PDA

View Full Version : PC Slow Starting



Gwalch Y Mor
2013-08-24, 15:11
I am hoping someone can help me .For the last three weeks my PC has been slow starting up . I have windows XP Home as an OS and up to now I have had very little problems with it . I downloaded Spybot SD and the program found these :-

WIN32.Downloader.gen
Montera.Toolbar
WIN32.Downloader.bltu
Ask.MyGlobalSearch
Delta.Toolbar
Babylon
Yontoo.Pagerage

The PC is now clean of these but is still slow starting . I have looked in System Configuration Facility and do not have any suspect programs in star up , however when I have tried Diagnostic Start up the Pc boots up straight away .

I looked at Spybot's "System Start Up" and found a entry at "Winlogon" called crypt32chain under "Value" , it,s "Command Line" is Crypt32.dll .
Is this a legitimate process ?


I would be very grateful if someone can help , as it sometimes takes up to 4-5 minuets for my pc to start.

I would like to mention that I was unable to download "aswMBR" through Google Chrome ( had to download via IE),however I did not have any problems downloading DDS through Chrome.

Edit
Removed second "attach.txt log"

DDS 2

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Garry at 10:06:26 on 2013-08-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1395 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
uRun: [HijackThis startup scan] c:\program files\trendmicro\hijackthis\HijackThis.exe /startupscan
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357393069968
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D6340577-E52A-44FD-854C-8FF8A543E0C9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F8E9D2E3-53A1-4DA8-BA02-5CEAD26B4DCA} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22856]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys --> c:\windows\system32\drivers\ctgame.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 gearsec;gearsec; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S4 Update WK;Update WK;c:\program files\webconnect\updateWebConnect.exe [2013-8-17 199976]
.
=============== Created Last 30 ================
.
2013-08-25 07:07:54 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\{219a5390-8fc4-4db3-8037-8e84ff1be0cd}\mpengine.dll
2013-08-23 11:27:08 -------- d-----w- C:\ComboFix
2013-08-22 16:13:05 -------- d-----w- c:\docume~1\garry\applic~1\Process Hacker 2
2013-08-22 15:57:59 -------- d-----w- c:\program files\Process Hacker 2
2013-08-22 15:48:32 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-22 15:19:16 -------- d-----w- c:\program files\Free Window Registry Repair
2013-08-21 17:36:05 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-08-21 17:36:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-08-21 17:36:01 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-08-21 17:34:59 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-08-21 17:33:56 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-08-21 17:32:58 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-08-21 17:31:59 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2013-08-21 17:30:59 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2013-08-21 17:29:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-08-21 17:28:57 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2013-08-21 17:27:57 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-08-21 17:26:58 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2013-08-21 17:25:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-08-21 17:24:58 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2013-08-21 17:23:57 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
2013-08-21 17:22:57 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2013-08-21 17:21:59 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2013-08-21 17:20:52 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-08-21 17:20:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-08-21 17:20:40 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-08-21 17:20:38 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-08-21 17:20:37 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-08-21 17:20:28 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-08-21 17:20:25 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-08-21 17:20:23 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-08-21 17:20:16 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-08-21 17:20:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-08-21 17:20:09 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-08-21 17:20:03 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-08-21 17:20:01 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2013-08-21 17:18:59 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-08-21 17:17:57 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2013-08-21 17:16:59 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2013-08-21 17:15:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2013-08-21 17:14:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-08-21 17:13:59 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
2013-08-21 17:12:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-08-21 17:11:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2013-08-21 17:10:59 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2013-08-21 17:08:15 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-08-21 17:07:58 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2013-08-21 17:06:43 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2013-08-21 14:19:15 -------- d-----w- c:\program files\Emsisoft HiJackFree
2013-08-21 13:53:55 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-20 17:36:26 -------- d-----w- c:\docume~1\garry\local settings\application data\avgchrome
2013-08-20 17:28:28 -------- d-----w- c:\docume~1\garry\local settings\application data\TopArcadeHits
2013-08-20 17:28:22 -------- d-----w- c:\program files\WebConnect
2013-08-20 11:32:59 -------- d-----w- C:\mbar
2013-08-20 11:08:35 -------- d-----w- c:\docume~1\alluse~1\application data\Malwarebytes' Anti-Malware (portable)
2013-08-19 21:17:53 -------- d-sha-r- C:\cmdcons
2013-08-16 12:09:02 1893504 ----a-w- C:\rkill.com
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-16 10:03:56 -------- d-----w- c:\program files\Microsoft Download Manager
2013-08-15 15:26:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-08-15 06:53:09 -------- d-----w- C:\cmdcons(2)
2013-08-15 06:52:08 -------- d-----w- C:\ComboFix(4)
2013-08-09 19:02:03 -------- d-----w- c:\program files\Huawei Modems
2013-08-09 19:00:12 -------- d-----w- c:\windows\system32\MRT
2013-07-31 20:48:17 -------- d-----w- c:\docume~1\garry\local settings\application data\DoNotTrackPlus
2013-07-31 20:29:31 -------- d-----w- c:\program files\CheckPoint
2013-07-31 19:21:20 -------- d-----w- c:\docume~1\alluse~1\application data\CheckPoint
.
==================== Find3M ====================
.
2013-08-21 17:35:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 17:35:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet(5).dll
2013-06-07 21:56:06 1215488 ----a-w- c:\windows\system32\urlmon(5).dll
2013-06-07 21:56:06 105984 ----a-w- c:\windows\system32\url(5).dll
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 10:07:30.04 ===============


aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-25 10:07:46
-----------------------------
10:07:46.125 OS Version: Windows 5.1.2600 Service Pack 3
10:07:46.125 Number of processors: 2 586 0x4B02
10:07:46.125 ComputerName: GARRY-EC0E7D6DA UserName: Garry
10:07:47.031 Initialize success
10:14:27.125 AVAST engine defs: 13082500
10:20:58.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000073
10:20:58.156 Disk 0 Vendor: Maxtor_6L200M0 BANC1G10 Size: 190782MB BusType: 3
10:20:58.156 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000074
10:20:58.156 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
10:20:58.265 Disk 1 MBR read successfully
10:20:58.265 Disk 1 MBR scan
10:20:58.312 Disk 1 Windows XP default MBR code
10:20:58.312 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
10:20:58.312 Disk 1 scanning sectors +976770144
10:20:58.343 Disk 1 scanning C:\WINDOWS\system32\drivers
10:21:06.890 Service scanning
10:21:20.093 Modules scanning
10:21:24.140 Disk 1 trace - called modules:
10:21:24.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
10:21:24.156 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ab0aab8]
10:21:24.156 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8ab2cf18]
10:21:24.156 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000074[0x8ab2b030]
10:21:24.984 AVAST engine scan C:\WINDOWS
10:21:32.593 AVAST engine scan C:\WINDOWS\system32
10:24:53.531 AVAST engine scan C:\WINDOWS\system32\drivers
10:25:18.187 AVAST engine scan C:\Documents and Settings\Garry
10:49:20.796 AVAST engine scan C:\Documents and Settings\All Users
10:55:53.921 Scan finished successfully
11:06:47.359 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Garry\Desktop\MBR.dat"
11:06:47.359 The log file has been saved successfully to "C:\Documents and Settings\Garry\Desktop\aswMBR.txt"

Gwalch Y Mor
2013-08-28, 11:44
I used "Process Hacker" the other day to monitor what was going on with my system , to cut a long story short it notified me of a new process called

MpKsl981a4e86 at system start .

When I looked into it's "Properties" in Security I found that it was entered in "Group or User name"s as "Account Unknown [S-1-5-32-547] ?

Is this normal ?

Thanks

Gwalch

tashi
2013-08-28, 17:12
Hello Gwalch Y Mor,




Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts but please do not count on it.



The Waiting Room: Post here if waiting for help four days (http://forums.spybot.info/forumdisplay.php?f=37) :)

FAQ: http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-%28Please-read-this-Procedure-Before-Requesting-Assistance%29

Best regards.

ken545
2013-09-11, 19:08
:welcome:

Sorry for the delay, just give me a minute to look over your post and I will be back with you late afternoon.

Ken :)

ken545
2013-09-11, 23:46
You have a few bogus tool bars installed along with HJT wanting to run on each startup, lets do this.

Open HJT and go to the Main Menu and take the checkmark out of Run a scan at startup, then ok your way out.


Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Gwalch Y Mor
2013-09-12, 23:26
Ken,

Thanks for the reply , here is the log :-

# AdwCleaner v3.003 - Report created 12/09/2013 at 21:20:24
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Garry - GARRY-EC0E7D6DA
# Running from : C:\Documents and Settings\Garry\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found C:\Documents and Settings\Administrator\IECompatCache
Folder Found C:\Documents and Settings\All Users\Application Data\AGI
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
Folder Found C:\Documents and Settings\Garry\Application Data\AGI
Folder Found C:\Documents and Settings\Garry\Application Data\Uniblue\DriverScanner
Folder Found C:\Documents and Settings\Garry\Application Data\Uniblue\SpeedUpMyPC
Folder Found C:\Documents and Settings\Garry\IECompatCache
Folder Found C:\Documents and Settings\Garry\Local Settings\Application Data\cre
Folder Found C:\Documents and Settings\Garry\Local Settings\Application Data\Kiwee Toolbar
Folder Found C:\Documents and Settings\LocalService\Application Data\AGI
Folder Found C:\Documents and Settings\Shannon\Application Data\AGI
Folder Found C:\Documents and Settings\Shannon\IECompatCache
Folder Found C:\Documents and Settings\Shannon\Local Settings\Application Data\ConduitEngine
Folder Found C:\Documents and Settings\Shannon\Local Settings\Application Data\Kiwee Toolbar
Folder Found C:\Program Files\AGI
Folder Found C:\Program Files\Kiwee Toolbar
Folder Found C:\Program Files\Uniblue\DriverScanner

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject
Key Found : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2642706
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Product Found : BabylonObjectInstaller
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=DC45001150D01E29&affID=119357&tsp=4980

-\\ Google Chrome v

[ File : C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6812 octets] - [12/09/2013 21:20:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6872 octets] ##########

ken545
2013-09-13, 00:00
Hi,

How are ya doing ??

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.







Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop


shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Gwalch Y Mor
2013-09-13, 01:00
Ken,

I did not recognize any of that crap ADW found so I ran the cleaner and the PC booted up straight away ! like it use to do before , marvelous !.

When I ran it again it found the following entries :-


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Product Found : BabylonObjectInstaller

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[ File : C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


Here is the LOG for JRT :-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Microsoft Windows XP x86
Ran by Garry on 12/09/2013 at 22:33:43.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-515967899-1214440339-725345543-1004\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\styler\tb"
Successfully deleted: [Folder] "C:\Documents and Settings\Garry\start menu\programs\free window registry repair"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/09/2013 at 22:37:39.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545
2013-09-13, 01:15
:bigthumb:

Let me see the OTL log and we can remove even more

Gwalch Y Mor
2013-09-13, 20:10
Here is the OTL LOG :-

OTL logfile created on: 13/09/2013 17:32:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Garry\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.58% Memory free
4.85 Gb Paging File | 4.34 Gb Available in Paging File | 89.48% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 328.40 Gb Free Space | 70.51% Space Free | Partition Type: NTFS
Drive D: | 186.30 Gb Total Space | 154.80 Gb Free Space | 83.09% Space Free | Partition Type: NTFS

Computer Name: GARRY-EC0E7D6DA | User Name: Garry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Garry\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (gearsec) -- File not found
SRV - (CTAudSvcService) -- File not found
SRV - (ATI Smart) -- File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (ACDaemon) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (VX6000) -- Reg Error: Invalid data type. File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys File not found
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (emupia) -- system32\drivers\emupia2k.sys File not found
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS File not found
DRV - (CTSBLFX.DLL) -- system32\CTSBLFX.DLL File not found
DRV - (CTSBLFX) -- system32\drivers\CTSBLFX.SYS File not found
DRV - (CTHWIUT.DLL) -- system32\CTHWIUT.DLL File not found
DRV - (ctgame) -- system32\DRIVERS\ctgame.sys File not found
DRV - (CTEXFIFX.DLL) -- system32\CTEXFIFX.DLL File not found
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS File not found
DRV - (CTERFXFX.DLL) -- system32\CTERFXFX.DLL File not found
DRV - (CTERFXFX) -- system32\drivers\CTERFXFX.SYS File not found
DRV - (CTEDSPSY.DLL) -- system32\CTEDSPSY.DLL File not found
DRV - (CTEDSPIO.DLL) -- system32\CTEDSPIO.DLL File not found
DRV - (CTEDSPFX.DLL) -- system32\CTEDSPFX.DLL File not found
DRV - (CTEAPSFX.DLL) -- system32\CTEAPSFX.DLL File not found
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS File not found
DRV - (CTAUDFX.DLL) -- File not found
DRV - (CTAUDFX) -- system32\drivers\CTAUDFX.SYS File not found
DRV - (CT20XUT.DLL) -- system32\CT20XUT.DLL File not found
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS File not found
DRV - (COMMONFX.DLL) -- system32\COMMONFX.DLL File not found
DRV - (COMMONFX) -- system32\drivers\COMMONFX.SYS File not found
DRV - (Changer) -- File not found
DRV - (Afc) -- system32\drivers\Afc.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvcchflt) -- C:\WINDOWS\system32\drivers\nvcchflt.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 44 9C F5 BB 7C CD 01 [binary data]
IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/09/13 17:20:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)


[2012/11/24 16:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions
[2013/08/16 22:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
CHR - Extension: YouTube = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
CHR - Extension: Gmail = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/28 20:25:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-515967899-1214440339-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Shannon\Start Menu\Programs\Startup\IMVU.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357393069968 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6340577-E52A-44FD-854C-8FF8A543E0C9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E9D2E3-53A1-4DA8-BA02-5CEAD26B4DCA}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/06 01:41:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

Gwalch Y Mor
2013-09-13, 20:14
Continued :-

========== Files/Folders - Created Within 30 Days ==========

[2013/09/12 22:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/12 21:20:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/05 16:38:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Garry\Recent
[2013/08/30 16:30:34 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Garry\Desktop\startuplite-setup-1.07.exe
[2013/08/29 16:49:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/28 20:30:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/08/22 17:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry\Application Data\Process Hacker 2
[2013/08/22 16:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Process Hacker 2
[2013/08/22 16:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2013/08/22 16:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2013/08/21 18:36:05 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2013/08/21 18:36:01 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2013/08/21 18:35:53 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2013/08/21 18:35:48 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2013/08/21 18:35:43 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2013/08/21 18:35:42 | 000,019,455 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2013/08/21 18:35:38 | 000,012,063 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2013/08/21 18:35:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2013/08/21 18:35:24 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2013/08/21 18:35:22 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2013/08/21 18:35:18 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2013/08/21 18:35:08 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2013/08/21 18:35:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2013/08/21 18:35:00 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2013/08/21 18:34:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2013/08/21 18:34:58 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2013/08/21 18:34:52 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2013/08/21 18:34:52 | 000,023,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2013/08/21 18:34:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2013/08/21 18:34:48 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2013/08/21 18:34:45 | 000,033,599 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2013/08/21 18:34:45 | 000,019,551 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2013/08/21 18:34:44 | 000,029,311 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2013/08/21 18:34:42 | 000,011,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2013/08/21 18:34:41 | 000,012,415 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2013/08/21 18:34:41 | 000,012,127 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2013/08/21 18:34:36 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2013/08/21 18:34:33 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2013/08/21 18:34:29 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2013/08/21 18:34:28 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2013/08/21 18:34:23 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2013/08/21 18:34:19 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2013/08/21 18:34:15 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2013/08/21 18:34:11 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2013/08/21 18:34:07 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2013/08/21 18:34:06 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2013/08/21 18:34:00 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2013/08/21 18:33:56 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2013/08/21 18:33:51 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2013/08/21 18:33:48 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2013/08/21 18:33:43 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2013/08/21 18:33:40 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2013/08/21 18:33:36 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2013/08/21 18:33:33 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2013/08/21 18:33:31 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2013/08/21 18:33:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2013/08/21 18:33:28 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2013/08/21 18:33:22 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2013/08/21 18:33:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2013/08/21 18:33:15 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2013/08/21 18:33:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2013/08/21 18:33:08 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2013/08/21 18:33:05 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2013/08/21 18:33:01 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2013/08/21 18:32:58 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2013/08/21 18:32:54 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2013/08/21 18:32:51 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2013/08/21 18:32:47 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2013/08/21 18:32:43 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2013/08/21 18:32:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2013/08/21 18:32:33 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2013/08/21 18:32:30 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2013/08/21 18:32:26 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2013/08/21 18:32:23 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2013/08/21 18:32:19 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2013/08/21 18:32:16 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2013/08/21 18:32:12 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2013/08/21 18:32:09 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2013/08/21 18:32:08 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2013/08/21 18:32:04 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2013/08/21 18:31:59 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2013/08/21 18:31:55 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2013/08/21 18:31:52 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2013/08/21 18:31:48 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2013/08/21 18:31:45 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2013/08/21 18:31:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2013/08/21 18:31:40 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2013/08/21 18:31:36 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2013/08/21 18:31:35 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2013/08/21 18:31:34 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2013/08/21 18:31:31 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2013/08/21 18:31:28 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2013/08/21 18:31:27 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2013/08/21 18:31:26 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2013/08/21 18:31:20 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2013/08/21 18:31:15 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2013/08/21 18:31:12 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2013/08/21 18:31:09 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2013/08/21 18:31:02 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2013/08/21 18:30:59 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2013/08/21 18:30:56 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2013/08/21 18:30:53 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2013/08/21 18:30:49 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2013/08/21 18:30:46 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2013/08/21 18:30:43 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2013/08/21 18:30:40 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2013/08/21 18:30:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2013/08/21 18:30:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2013/08/21 18:30:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2013/08/21 18:30:26 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2013/08/21 18:30:23 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2013/08/21 18:30:20 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2013/08/21 18:30:16 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2013/08/21 18:30:10 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2013/08/21 18:30:07 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2013/08/21 18:30:06 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2013/08/21 18:30:00 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2013/08/21 18:29:53 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2013/08/21 18:29:50 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2013/08/21 18:29:47 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2013/08/21 18:29:43 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2013/08/21 18:29:40 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2013/08/21 18:29:37 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2013/08/21 18:29:34 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2013/08/21 18:29:31 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2013/08/21 18:29:30 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2013/08/21 18:29:30 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2013/08/21 18:29:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2013/08/21 18:29:26 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2013/08/21 18:29:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2013/08/21 18:29:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2013/08/21 18:29:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2013/08/21 18:29:18 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2013/08/21 18:29:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2013/08/21 18:29:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2013/08/21 18:29:14 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2013/08/21 18:29:11 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2013/08/21 18:29:08 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2013/08/21 18:29:04 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2013/08/21 18:29:01 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2013/08/21 18:29:01 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2013/08/21 18:29:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2013/08/21 18:29:00 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2013/08/21 18:28:57 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2013/08/21 18:28:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2013/08/21 18:28:53 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2013/08/21 18:28:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2013/08/21 18:28:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2013/08/21 18:28:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2013/08/21 18:28:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2013/08/21 18:28:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2013/08/21 18:28:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2013/08/21 18:28:45 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2013/08/21 18:28:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2013/08/21 18:28:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2013/08/21 18:28:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2013/08/21 18:28:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2013/08/21 18:28:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2013/08/21 18:28:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2013/08/21 18:28:40 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2013/08/21 18:28:37 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2013/08/21 18:28:33 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2013/08/21 18:28:30 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2013/08/21 18:28:27 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2013/08/21 18:28:26 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2013/08/21 18:28:23 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2013/08/21 18:28:20 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2013/08/21 18:28:16 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2013/08/21 18:28:13 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2013/08/21 18:28:10 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2013/08/21 18:28:07 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2013/08/21 18:28:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2013/08/21 18:27:57 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2013/08/21 18:27:54 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2013/08/21 18:27:51 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2013/08/21 18:27:48 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2013/08/21 18:27:45 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2013/08/21 18:27:39 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2013/08/21 18:27:36 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2013/08/21 18:27:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2013/08/21 18:27:29 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2013/08/21 18:27:28 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2013/08/21 18:27:25 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2013/08/21 18:27:24 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2013/08/21 18:27:21 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2013/08/21 18:27:18 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2013/08/21 18:27:14 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2013/08/21 18:27:11 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2013/08/21 18:27:09 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2013/08/21 18:27:06 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2013/08/21 18:27:01 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2013/08/21 18:26:58 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2013/08/21 18:26:55 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2013/08/21 18:26:52 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2013/08/21 18:26:49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2013/08/21 18:26:46 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2013/08/21 18:26:43 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2013/08/21 18:26:40 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2013/08/21 18:26:37 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2013/08/21 18:26:34 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2013/08/21 18:26:31 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2013/08/21 18:26:28 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2013/08/21 18:26:24 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2013/08/21 18:26:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2013/08/21 18:26:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/08/21 18:26:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/08/21 18:26:18 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2013/08/21 18:26:17 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2013/08/21 18:26:15 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2013/08/21 18:26:12 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2013/08/21 18:26:09 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2013/08/21 18:26:05 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2013/08/21 18:26:01 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2013/08/21 18:25:59 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2013/08/21 18:25:56 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2013/08/21 18:25:52 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2013/08/21 18:25:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2013/08/21 18:25:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2013/08/21 18:25:41 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2013/08/21 18:25:36 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2013/08/21 18:25:33 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2013/08/21 18:25:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2013/08/21 18:25:27 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2013/08/21 18:25:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2013/08/21 18:25:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2013/08/21 18:25:18 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2013/08/21 18:25:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2013/08/21 18:25:12 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2013/08/21 18:25:09 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2013/08/21 18:25:06 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2013/08/21 18:25:05 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2013/08/21 18:25:01 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2013/08/21 18:24:58 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2013/08/21 18:24:55 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2013/08/21 18:24:54 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2013/08/21 18:24:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2013/08/21 18:24:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2013/08/21 18:24:43 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2013/08/21 18:24:40 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2013/08/21 18:24:37 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2013/08/21 18:24:37 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2013/08/21 18:24:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2013/08/21 18:24:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2013/08/21 18:24:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2013/08/21 18:24:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2013/08/21 18:24:24 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2013/08/21 18:24:21 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2013/08/21 18:24:18 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2013/08/21 18:24:15 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2013/08/21 18:24:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2013/08/21 18:24:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2013/08/21 18:24:06 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2013/08/21 18:24:05 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2013/08/21 18:24:05 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2013/08/21 18:24:04 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2013/08/21 18:24:04 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2013/08/21 18:24:00 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2013/08/21 18:23:57 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2013/08/21 18:23:56 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2013/08/21 18:23:53 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2013/08/21 18:23:50 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2013/08/21 18:23:47 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2013/08/21 18:23:44 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2013/08/21 18:23:41 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2013/08/21 18:23:40 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2013/08/21 18:23:37 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2013/08/21 18:23:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2013/08/21 18:23:34 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2013/08/21 18:23:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2013/08/21 18:23:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2013/08/21 18:23:24 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2013/08/21 18:23:21 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2013/08/21 18:23:18 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2013/08/21 18:23:14 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2013/08/21 18:23:12 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2013/08/21 18:23:09 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2013/08/21 18:23:06 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2013/08/21 18:23:03 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2013/08/21 18:23:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2013/08/21 18:22:57 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2013/08/21 18:22:54 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2013/08/21 18:22:51 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2013/08/21 18:22:47 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2013/08/21 18:22:39 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2013/08/21 18:22:36 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2013/08/21 18:22:29 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2013/08/21 18:22:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2013/08/21 18:22:25 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2013/08/21 18:22:23 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2013/08/21 18:22:21 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2013/08/21 18:22:16 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2013/08/21 18:22:13 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2013/08/21 18:22:10 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2013/08/21 18:22:08 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2013/08/21 18:21:59 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2013/08/21 18:21:55 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2013/08/21 18:21:52 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2013/08/21 18:21:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2013/08/21 18:21:43 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2013/08/21 18:21:40 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2013/08/21 18:21:37 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2013/08/21 18:21:34 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2013/08/21 18:21:31 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2013/08/21 18:21:28 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2013/08/21 18:21:26 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2013/08/21 18:21:23 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2013/08/21 18:21:20 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2013/08/21 18:21:17 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2013/08/21 18:21:14 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2013/08/21 18:21:11 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2013/08/21 18:21:08 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2013/08/21 18:21:08 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2013/08/21 18:21:04 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2013/08/21 18:20:52 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2013/08/21 18:20:47 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2013/08/21 18:20:40 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2013/08/21 18:20:38 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2013/08/21 18:20:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2013/08/21 18:20:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2013/08/21 18:20:28 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2013/08/21 18:20:25 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2013/08/21 18:20:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2013/08/21 18:20:16 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2013/08/21 18:20:14 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2013/08/21 18:20:09 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2013/08/21 18:20:03 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2013/08/21 18:20:01 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2013/08/21 18:19:57 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2013/08/21 18:19:55 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2013/08/21 18:19:54 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2013/08/21 18:19:54 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2013/08/21 18:19:51 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2013/08/21 18:19:48 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2013/08/21 18:19:45 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2013/08/21 18:19:42 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2013/08/21 18:19:38 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2013/08/21 18:19:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2013/08/21 18:19:34 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2013/08/21 18:19:31 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2013/08/21 18:19:28 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2013/08/21 18:19:26 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2013/08/21 18:19:25 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2013/08/21 18:19:22 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2013/08/21 18:19:20 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2013/08/21 18:19:19 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2013/08/21 18:19:18 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2013/08/21 18:19:16 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2013/08/21 18:19:15 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2013/08/21 18:19:13 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2013/08/21 18:19:09 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2013/08/21 18:19:04 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2013/08/21 18:19:02 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2013/08/21 18:18:59 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2013/08/21 18:18:57 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2013/08/21 18:18:55 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2013/08/21 18:18:52 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2013/08/21 18:18:49 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2013/08/21 18:18:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2013/08/21 18:18:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2013/08/21 18:18:43 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2013/08/21 18:18:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2013/08/21 18:18:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2013/08/21 18:18:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2013/08/21 18:18:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2013/08/21 18:18:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2013/08/21 18:18:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2013/08/21 18:18:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2013/08/21 18:18:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2013/08/21 18:18:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2013/08/21 18:18:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2013/08/21 18:18:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2013/08/21 18:18:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll

ken545
2013-09-13, 23:40
Hi, It doesn't look like you posted the entire log. Run this fix and post the log from the fix, then run a new scan with OTL and post the new log as well. You can zip and attach the new log if you can

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
[2013/08/22 16:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Gwalch Y Mor
2013-09-14, 17:41
Ken,

When I tried that fix my PC froze up and had to re boot .

Gwalch Y Mor
2013-09-14, 18:03
Ken,

When I tried that fix my PC froze up and had to re boot .


Anyway , I tried a scan again without the fix and it seems to have done a complete LOG this time :-

10932

ken545
2013-09-14, 23:04
By the way Crypt32.dll <-- Legit windows file so not to worry

Try running that fix in safemode and if it fails we can try another tool

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)




If it fails then try this

Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop.
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/OTMdesktopicon.png icon on your desktop.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area.
Do not include the word "Code".



:Processes
explorer.exe

:Services

:Reg

:Files
C:\Program Files\Free Window Registry Repair


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/results.png line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Gwalch Y Mor
2013-09-15, 00:17
Ken,

I can't run OTL in Safe Mode . Should I download it in "Safe Mode With Networking" and try again ?

Thanks

Gwalch

ken545
2013-09-15, 00:35
No, sorry your having problems, this happens sometimes. Go ahead and run OTM in normal windows. Then run a new scan with OTL and post the log and lets make sure its gone

Gwalch Y Mor
2013-09-15, 14:02
Ken,

Unfortunately the problem has returned , the PC is now starting slow again .

Anyway, I managed to run OTL but encountered the same problem as before on the first attempt but everything went ok on the second run.

Here is the log :-

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Folder move failed. C:\Program Files\Free Window Registry Repair\Backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Free Window Registry Repair scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: Garry

User: LocalService

User: NetworkService

User: Shannon

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 60244 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 198516 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 09152013_115225

Files moved on Reboot...
C:\Program Files\Free Window Registry Repair\Backup folder moved successfully.
C:\Program Files\Free Window Registry Repair folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SETCE.tmp moved successfully.
C:\WINDOWS\temp\MpCmdRun.log moved successfully.
C:\WINDOWS\temp\MpSigStub.log moved successfully.

Registry entries deleted on Reboot...

ken545
2013-09-15, 15:20
Lets try these

First, you have Malwarebytes installed, open it, check for updates and run the Quick Scan and post the log, if no threats are found then you can forget posting the log.


Then run TDSS Killer but dont cure, lets see if it finds anything

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

Gwalch Y Mor
2013-09-15, 15:47
Here is the log for Malwarebytes :-

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Garry :: GARRY-EC0E7D6DA [administrator]

15/09/2013 13:30:41
MBAM-log-2013-09-15 (13-44-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 269008
Time elapsed: 13 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.IBryte) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> No action taken.

Files Detected: 11
C:\Documents and Settings\Garry\My Documents\Downloads\Setup.exe (PUP.Optional.IBryte) -> No action taken.
C:\Documents and Settings\Garry\My Documents\Downloads\SoftonicDownloader_for_windows-defender.exe (PUP.Optional.Softonic) -> No action taken.
C:\Documents and Settings\Garry\My Documents\Downloads\iLividSetupV1 (1).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\Garry\My Documents\Downloads\iLividSetupV1 (2).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\Garry\My Documents\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> No action taken.

(end)


I will carry out the TDSS Scan now .

ken545
2013-09-15, 16:16
Good, go ahead and run Malwarebytes again, be sure to check everything it finds and select Remove Selected , it looks like you didnt do that, that stuff needs to go

Gwalch Y Mor
2013-09-15, 20:02
Ken,

I removed all the infections that Malwarebytes found and also did the scan with TDSS which found no infections .

The PC is still slow at booting up , could what ever it is be hiding somewhere on the system ? as the first scans temporarily cured the problem .


Gwalch .

ken545
2013-09-15, 21:54
Lets run a free online Virus Scanner, this may take a bit of time, lets see what if anything it finds

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Gwalch Y Mor
2013-09-15, 22:05
The Eset link is not working

Gwalch Y Mor
2013-09-15, 22:09
Sorry,

Please ignore the last post .

ken545
2013-09-15, 23:23
No problem, this sometimes gets confusing , your doing fine so far :bigthumb:

Gwalch Y Mor
2013-09-15, 23:45
Ken,

The scan found 9 infected files by a "win32 adware cidhelp" variant .

Gwalch Y Mor
2013-09-16, 00:02
Here is the "eset " log :-

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dc8642232a53df43b28d72cbe67875d2
# engine=15141
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-15 08:39:54
# local_time=2013-09-15 09:39:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777214 0 0 28854430 28854430 0 0
# compatibility_mode=5892 16777213 88 100 2184352 91325656 0 0
# scanned=113097
# found=9
# cleaned=9
# scan_time=3621
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_000002"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (1).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (2).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (3).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (4).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (5).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (6).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482.exe"
sh=7F1997770D8956265C8FE12980E432E688BD641E ft=1 fh=e2022e4e4bbab66b vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Shannon\My Documents\PageRageSetup.exe"


I have re-booted the PC several times now and it is back to normal. Will let you know tomorrow if it is still ok.

I would like to thank for advising with me with removing this crap off my computer , your efforts are very much appreciated .


Best regards

Gary

ken545
2013-09-16, 00:09
Hello Gary,

Lets just hang off until tomorrow, use your computer normally and see if all is ok, then we can go from there

Gwalch Y Mor
2013-09-17, 00:33
So far the PC is behaving ok . I have done 4 boot up's today and the problem has not returned .

ken545
2013-09-17, 00:52
Wonderful, I am so glad things are back to normal for you. I will be gone the next two weeks on vacation so if any more problems just start a new thread.


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

ken545
2013-09-17, 13:36
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.