc - ok
18:45:52.0853 2892 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:45:52.0853 2892 iirsp - ok
18:45:52.0869 2892 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
18:45:52.0885 2892 IKEEXT - ok
18:45:52.0947 2892 [ F5AA166953FC4C03503E1345EF2D429A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:45:52.0963 2892 IntcAzAudAddService - ok
18:45:52.0994 2892 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
18:45:52.0994 2892 intelide - ok
18:45:53.0009 2892 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:45:53.0009 2892 intelppm - ok
18:45:53.0041 2892 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:45:53.0041 2892 IPBusEnum - ok
18:45:53.0056 2892 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:45:53.0056 2892 IpFilterDriver - ok
18:45:53.0087 2892 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:45:53.0087 2892 iphlpsvc - ok
18:45:53.0087 2892 IpInIp - ok
18:45:53.0103 2892 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:45:53.0103 2892 IPMIDRV - ok
18:45:53.0119 2892 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:45:53.0119 2892 IPNAT - ok
18:45:53.0134 2892 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:45:53.0134 2892 IRENUM - ok
18:45:53.0165 2892 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:45:53.0165 2892 isapnp - ok
18:45:53.0197 2892 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:45:53.0197 2892 iScsiPrt - ok
18:45:53.0228 2892 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:45:53.0228 2892 iteatapi - ok
18:45:53.0259 2892 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:45:53.0259 2892 iteraid - ok
18:45:53.0259 2892 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:45:53.0259 2892 kbdclass - ok
18:45:53.0290 2892 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:45:53.0290 2892 kbdhid - ok
18:45:53.0321 2892 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
18:45:53.0321 2892 KeyIso - ok
18:45:53.0353 2892 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:45:53.0368 2892 KSecDD - ok
18:45:53.0384 2892 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:45:53.0384 2892 ksthunk - ok
18:45:53.0415 2892 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
18:45:53.0431 2892 KtmRm - ok
18:45:53.0462 2892 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:45:53.0462 2892 LanmanServer - ok
18:45:53.0493 2892 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:45:53.0493 2892 LanmanWorkstation - ok
18:45:53.0509 2892 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:45:53.0509 2892 lltdio - ok
18:45:53.0540 2892 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:45:53.0540 2892 lltdsvc - ok
18:45:53.0555 2892 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:45:53.0555 2892 lmhosts - ok
18:45:53.0571 2892 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:45:53.0571 2892 LSI_FC - ok
18:45:53.0587 2892 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:45:53.0587 2892 LSI_SAS - ok
18:45:53.0602 2892 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:45:53.0602 2892 LSI_SCSI - ok
18:45:53.0618 2892 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
18:45:53.0618 2892 luafv - ok
18:45:53.0633 2892 LVcKap64 - ok
18:45:53.0665 2892 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
18:45:53.0665 2892 LVRS64 - ok
18:45:53.0774 2892 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
18:45:53.0852 2892 LVUVC64 - ok
18:45:53.0883 2892 lxbc_device - ok
18:45:53.0914 2892 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
18:45:53.0930 2892 McciCMService - ok
18:45:53.0945 2892 [ 6DA30C0DE0CC8525E89D612C5063CAC1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:45:53.0945 2892 Mcx2Svc - ok
18:45:53.0977 2892 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
18:45:53.0977 2892 megasas - ok
18:45:53.0992 2892 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:45:53.0992 2892 MegaSR - ok
18:45:54.0023 2892 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
18:45:54.0023 2892 MMCSS - ok
18:45:54.0055 2892 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
18:45:54.0055 2892 Modem - ok
18:45:54.0070 2892 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:45:54.0070 2892 monitor - ok
18:45:54.0086 2892 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:45:54.0086 2892 mouclass - ok
18:45:54.0101 2892 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:45:54.0101 2892 mouhid - ok
18:45:54.0117 2892 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:45:54.0117 2892 MountMgr - ok
18:45:54.0148 2892 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:45:54.0148 2892 MpFilter - ok
18:45:54.0179 2892 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
18:45:54.0179 2892 mpio - ok
18:45:54.0195 2892 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:45:54.0195 2892 mpsdrv - ok
18:45:54.0226 2892 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
18:45:54.0242 2892 MpsSvc - ok
18:45:54.0257 2892 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:45:54.0257 2892 Mraid35x - ok
18:45:54.0289 2892 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
18:45:54.0289 2892 MREMP50 - ok
18:45:54.0304 2892 MREMPR5 - ok
18:45:54.0304 2892 MRENDIS5 - ok
18:45:54.0335 2892 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
18:45:54.0335 2892 MRESP50 - ok
18:45:54.0351 2892 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:45:54.0351 2892 MRxDAV - ok
18:45:54.0382 2892 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:45:54.0382 2892 mrxsmb - ok
18:45:54.0398 2892 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:45:54.0398 2892 mrxsmb10 - ok
18:45:54.0413 2892 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:45:54.0413 2892 mrxsmb20 - ok
18:45:54.0429 2892 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
18:45:54.0445 2892 msahci - ok
18:45:54.0445 2892 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:45:54.0460 2892 msdsm - ok
18:45:54.0476 2892 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
18:45:54.0476 2892 MSDTC - ok
18:45:54.0491 2892 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:45:54.0491 2892 Msfs - ok
18:45:54.0523 2892 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:45:54.0523 2892 msisadrv - ok
18:45:54.0538 2892 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:45:54.0538 2892 MSiSCSI - ok
18:45:54.0554 2892 msiserver - ok
18:45:54.0569 2892 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:45:54.0569 2892 MSKSSRV - ok
18:45:54.0601 2892 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:45:54.0601 2892 MsMpSvc - ok
18:45:54.0616 2892 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:45:54.0616 2892 MSPCLOCK - ok
18:45:54.0632 2892 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:45:54.0632 2892 MSPQM - ok
18:45:54.0647 2892 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:45:54.0663 2892 MsRPC - ok
18:45:54.0663 2892 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:45:54.0663 2892 mssmbios - ok
18:45:54.0679 2892 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:45:54.0679 2892 MSTEE - ok
18:45:54.0694 2892 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
18:45:54.0694 2892 Mup - ok
18:45:54.0710 2892 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
18:45:54.0725 2892 napagent - ok
18:45:54.0741 2892 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:45:54.0741 2892 NativeWifiP - ok
18:45:54.0757 2892 NAVENG - ok
18:45:54.0772 2892 NAVEX15 - ok
18:45:54.0803 2892 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:45:54.0819 2892 NDIS - ok
18:45:54.0835 2892 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:45:54.0835 2892 NdisTapi - ok
18:45:54.0850 2892 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:45:54.0866 2892 Ndisuio - ok
18:45:54.0881 2892 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:45:54.0881 2892 NdisWan - ok
18:45:54.0913 2892 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:45:54.0913 2892 NDProxy - ok
18:45:54.0991 2892 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
18:45:55.0022 2892 Nero BackItUp Scheduler 3 - ok
18:45:55.0053 2892 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:45:55.0053 2892 NetBIOS - ok
18:45:55.0084 2892 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:45:55.0084 2892 netbt - ok
18:45:55.0084 2892 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
18:45:55.0084 2892 Netlogon - ok
18:45:55.0115 2892 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
18:45:55.0115 2892 Netman - ok
18:45:55.0131 2892 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
18:45:55.0131 2892 netprofm - ok
18:45:55.0162 2892 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:55.0162 2892 NetTcpPortSharing - ok
18:45:55.0178 2892 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:45:55.0178 2892 nfrd960 - ok
18:45:55.0193 2892 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:45:55.0193 2892 NisDrv - ok
18:45:55.0225 2892 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:45:55.0225 2892 NisSrv - ok
18:45:55.0256 2892 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
18:45:55.0256 2892 NlaSvc - ok
18:45:55.0318 2892 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
18:45:55.0334 2892 NMIndexingService - ok
18:45:55.0365 2892 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:45:55.0365 2892 Npfs - ok
18:45:55.0365 2892 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
18:45:55.0365 2892 nsi - ok
18:45:55.0381 2892 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:45:55.0381 2892 nsiproxy - ok
18:45:55.0427 2892 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:45:55.0443 2892 Ntfs - ok
18:45:55.0459 2892 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
18:45:55.0459 2892 Null - ok
18:45:55.0505 2892 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:45:55.0505 2892 NVHDA - ok
18:45:55.0739 2892 [ B34E9BFBD9C61048EF6281C3E7EC210A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:45:55.0927 2892 nvlddmkm - ok
18:45:55.0942 2892 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:45:55.0942 2892 nvraid - ok
18:45:55.0958 2892 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:45:55.0958 2892 nvstor - ok
18:45:55.0989 2892 [ 3EAE16D8E9C4ED4725186EACE6F5357A ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
18:45:55.0989 2892 nvstor64 - ok
18:45:56.0020 2892 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] NVSvc C:\Windows\system32\nvvsvc.exe
18:45:56.0036 2892 NVSvc - ok
18:45:56.0129 2892 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:45:56.0176 2892 nvUpdatusService - ok
18:45:56.0192 2892 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:45:56.0192 2892 nv_agp - ok
18:45:56.0207 2892 NwlnkFlt - ok
18:45:56.0207 2892 NwlnkFwd - ok
18:45:56.0239 2892 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:45:56.0239 2892 ohci1394 - ok
18:45:56.0270 2892 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:45:56.0285 2892 p2pimsvc - ok
18:45:56.0317 2892 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
18:45:56.0317 2892 p2psvc - ok
18:45:56.0332 2892 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
18:45:56.0332 2892 Parport - ok
18:45:56.0363 2892 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:45:56.0363 2892 partmgr - ok
18:45:56.0410 2892 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
18:45:56.0457 2892 PassThru Service - ok
18:45:56.0473 2892 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
18:45:56.0473 2892 PcaSvc - ok
18:45:56.0488 2892 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
18:45:56.0488 2892 pci - ok
18:45:56.0519 2892 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
18:45:56.0519 2892 pciide - ok
18:45:56.0535 2892 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:45:56.0551 2892 pcmcia - ok
18:45:56.0582 2892 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:45:56.0597 2892 PEAUTH - ok
18:45:56.0738 2892 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:45:56.0738 2892 PerfHost - ok
18:45:56.0816 2892 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
18:45:56.0831 2892 pla - ok
18:45:56.0863 2892 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
18:45:56.0878 2892 PLFlash DeviceIoControl Service - ok
18:45:56.0894 2892 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:45:56.0894 2892 PlugPlay - ok
18:45:56.0909 2892 PnkBstrA - ok
18:45:56.0941 2892 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:45:56.0956 2892 PNRPAutoReg - ok
18:45:57.0003 2892 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:45:57.0003 2892 PNRPsvc - ok
18:45:57.0034 2892 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:45:57.0050 2892 PolicyAgent - ok
18:45:57.0081 2892 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:45:57.0081 2892 PptpMiniport - ok
18:45:57.0097 2892 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
18:45:57.0097 2892 Processor - ok
18:45:57.0128 2892 prodrv06 - ok
18:45:57.0159 2892 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
18:45:57.0159 2892 ProfSvc - ok
18:45:57.0175 2892 prohlp02 - ok
18:45:57.0175 2892 prosync1 - ok
18:45:57.0206 2892 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
18:45:57.0206 2892 ProtectedStorage - ok
18:45:57.0221 2892 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:45:57.0221 2892 PSched - ok
18:45:57.0253 2892 [ B490D659791AB9DD83328541EBC4EF33 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
18:45:57.0268 2892 PSI - ok
18:45:57.0299 2892 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:45:57.0315 2892 ql2300 - ok
18:45:57.0346 2892 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:45:57.0346 2892 ql40xx - ok
18:45:57.0362 2892 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
18:45:57.0377 2892 QWAVE - ok
18:45:57.0377 2892 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:45:57.0377 2892 QWAVEdrv - ok
18:45:57.0393 2892 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:45:57.0393 2892 RasAcd - ok
18:45:57.0409 2892 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
18:45:57.0409 2892 RasAuto - ok
18:45:57.0424 2892 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:45:57.0424 2892 Rasl2tp - ok
18:45:57.0440 2892 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
18:45:57.0440 2892 RasMan - ok
18:45:57.0471 2892 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:45:57.0471 2892 RasPppoe - ok
18:45:57.0487 2892 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:45:57.0487 2892 RasSstp - ok
18:45:57.0518 2892 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:45:57.0518 2892 rdbss - ok
18:45:57.0533 2892 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:45:57.0533 2892 RDPCDD - ok
18:45:57.0565 2892 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:45:57.0565 2892 rdpdr - ok
18:45:57.0580 2892 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:45:57.0580 2892 RDPENCDD - ok
18:45:57.0596 2892 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:45:57.0611 2892 RDPWD - ok
18:45:57.0627 2892 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:45:57.0643 2892 RemoteAccess - ok
18:45:57.0658 2892 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:45:57.0658 2892 RemoteRegistry - ok
18:45:57.0689 2892 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
18:45:57.0689 2892 RpcLocator - ok
18:45:57.0721 2892 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
18:45:57.0721 2892 RpcSs - ok
18:45:57.0736 2892 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:45:57.0736 2892 rspndr - ok
18:45:57.0783 2892 [ DFADCAE64AEBE2C67DA9CD2AE74CCDE5 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
18:45:57.0783 2892 RTL8169 - ok
18:45:57.0814 2892 [ 248ABD858FF7DCC966E5A54529DDD225 ] SaiH0004 C:\Windows\system32\DRIVERS\SaiH0004.sys
18:45:57.0845 2892 SaiH0004 - ok
18:45:57.0877 2892 [ 248ABD858FF7DCC966E5A54529DDD225 ] SaiHFF52 C:\Windows\system32\DRIVERS\SaiHFF52.sys
18:45:57.0908 2892 SaiHFF52 - ok
18:45:57.0923 2892 [ 4E0E0D54F4A812F307BE9A31DAC5E8AB ] SaiL0004 C:\Windows\system32\DRIVERS\SaiL0004.sys
18:45:57.0939 2892 SaiL0004 - ok
18:45:57.0955 2892 [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
18:45:57.0970 2892 SaiMini - ok
18:45:58.0001 2892 [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
18:45:58.0017 2892 SaiNtBus - ok
18:45:58.0033 2892 [ 547B16D072A3AFCE5807BE20C3F4734B ] SaiU0004 C:\Windows\system32\DRIVERS\SaiU0004.sys
18:45:58.0048 2892 SaiU0004 - ok
18:45:58.0064 2892 [ 547B16D072A3AFCE5807BE20C3F4734B ] SaiUFF52 C:\Windows\system32\DRIVERS\SaiUFF52.sys
18:45:58.0079 2892 SaiUFF52 - ok
18:45:58.0095 2892 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
18:45:58.0095 2892 SamSs - ok
18:45:58.0111 2892 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:45:58.0126 2892 sbp2port - ok
18:45:58.0204 2892 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:45:59.0452 2892 SBSDWSCService - ok
18:45:59.0468 2892 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:45:59.0468 2892 SCardSvr - ok
18:45:59.0515 2892 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
18:45:59.0530 2892 Schedule - ok
18:45:59.0546 2892 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:45:59.0546 2892 SCPolicySvc - ok
18:45:59.0561 2892 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:45:59.0561 2892 SDRSVC - ok
18:45:59.0577 2892 [ 3EA8A16169C26AFBEB544E0E48421186 ] Secdrv C:\Windows\system32\drivers\SECDRV.SYS
18:45:59.0577 2892 Secdrv - ok
18:45:59.0593 2892 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
18:45:59.0593 2892 seclogon - ok
18:45:59.0608 2892 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
18:45:59.0624 2892 SENS - ok
18:45:59.0624 2892 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:45:59.0639 2892 Serenum - ok
18:45:59.0639 2892 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
18:45:59.0655 2892 Serial - ok
18:45:59.0655 2892 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:45:59.0655 2892 sermouse - ok
18:45:59.0686 2892 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
18:45:59.0686 2892 SessionEnv - ok
18:45:59.0686 2892 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:45:59.0686 2892 sffdisk - ok
18:45:59.0702 2892 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:45:59.0702 2892 sffp_mmc - ok
18:45:59.0717 2892 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:45:59.0717 2892 sffp_sd - ok
18:45:59.0733 2892 sfhlp01 - ok
18:45:59.0749 2892 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:45:59.0749 2892 sfloppy - ok
18:45:59.0764 2892 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:45:59.0764 2892 SharedAccess - ok
18:45:59.0795 2892 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:45:59.0795 2892 ShellHWDetection - ok
18:45:59.0811 2892 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:45:59.0811 2892 SiSRaid2 - ok
18:45:59.0827 2892 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:45:59.0827 2892 SiSRaid4 - ok
18:45:59.0873 2892 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:45:59.0873 2892 SkypeUpdate - ok
18:45:59.0936 2892 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
18:45:59.0983 2892 slsvc - ok
18:45:59.0998 2892 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:46:00.0014 2892 SLUINotify - ok
18:46:00.0029 2892 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:46:00.0029 2892 Smb - ok
18:46:00.0076 2892 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:46:00.0076 2892 SNMPTRAP - ok
18:46:00.0092 2892 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
18:46:00.0092 2892 spldr - ok
18:46:00.0123 2892 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
18:46:00.0123 2892 Spooler - ok
18:46:00.0123 2892 SRTSP - ok
18:46:00.0139 2892 SRTSPX - ok
18:46:00.0154 2892 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
18:46:00.0170 2892 srv - ok
18:46:00.0170 2892 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:46:00.0185 2892 srv2 - ok
18:46:00.0201 2892 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:46:00.0201 2892 srvnet - ok
18:46:00.0217 2892 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:46:00.0217 2892 SSDPSRV - ok
18:46:00.0232 2892 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:46:00.0248 2892 SstpSvc - ok
18:46:00.0279 2892 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:46:00.0279 2892 Stereo Service - ok
18:46:00.0310 2892 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:46:00.0310 2892 StillCam - ok
18:46:00.0341 2892 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
18:46:00.0357 2892 stisvc - ok
18:46:00.0373 2892 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:46:00.0373 2892 swenum - ok
18:46:00.0404 2892 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
18:46:00.0404 2892 swprv - ok
18:46:00.0419 2892 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:46:00.0435 2892 Symc8xx - ok
18:46:00.0451 2892 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:46:00.0451 2892 Sym_hi - ok
18:46:00.0466 2892 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:46:00.0466 2892 Sym_u3 - ok
18:46:00.0497 2892 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
18:46:00.0513 2892 SysMain - ok
18:46:00.0529 2892 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:46:00.0529 2892 TabletInputService - ok
18:46:00.0560 2892 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:46:00.0560 2892 TapiSrv - ok
18:46:00.0575 2892 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
18:46:00.0575 2892 TBS - ok
18:46:00.0622 2892 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:46:00.0653 2892 Tcpip - ok
18:46:00.0669 2892 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:46:00.0685 2892 Tcpip6 - ok
18:46:00.0700 2892 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:46:00.0700 2892 tcpipreg - ok
18:46:00.0716 2892 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:46:00.0716 2892 TDPIPE - ok
18:46:00.0731 2892 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:46:00.0731 2892 TDTCP - ok
18:46:00.0747 2892 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:46:00.0747 2892 tdx - ok
18:46:00.0747 2892 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:46:00.0763 2892 TermDD - ok
18:46:00.0778 2892 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
18:46:00.0809 2892 TermService - ok
18:46:00.0825 2892 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
18:46:00.0825 2892 Themes - ok
18:46:00.0856 2892 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
18:46:00.0856 2892 THREADORDER - ok
18:46:00.0872 2892 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
18:46:00.0872 2892 TrkWks - ok
18:46:00.0903 2892 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:46:00.0903 2892 TrustedInstaller - ok
18:46:00.0919 2892 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:46:00.0919 2892 tssecsrv - ok
18:46:00.0950 2892 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:46:00.0950 2892 tunmp - ok
18:46:00.0965 2892 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:46:00.0965 2892 tunnel - ok
18:46:00.0981 2892 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:46:00.0981 2892 uagp35 - ok
18:46:00.0997 2892 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:46:01.0012 2892 udfs - ok
18:46:01.0043 2892 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:46:01.0043 2892 UI0Detect - ok
18:46:01.0059 2892 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:46:01.0059 2892 uliagpkx - ok
18:46:01.0075 2892 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:46:01.0090 2892 uliahci - ok
18:46:01.0090 2892 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:46:01.0106 2892 UlSata - ok
18:46:01.0121 2892 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:46:01.0121 2892 ulsata2 - ok
18:46:01.0137 2892 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:46:01.0137 2892 umbus - ok
18:46:01.0184 2892 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:46:01.0184 2892 UMVPFSrv - ok
18:46:01.0215 2892 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
18:46:01.0215 2892 upnphost - ok
18:46:01.0246 2892 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:46:01.0262 2892 usbaudio - ok
18:46:01.0293 2892 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:46:01.0293 2892 usbccgp - ok
18:46:01.0309 2892 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:46:01.0309 2892 usbcir - ok
18:46:01.0340 2892 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:46:01.0340 2892 usbehci - ok
18:46:01.0355 2892 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:46:01.0355 2892 usbhub - ok
18:46:01.0371 2892 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:46:01.0371 2892 usbohci - ok
18:46:01.0387 2892 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:46:01.0387 2892 usbprint - ok
18:46:01.0402 2892 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:46:01.0402 2892 usbscan - ok
18:46:01.0418 2892 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\DRIVERS\usbser.sys
18:46:01.0418 2892 usbser - ok
18:46:01.0433 2892 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:46:01.0449 2892 USBSTOR - ok
18:46:01.0465 2892 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:46:01.0465 2892 usbuhci - ok
18:46:01.0480 2892 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:46:01.0496 2892 usbvideo - ok
18:46:01.0527 2892 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:46:01.0527 2892 usb_rndisx - ok
18:46:01.0543 2892 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
18:46:01.0543 2892 UxSms - ok
18:46:01.0574 2892 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
18:46:01.0574 2892 vds - ok
18:46:01.0605 2892 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:46:01.0605 2892 vga - ok
18:46:01.0621 2892 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:46:01.0621 2892 VgaSave - ok
18:46:01.0636 2892 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
18:46:01.0636 2892 viaide - ok
18:46:01.0667 2892 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:46:01.0667 2892 volmgr - ok
18:46:01.0699 2892 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:46:01.0699 2892 volmgrx - ok
18:46:01.0714 2892 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:46:01.0730 2892 volsnap - ok
18:46:01.0745 2892 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:46:01.0745 2892 vsmraid - ok
18:46:01.0792 2892 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
18:46:01.0808 2892 VSS - ok
18:46:01.0855 2892 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
18:46:01.0870 2892 W32Time - ok
18:46:01.0901 2892 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:46:01.0901 2892 WacomPen - ok
18:46:01.0917 2892 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:46:01.0917 2892 Wanarp - ok
18:46:01.0917 2892 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:46:01.0917 2892 Wanarpv6 - ok
18:46:01.0948 2892 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:46:01.0964 2892 wcncsvc - ok
18:46:01.0979 2892 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:46:01.0979 2892 WcsPlugInService - ok
18:46:01.0995 2892 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
18:46:01.0995 2892 Wd - ok
18:46:02.0026 2892 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:46:02.0042 2892 Wdf01000 - ok
18:46:02.0073 2892 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:46:02.0073 2892 WdiServiceHost - ok
18:46:02.0089 2892 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:46:02.0089 2892 WdiSystemHost - ok
18:46:02.0104 2892 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
18:46:02.0104 2892 WebClient - ok
18:46:02.0120 2892 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:46:02.0135 2892 Wecsvc - ok
18:46:02.0151 2892 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:46:02.0151 2892 wercplsupport - ok
18:46:02.0167 2892 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
18:46:02.0167 2892 WerSvc - ok
18:46:02.0182 2892 WinDefend - ok
18:46:02.0182 2892 WinHttpAutoProxySvc - ok
18:46:02.0213 2892 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:46:02.0229 2892 Winmgmt - ok
18:46:02.0276 2892 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
18:46:02.0307 2892 WinRM - ok
18:46:02.0338 2892 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:46:02.0354 2892 Wlansvc - ok
18:46:02.0447 2892 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:46:02.0479 2892 wlidsvc - ok
18:46:02.0510 2892 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:46:02.0510 2892 WmiAcpi - ok
18:46:02.0510 2892 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:46:02.0525 2892 wmiApSrv - ok
18:46:02.0525 2892 WMPNetworkSvc - ok
18:46:02.0541 2892 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:46:02.0541 2892 WPCSvc - ok
18:46:02.0557 2892 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:46:02.0572 2892 WPDBusEnum - ok
18:46:02.0588 2892 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:46:02.0603 2892 WpdUsb - ok
18:46:02.0681 2892 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:46:02.0697 2892 WPFFontCache_v0400 - ok
18:46:02.0713 2892 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:46:02.0713 2892 ws2ifsl - ok
18:46:02.0728 2892 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
18:46:02.0728 2892 wscsvc - ok
18:46:02.0728 2892 WSearch - ok
18:46:02.0791 2892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:46:02.0837 2892 wuauserv - ok
18:46:02.0869 2892 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:46:02.0869 2892 WUDFRd - ok
18:46:02.0884 2892 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:46:02.0884 2892 wudfsvc - ok
18:46:02.0900 2892 ================ Scan global ===============================
18:46:02.0931 2892 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
18:46:02.0947 2892 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:46:02.0978 2892 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:46:02.0993 2892 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
18:46:03.0009 2892 [Global] - ok
18:46:03.0009 2892 ================ Scan MBR ==================================
18:46:03.0009 2892 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
18:46:04.0990 2892 \Device\Harddisk0\DR0 - ok
18:46:04.0990 2892 ================ Scan VBR ==================================
18:46:05.0006 2892 [ D1ADDCC134D5CDE60791C61241557983 ] \Device\Harddisk0\DR0\Partition1
18:46:05.0006 2892 \Device\Harddisk0\DR0\Partition1 - ok
18:46:05.0021 2892 [ 5947425012D61A8D9C6B9A212460563A ] \Device\Harddisk0\DR0\Partition2
18:46:05.0021 2892 \Device\Harddisk0\DR0\Partition2 - ok
18:46:05.0021 2892 ============================================================
18:46:05.0021 2892 Scan finished
18:46:05.0021 2892 ============================================================
18:46:05.0037 0232 Detected object count: 0
18:46:05.0037 0232 Actual detected object count: 0
18:49:58.0147 4024 Deinitialize success


OTL Logs in next reply ...

jeff1955
2012-10-13, 21:27
OTL Logs

OTL.Txt;

OTL logfile created on: 13/10/2012 18:56:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.40% Memory free
8.22 Gb Paging File | 6.48 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.78 Gb Total Space | 133.07 Gb Free Space | 45.76% Space Free | Partition Type: NTFS
Drive D: | 290.74 Gb Total Space | 177.82 Gb Free Space | 61.16% Space Free | Partition Type: NTFS
Drive E: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PACKARDBELL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe (Packard Bell BV)
PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxbc_device) -- C:\Windows\SysNative\lxbccoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\830\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ezGOSvc) -- C:\Windows\SysWOW64\ezGOSvc.dll ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\SysWOW64\lxbccoms.exe ( )
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\DRIVERS\psi_mf.sys (Secunia)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SaiH0004) -- C:\Windows\SysNative\DRIVERS\SaiH0004.sys (Saitek)
DRV:64bit: - (SaiU0004) -- C:\Windows\SysNative\DRIVERS\SaiU0004.sys (Saitek)
DRV:64bit: - (SaiL0004) -- C:\Windows\SysNative\DRIVERS\SaiL0004.sys (Saitek)
DRV:64bit: - (SaiHFF52) -- C:\Windows\SysNative\DRIVERS\SaiHFF52.sys (Saitek)
DRV:64bit: - (SaiUFF52) -- C:\Windows\SysNative\DRIVERS\SaiUFF52.sys (Saitek)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (prohlp02) -- C:\Windows\SysWOW64\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\SysWOW64\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\SysWOW64\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\SysWOW64\drivers\prosync1.sys (Protection Technology)
DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=1v3607090606p0385vq55y46619201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.com/mrc/fix_homepage/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{2B8E5FA4-7506-45E6-ABE2-6418CB4C5723}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{43F6C7A9-732F-4FE9-BB68-32A752691DF5}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{4A7E2A04-E5FB-4DBE-A2A7-54A30A8520F7}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{66866A5E-4EF0-4374-B5D1-DA5DFA8D3760}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_en
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{D93E2F42-DAE3-4990-8C97-A966ECB05A43}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{ED1B35FD-0524-48B2-BE1D-61DF72ED3314}: "URL" = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\SearchScopes\{F5CA8D90-E4DB-415F-ACBB-57EBFDB7DE8C}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{2B8E5FA4-7506-45E6-ABE2-6418CB4C5723}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{43F6C7A9-732F-4FE9-BB68-32A752691DF5}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{4A7E2A04-E5FB-4DBE-A2A7-54A30A8520F7}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{66866A5E-4EF0-4374-B5D1-DA5DFA8D3760}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_en
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{D93E2F42-DAE3-4990-8C97-A966ECB05A43}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{ED1B35FD-0524-48B2-BE1D-61DF72ED3314}: "URL" = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\SearchScopes\{F5CA8D90-E4DB-415F-ACBB-57EBFDB7DE8C}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Owner\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_en
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Myriad Music Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\NPMyrMus.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Owner\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\

O1 HOSTS File: ([2012/10/13 07:34:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .mu3 - C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files (x86)\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40512.2579166667 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A6A56F4-96DF-4F86-9C5E-8E784021646C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\830\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\830\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\packard bell\wallpaper\Lounge_1900x1440.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\packard bell\wallpaper\Lounge_1900x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/25 18:50:48 | 000,626,688 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/03/25 18:50:48 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1535933430-1658810301-3209298353-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/13 18:43:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2012/10/13 18:43:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/13 08:22:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/13 07:37:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/13 07:37:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/10/13 07:22:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/13 07:22:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/13 07:22:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/13 07:22:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/13 07:20:46 | 004,771,502 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/11 15:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/11 14:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/10/10 06:54:37 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 06:54:36 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 06:54:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/10 06:54:33 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/09/22 08:19:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 08:19:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 08:19:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 08:19:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 08:19:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 08:19:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 08:19:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 08:19:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 08:19:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 08:19:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 08:19:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 08:19:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 08:19:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 08:19:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/22 08:19:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/16 17:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/09/16 17:52:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\pdfforge
[2012/09/16 17:52:14 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012/09/16 17:52:14 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012/09/16 17:52:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[3 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/13 18:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/13 18:43:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/13 18:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1535933430-1658810301-3209298353-1000UA.job
[2012/10/13 18:22:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 18:22:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 18:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/13 08:29:00 | 000,716,800 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/13 08:29:00 | 000,617,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/13 08:29:00 | 000,112,716 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/13 08:22:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/13 08:22:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/13 07:34:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/13 07:23:36 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1535933430-1658810301-3209298353-1000Core.job
[2012/10/13 07:20:46 | 004,771,502 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/11 20:42:55 | 000,000,981 | ---- | M] () -- C:\Users\Owner\Desktop\Internet Explorer.lnk
[2012/10/11 15:13:02 | 000,000,881 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2012/10/11 07:26:02 | 000,002,006 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/08 18:53:53 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/08 18:53:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/08 11:54:19 | 000,002,619 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Word.lnk
[2012/10/02 20:43:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/24 11:43:55 | 000,116,084 | ---- | M] () -- C:\Users\Owner\Documents\MergedDocument1.pdf
[2012/09/16 17:52:19 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/09/16 17:52:19 | 000,000,680 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/09/16 17:10:48 | 000,064,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/16 12:58:00 | 000,002,617 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Excel.lnk
[3 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/13 07:22:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/13 07:22:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/13 07:22:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/13 07:22:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/13 07:22:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/11 20:42:55 | 000,000,981 | ---- | C] () -- C:\Users\Owner\Desktop\Internet Explorer.lnk
[2012/10/11 15:13:02 | 000,000,881 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2012/09/24 11:43:55 | 000,116,084 | ---- | C] () -- C:\Users\Owner\Documents\MergedDocument1.pdf
[2012/09/16 17:52:19 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/09/16 17:52:19 | 000,000,680 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/08/25 09:55:51 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2012/04/16 09:36:17 | 000,000,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/04/15 21:12:33 | 000,270,336 | ---- | C] () -- C:\Windows\IHelper.exe
[2012/04/15 21:12:33 | 000,000,663 | ---- | C] () -- C:\Windows\fe.INI
[2012/02/28 08:54:10 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/28 08:54:09 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/02/20 08:57:52 | 000,000,234 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/02/15 20:32:42 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/22 14:30:43 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2011/09/22 14:28:36 | 000,726,526 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/29 13:43:55 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011/07/07 21:25:05 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/06/13 20:09:16 | 000,002,032 | ---- | C] () -- C:\Windows\tabled32.ini
[2011/05/21 20:33:06 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/02/09 09:17:27 | 000,169,720 | ---- | C] () -- C:\Windows\SysWow64\MMPlugHostCtrl.dll
[2010/12/02 15:29:55 | 000,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2010/09/08 21:52:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/08 16:25:42 | 000,064,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/05 14:52:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/22 11:22:50 | 000,001,024 | ---- | C] () -- C:\Users\Owner\.rnd

========== ZeroAccess Check ==========

[2006/11/02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/10/11 19:45:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ACAMPREF
[2012/02/15 11:12:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2012/08/25 09:55:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Avid
[2011/08/27 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Camfrog
[2010/01/25 22:57:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit
[2011/10/28 10:31:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2012/03/19 10:10:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2012/03/06 07:37:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\go
[2011/06/20 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Guitar Pro 6
[2012/04/14 08:53:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HTC
[2011/08/20 21:34:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/07/11 08:40:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\JAM Software
[2010/08/05 16:11:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2009/09/23 13:10:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LinkManager 4.0
[2011/08/05 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MakeMusic
[2012/04/17 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mumble
[2011/06/11 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusE
[2009/09/23 13:31:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OneTouch 4.0
[2011/08/27 11:16:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2009/09/20 17:07:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Packard Bell
[2011/08/17 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Suite
[2011/04/01 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCTools
[2012/09/20 06:58:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\pdfforge
[2012/05/17 13:04:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RootsMagic
[2010/02/19 12:34:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Serif
[2011/11/09 16:12:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2012/09/04 10:57:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:9D1B94FD
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1061 bytes -> C:\Users\Owner\Documents\Your Amazon_co_uk order has dispatched (#026-4573117-0519552)love act 25.9.09.eml:OECustomProperty
@Alternate Data Stream - 1061 bytes -> C:\Users\Owner\Documents\Your Amazon_co_uk order has dispatched (#026-4573117-0519552)25.9.09.eml:OECustomProperty

< End of report >

Extras.Txt in next reply ...

jeff1955
2012-10-13, 21:28
Extras.Txt

OTL Extras logfile created on: 13/10/2012 18:56:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.40% Memory free
8.22 Gb Paging File | 6.48 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.78 Gb Total Space | 133.07 Gb Free Space | 45.76% Space Free | Partition Type: NTFS
Drive D: | 290.74 Gb Total Space | 177.82 Gb Free Space | 61.16% Space Free | Partition Type: NTFS
Drive E: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PACKARDBELL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1535933430-1658810301-3209298353-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2E 74 F5 C2 33 74 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036C0865-0FAF-4F0D-A447-28C34A46AFDB}" = lport=138 | protocol=17 | dir=in | app=system |
"{296AD6A1-128D-455C-A86D-FA180A954341}" = lport=139 | protocol=6 | dir=in | app=system |
"{48DDFE66-2D97-4974-9663-254A795BBFE4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EC58A91-F8E2-414D-B12B-49F94AEA8156}" = lport=137 | protocol=17 | dir=in | app=system |
"{99750A4B-9AE8-4349-AC0D-3EA9A2DEBE9D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{99A5EC52-3A07-4959-B484-A441249FC3C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{A51E4956-08F3-4C39-86F6-ABAF23452E92}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CAECD15C-D8AA-43FC-9820-945D1D9E7612}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD8E90BF-252A-40B0-9EC4-5A30CEF93894}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECCB3233-FE6F-4CCE-9F13-95CDADCFB206}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2890904-661C-4FBD-B2FD-90785C6BF565}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0218C219-C6C5-49AB-857F-46FC1B9C1AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{056EA521-D1D0-43B7-ADAD-318F439AA175}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{137BDC8C-C7DE-44DD-9320-85AAC11EA951}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A8FB140-8BBC-46F5-BB2D-6F472B586900}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{2BD64798-F9BB-4000-A246-15E20DC87C52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{309FC624-9429-48D9-A79D-A245947C8445}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{385A5E5B-98E9-4B7F-BBD4-9C27ED8F2A36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3A135EA4-DA53-4873-9638-BD08679C1378}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4309759E-67EE-4C3C-AB82-A34C9D327345}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |
"{457C826C-7FDF-4BAD-91C7-CF768F9E5438}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4F2BD770-6331-40E7-AFE9-AA41F1BC16A4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{58B6EEAD-299B-47D8-8BF1-ECA6303C97A5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{594F9D4F-37BD-45C9-A7D0-17AA0BD31782}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{67B45A8E-FB64-473D-9A11-582D4EE287B2}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{6F2C8EB6-4195-41EF-88DB-9A7A24B644E0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{70D983CE-79E9-4A44-8BB5-6FE14244B519}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{70F0AB10-6DBC-4A17-892E-7CF70F348F3E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{8C0AF202-C4A8-4F73-BBF6-64991A92D2EA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{8E19F626-6D99-4946-B9FD-B204D79FD8C6}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |
"{957AAAF8-F104-4C6C-A7A5-3188BE87EBE6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{9B2F987C-7429-40E1-90FF-13B3D3F865E2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{A37D25DA-0C70-499C-B130-762F188E05CC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{BD9763F0-D157-47F3-A074-34B929C9AD16}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{C7F5AF15-4A87-47FF-8F09-16C8025A9515}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{D5E53B1F-39DE-4D2F-818D-86C7618131FA}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{E7F25C07-F045-457F-9DDF-730C7300C78D}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{F0B079AA-87FA-4057-9C4F-E142A5C252E4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F1CCF8B4-D8DE-46A0-B7B3-C19103E9E342}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{F88CC53F-FA52-44F0-BA9C-B88001DD7282}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"TCP Query User{1745AF49-E284-4D2D-A4FE-26C60D21BD7C}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{1B5FC770-DD62-4FD4-BF16-B4A301E3745B}C:\users\owner\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\microsoft\age of empires online\spartan.exe |
"TCP Query User{3AC8C960-CDC1-494F-8D62-6AEA7F5249BB}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{457C480B-8827-47C0-AC69-82F91F691DA2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{59555DC0-DC94-4ECE-99DE-347445FBBC0D}D:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=d:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"TCP Query User{68B1B995-DB65-4C4E-82F9-DB6A3487DB8A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{7A26A3A1-C97D-4966-9A6D-B9E937130C66}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
"TCP Query User{A82864A5-3CE8-4D18-B27C-F24B73674B41}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
"TCP Query User{A9CB54E8-3AF4-448A-B062-C05F312ECC40}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{AC369E4C-0B3F-4410-8635-FC9C4B7C0AF6}D:\users\owner\documents\dwyco\cdc-x\cdcx.exe" = protocol=6 | dir=in | app=d:\users\owner\documents\dwyco\cdc-x\cdcx.exe |
"TCP Query User{AE64E837-1467-471B-BA26-B53539160888}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C817546E-8C20-47E9-856D-1E21E08E7386}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{D223AF86-FF66-493D-84A7-35E45321E281}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{DA37BAD9-DBA4-4255-8852-64BAA64B7712}D:\users\owner\documents\dwyco\cdc-x\cdcx.exe" = protocol=6 | dir=in | app=d:\users\owner\documents\dwyco\cdc-x\cdcx.exe |
"UDP Query User{064FACCD-D567-4B0A-82CA-994C4F58003A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{0EBACBC6-2C61-4B01-B9D3-FEC3A09E314B}D:\users\owner\documents\dwyco\cdc-x\cdcx.exe" = protocol=17 | dir=in | app=d:\users\owner\documents\dwyco\cdc-x\cdcx.exe |
"UDP Query User{10043E47-B8CF-495F-8DD8-F9DE7C429310}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
"UDP Query User{1BF103FA-0C01-4CCC-A34D-41DF948BA27F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{1DE7CF29-54D8-49CB-8667-CC13D1DD3FA9}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{3104D8DE-3006-41B8-87AF-AD1479173A7F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{4747EE80-20C2-48E6-BA15-296DF21ABCAA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{62951B67-95AE-4D96-9E5D-BBB1246F17EB}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{6BA4919E-CB54-462B-BB78-7C7EEC79DFB5}C:\users\owner\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\microsoft\age of empires online\spartan.exe |
"UDP Query User{82872FCC-93E6-4960-A6B6-36E66885DB5A}D:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=d:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"UDP Query User{8DA2F191-868A-4C57-8689-A6343FF1D3D9}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{A72FB217-DAA1-4BE2-B371-5184C3809ED8}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E3387943-8205-4187-AB87-B39C4C5B3063}C:\program files (x86)\microsoft games\links 2003\linksmmiii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\links 2003\linksmmiii.exe |
"UDP Query User{EB4C3ADF-5DF3-4CD0-9F0B-22B3041A858E}D:\users\owner\documents\dwyco\cdc-x\cdcx.exe" = protocol=17 | dir=in | app=d:\users\owner\documents\dwyco\cdc-x\cdcx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}" = Smart Technology Programming Software 7.0.2.7
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Sibelius 7.0.0.23_is1" = Sibelius 7.1.2.46

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{05BC428A-F2A5-4E11-8130-10C3237FD67B}" = Serif WebPlus X2 Resources
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{30EB024E-9FD0-45E6-849D-30CC6F1AF2F1}" = Serif PhotoPlus 10
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{44998978-7DDB-4AD0-BDF5-D226FBC029FE}" = Sibelius 7 OpenType Fonts
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{596DA8A2-C576-46F5-A92E-8C9CCECE4E9D}" = Serif PagePlus X3
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A8892A3-36BB-411E-85AA-6AEA544D028B}" = Far Cry (Patch 1.4)
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89A9B9EE-839E-4820-9450-2912C82F46AF}" = Avid License Control
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{946383CC-B47D-4817-A4D9-03F4E76A9003}" = Serif DrawPlus X2 Resources
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C1689DDD-6378-4966-8865-6292D7141A6A}_is1" = RootsMagic 5.0.3.1 UK Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Resources
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 1.2.6
"Auto Backup" = Packard Bell Auto Backup
"BTHomeHub" = BTHomeHub
"Dwyco CDC-X_is1" = Dwyco CDC-X 2.1
"EQ2MAP Updater" = EQ2MAP Updater 1.2.10
"ERUNT_is1" = ERUNT 1.1j
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gold Sound Base" = Gold Sound Base
"GoToAssist" = GoToAssist Corporate
"Harmony Assistant" = Harmony Assistant
"Identity Card" = Identity Card
"InfoCentre" = InfoCentre
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
"Links 2003 1.0" = Microsoft Links 2003
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Melody Assistant" = Melody Assistant
"Melody Player" = Melody Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"Packard Bell Photo Frame" = Packard Bell Photo Frame 4.2.3.6
"PackardBell Screensaver" = PackardBell ScreenSaver
"PDFtoMusic" = PDFtoMusic
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI
"SetUpMyPC" = SetUpMyPC
"Sierra Utilities" = Sierra Utilities
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SystemRequirementsLab" = System Requirements Lab
"Updator" = Updator
"World of Warcraft" = World of Warcraft
"Xerox One Touch" = Xerox One Touch

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1535933430-1658810301-3209298353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Game Organizer" = GameXN GO
"Google Chrome" = Google Chrome
"SOE-EverQuest II" = EverQuest II
"SOE-LegendsOfNorrath" = Legends of Norrath

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1535933430-1658810301-3209298353-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Game Organizer" = GameXN GO
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/10/2012 01:56:34 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 08/10/2012 11:30:25 | Computer Name = PackardBell | Source = Application Error | ID = 1000
Description = Faulting application EverQuest2.exe, version 1.0.0.1, time stamp 0x506a0823,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception
code 0xc0000005, fault offset 0x0001e582, process id 0xb8, application start time
0x01cda554028cbbf5.

Error - 09/10/2012 01:52:04 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2012 01:46:52 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2012 02:44:17 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2012 08:10:39 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2012 01:48:15 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2012 09:15:26 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2012 01:47:33 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2012 02:04:13 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2012 03:22:56 | Computer Name = PackardBell | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/10/2012 09:14:57 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/10/2012 09:15:26 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7026
Description =

Error - 12/10/2012 01:47:08 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 12/10/2012 01:47:34 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7026
Description =

Error - 13/10/2012 02:03:51 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 13/10/2012 02:29:29 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7030
Description =

Error - 13/10/2012 02:32:50 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 13/10/2012 02:34:39 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7030
Description =

Error - 13/10/2012 03:22:37 | Computer Name = PackardBell | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 13/10/2012 03:23:01 | Computer Name = PackardBell | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Happy? reading :) Jeff

ken545
2012-10-13, 21:36
Looking good so far, I am going to have you run a quick fix with OTL that will clean out your temp files and other garbage .

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces


Also let me know how your computer is behaving now

jeff1955
2012-10-13, 22:01
WoW Ken, the fastest reply ever! :)

My PC seems to be much better, speed is back to normal. However Task Manager still reports 6 separate instances of Chrome browser and now 2 instances of iexplore.

OTL log;

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 318816 bytes
->Temporary Internet Files folder emptied: 328680283 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 409208721 bytes
->Flash cache emptied: 57648 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 888 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2468 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 704.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10132012_194647

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Owner\AppData\Local\Temp\ppcrlui_2896_2 moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYJVC5C1\showthread[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545
2012-10-13, 22:25
That's normal for Chrome my friend, and I would not worry about
http://blog.chromium.org/2008/09/multi-process-architecture.html


And as far as iexplore
http://www.neuber.com/taskmanager/process/iexplore.exe.html


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

jeff1955
2012-10-14, 11:41
Hi Ken,

Sorry about the delay but it got late here in the UK! :)

ESETScan;

D:\Downloads\PCVC\SoftonicDownloader80984.exe a variant of Win32/SoftonicDownloader.A application


Short but significant?

Jeff

ken545
2012-10-14, 14:49
Hello Jeff,

This maybe a false postive but to be on the safeside I would delete it

D:\Downloads\PCVC\SoftonicDownloader80984.exe

Hows everything running now ?

jeff1955
2012-10-14, 18:03
Hey Ken,

Everything seems to be running really well now.

I have deleted the Softonic exe file as you advised.

Jeff

ken545
2012-10-14, 19:11
Wonderful, glad things are back to normal for you :bigthumb: I think your good to go


We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 7, if not proceed with the instructions.

Go to the update Tab and update it

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)






Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

jeff1955
2012-10-14, 23:06
Can't thank you enough Ken, everything working fine. :yahoo:

Just a couple of things;

I verified my Java from the link you sent and got a big tick, latest version installed.

However, there is no Java icon in my Control Panel. I looked in Programs and Features and found;

Java7 Update7
Java(TM) 6 Update 31
JavaFX 2.1.1

I get Java update reminders every so often and always allow the update.

My SystemStartUp contains;

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 252848
MD5: 12916E0642E92561C98B18A2A2D01B14

Anyway - huge thanks again for your help Ken.

Jeff

ken545
2012-10-14, 23:22
Jeff,

You can uninstall this in Programs and Features
Java(TM) 6 Update 31


Take care,

Ken :)

jeff1955
2012-10-15, 09:18
Thanks again Ken, great service from you guys as usual.

Jeff

ken545
2012-10-15, 11:21
My pleasure,

Ken :)

ken545
2012-10-16, 14:11
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.