View Full Version : Cannot remove or reinstall Google Chrome
cobolguy
2014-01-14, 00:45
My computer has started to play up. Slow downloading webpages in IE8, stared to display the message at the top of each page 'to help protect your security ....... display content with security certificate errors'. I checked IE's download security options and so on. Google Chrome would not load, so I tried to remove using control panel, would not remove, tried to download and reinstall, no joy. Have run spybot and removed identified malware. Thought it was time to consult the experts. Here are the logs requested.
(noticed the infected messaged in the aswMBR log file. These have NOT been deleted)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by sean at 21:00:19 on 2014-01-13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1983.970 [GMT 0:00]
.
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\sean\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} - hxxp://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} - hxxp://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350936625281
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350936606734
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://webcam1.ttu.ee/activex/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcam.salisbury.edu/activex/AxisCamControl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.22.201.135/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R1 C2SCSI;C2SCSI;c:\windows\system32\drivers\c2scsi.sys [2009-5-28 230272]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-5-12 47640]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-7-28 27632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-3-31 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-7-28 9728]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2010-7-28 106752]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2010-7-28 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [2010-7-28 106752]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-01-12 21:18:13 -------- d-----w- c:\documents and settings\sean\local settings\application data\Spotify
2014-01-09 07:49:24 360448 ----a-w- c:\documents and settings\sean\application data\microsoft\installer\{6af75c96-2093-51f4-0412-501cb317a7f9}\reg.exe
2014-01-06 23:31:38 -------- d-----w- C:\dansMemoryStick
2014-01-06 19:23:36 4558848 -c--a-w- c:\windows\system32\GPhotos.scr
2014-01-05 23:11:25 -------- d-----w- c:\documents and settings\all users\application data\Avira
2014-01-03 22:07:07 -------- d-----w- C:\mumphoto
2014-01-03 22:06:23 -------- d-----w- c:\documents and settings\sean\mumphoto
2013-12-27 11:04:38 -------- d-----w- C:\Films
2013-12-19 19:23:02 -------- d-----w- c:\documents and settings\sean\application data\FinalTorrent
2013-12-19 19:15:49 -------- d-----w- c:\program files\FinalTorrent
2013-12-19 19:12:55 -------- d-----w- c:\documents and settings\sean\.android
2013-12-19 19:12:53 -------- d-----w- c:\documents and settings\sean\local settings\application data\cache
2013-12-19 19:12:45 -------- d-----w- c:\documents and settings\sean\local settings\application data\genienext
2013-12-19 19:12:44 -------- d-----w- c:\documents and settings\sean\local settings\application data\Mobogenie
2013-12-19 19:11:47 -------- d-----w- c:\program files\Mobogenie
2013-12-19 19:08:01 -------- d-----w- C:\tempd
.
==================== Find3M ====================
.
2003-08-27 14:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 21:02:16.10 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-13 21:16:12
-----------------------------
21:16:12.968 OS Version: Windows 5.1.2600 Service Pack 3
21:16:12.968 Number of processors: 2 586 0xF0D
21:16:12.968 ComputerName: LAPTOP02 UserName: sean
21:16:15.765 Initialize success
21:21:58.000 AVAST engine defs: 14011300
21:29:06.109 The log file has been saved successfully to "C:\Documents and Settings\sean\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-13 21:16:12
-----------------------------
21:16:12.968 OS Version: Windows 5.1.2600 Service Pack 3
21:16:12.968 Number of processors: 2 586 0xF0D
21:16:12.968 ComputerName: LAPTOP02 UserName: sean
21:16:15.765 Initialize success
21:21:58.000 AVAST engine defs: 14011300
21:29:06.109 The log file has been saved successfully to "C:\Documents and Settings\sean\Desktop\aswMBR.txt"
21:30:03.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:30:03.875 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC70P Size: 152627MB BusType: 3
21:30:04.062 Disk 0 MBR read successfully
21:30:04.062 Disk 0 MBR scan
21:30:04.109 Disk 0 Windows XP default MBR code
21:30:04.125 Disk 0 Partition 1 00 1B Hidd FAT32 MSDOS5.0 4000 MB offset 63
21:30:04.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 91573 MB offset 8193150
21:30:04.171 Disk 0 Partition - 00 0F Extended LBA 57051 MB offset 195735960
21:30:04.187 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 57051 MB offset 195736023
21:30:04.203 Disk 0 scanning sectors +312576705
21:30:04.390 Disk 0 scanning C:\WINDOWS\system32\drivers
21:30:25.484 Service scanning
21:30:56.937 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:31:04.578 Modules scanning
21:31:13.187 Disk 0 trace - called modules:
21:31:13.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spru.sys >>UNKNOWN [0x8a954938]<<
21:31:13.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a89dab8]
21:31:13.234 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8a99d288]
21:31:13.234 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a970030]
21:31:16.390 AVAST engine scan C:\WINDOWS
21:31:39.156 AVAST engine scan C:\WINDOWS\system32
21:44:15.625 AVAST engine scan C:\WINDOWS\system32\drivers
21:46:06.984 AVAST engine scan C:\Documents and Settings\sean
21:47:03.406 File: C:\Documents and Settings\sean\Application Data\Microsoft\Installer\{6AF75C96-2093-51F4-0412-501CB317A7F9}\reg.exe **INFECTED** Win32:Malware-gen
21:47:57.937 File: C:\Documents and Settings\sean\Application Data\Skype\caine_19\chatsync\77\locator.exe **INFECTED** Win32:Malware-gen
22:16:50.265 AVAST engine scan C:\Documents and Settings\All Users
22:25:45.203 Scan finished successfully
22:26:42.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sean\Desktop\MBR.dat"
22:26:42.656 The log file has been saved successfully to "C:\Documents and Settings\sean\Desktop\aswMBR.txt"
Hi there. My comp is now taking ages to load windows, response times to carry out any activity. Anyone there to help me please ?
:welcome:
A heads up on a couple of things
Torrent <-- Using any form of P2P ( File Sharing ) is bad news, the program itself is safe but the files you download and share may not be, your downloading that file from an unknown source and not all but most contain malicious code of one form or another, its like playing Russian Roulette Malwarewise. I would never allow any form of File Sharing on any of my systems. I strongly suggest you uninstall it and stay away from any form of File Sharing.
Windows XP Its about to bite the dust and security updates will no longer be provided so it will leave your system very vulnerable to attacks. I know off hand that a lot of forums will stop providing help for XP infected computers
http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.Uq76LvRDtL0
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
cobolguy
2014-01-20, 14:28
Hi Ken
Thanks for your help.
Here is the log from Malwarebytes.
>>
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.15.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
sean :: LAPTOP02 [administrator]
19/01/2014 23:56:08
MBAM-log-2014-01-20 (06-58-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261475
Time elapsed: 37 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Log from OTL
OTL logfile created on: 20/01/2014 07:09:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 55.01% Memory free
3.10 Gb Paging File | 2.43 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 30.05 Gb Free Space | 33.60% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.22% Space Free | Partition Type: FAT32
Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Wireless Console 2\wcourier.exe ()
========== Services (SafeList) ==========
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR File not found
SRV - (OracleDBConsolesean01) -- C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (JoinMEUI Assistant Service) -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe ()
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (apd1h28j) -- File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (zgwhsnmea) -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys (ZTE Incorporated)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (C2SCSI) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=A7FEA106-8456-46BC-8CD3-94B962590BAE&ind=2011102018&ptnrS=Y9xdm003YYgb&si=radiopi&n=77defb42&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1618896267&ir=
IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=A7FEA106-8456-46BC-8CD3-94B962590BAE&ind=2011102018&ptnrS=Y9xdm003YYgb&si=radiopi&n=77defb42&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1618896267&ir=
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2B9579CC-CD7B-45AA-9B6E-7A22356DACBB}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2D63A974-1DA7-4317-98CC-6D625065FF50}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{4B16DFDC-D52F-41E7-B434-2CB3ADD87762}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: canitbecheaper@trafficbroker.co.uk:3.7.12
FF - prefs.js..extensions.enabledAddons: {C99D6302-E652-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.15
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.startup.homepage: "http://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1618896267&ir="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C99D6302-E652-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\sean\Local Settings\Application Data\{C99D6302-E652-11E1-8270-B8AC6F996F26}\
[2008/06/22 06:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Extensions
[2014/01/12 11:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions
[2010/09/25 07:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/01/04 15:22:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/01/15 23:03:02 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/12/19 19:10:16 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2010/02/23 22:48:57 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/07/30 10:12:29 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\flashkiller@joli.clic
[2012/10/01 17:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged
[2012/08/17 18:12:56 | 000,344,664 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\autopager@mozilla.org.xpi
[2012/08/17 18:12:56 | 000,095,026 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2012/10/01 17:58:15 | 000,344,774 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\autopager@mozilla.org.xpi
[2012/10/01 17:58:12 | 000,070,902 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\canitbecheaper@trafficbroker.co.uk.xpi
[2013/12/19 19:10:06 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\Mysearchdial.xml
[2013/12/20 00:10:22 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\yahoo.xml
========== Chrome ==========
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ch
CHR - plugin: First user (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/01/15 18:55:39 | 000,449,863 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab (GreasyPalmInstallHelper Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350936625281 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350936606734 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam1.ttu.ee/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisbury.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.22.201.135/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/19 22:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 22:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Application Data\ElevatedDiagnostics
[2014/01/15 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 22:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 21:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2014/01/15 21:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Application Data\Avira
[2014/01/15 21:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/15 21:13:57 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/01/15 21:13:55 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/01/15 21:13:53 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/01/15 21:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2014/01/15 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/15 20:01:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/15 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/01/12 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\Spotify
[2014/01/11 22:37:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/11 22:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/09 07:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/06 23:31:38 | 000,000,000 | ---D | C] -- C:\dansMemoryStick
[2014/01/06 19:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\My Documents\Probate
[2014/01/05 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014/01/03 22:07:07 | 000,000,000 | ---D | C] -- C:\mumphoto
[2014/01/03 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\mumphoto
[2013/12/27 11:04:38 | 000,000,000 | ---D | C] -- C:\Films
[2008/11/10 17:10:00 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/19 23:28:54 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 23:28:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/16 22:54:48 | 000,793,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/16 22:54:48 | 000,247,688 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/16 22:49:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/16 22:45:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/16 22:45:32 | 2079,576,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 19:56:19 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\O2 wireless box II - Home.url
[2014/01/15 21:17:56 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/15 20:01:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/15 18:55:39 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/15 18:55:28 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140115-185539.backup
[2014/01/14 18:51:20 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2014/01/13 22:26:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/12 23:31:03 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\Google Chrome.lnk
[2014/01/12 10:45:20 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140115-185527.backup
[2014/01/11 22:30:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140112-104520.backup
[2014/01/11 21:25:28 | 005,162,489 | R--- | M] (Swearware) -- C:\Documents and Settings\sean\Desktop\ComboFix.exe
[2014/01/06 22:46:53 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/03 21:20:30 | 000,140,736 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/03 21:15:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/02 19:01:02 | 004,819,207 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/19 22:25:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:25:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/15 23:00:20 | 2079,576,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/15 21:17:56 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/15 20:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/03 21:20:29 | 000,140,736 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/02 19:00:47 | 004,819,207 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[2013/12/20 21:11:04 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/20 21:05:02 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/09/16 00:08:49 | 000,258,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/15 23:39:33 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\sean\Application Data\Sys2662.Config.Repository.bin
[2013/05/31 22:43:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 21:43:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/20 21:43:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/20 21:43:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/20 21:43:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/20 21:43:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/22 20:21:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/14 00:31:20 | 004,469,910 | -H-- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\IconCache_sav.db
[2012/03/12 19:20:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\aopr.ini
========== ZeroAccess Check ==========
[2007/12/20 18:51:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 05:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/10/15 19:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF98000CC57F180B39EA7B07D287
[2014/01/15 21:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/07/14 10:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/04 21:49:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 12:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/02 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/05 22:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/08 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/05/13 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/07/14 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/08/16 23:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/07/28 22:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/01/06 19:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/01/03 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 22:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/07 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/04 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/03 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/14 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2013/05/10 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/05/31 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2013/06/24 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\AVG2013
[2012/04/19 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\HTC
[2008/10/21 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\PC Suite
[2010/04/15 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\Trusteer
[2010/01/02 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\DAEMON Tools Lite
[2014/01/11 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Dropbox
[2014/01/15 22:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ElevatedDiagnostics
[2013/12/19 19:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FinalTorrent
[2009/02/15 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FreeCall
[2012/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC
[2012/03/31 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008/05/24 22:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ieSpell
[2008/10/31 23:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\OfficeUpdate12
[2009/02/28 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\PC Suite
[2014/01/12 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Spotify
[2014/01/15 17:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Thinstall
[2010/03/06 08:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Trusteer
[2014/01/11 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\uTorrent
[2011/06/10 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\WinBatch
[2008/08/24 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Xilisoft Corporation
========== Purity Check ==========
< End of report >
I'll post the other file in another post.
Sean
cobolguy
2014-01-20, 14:35
Here is the Extras file.
BTW tanks for the advice on support for XP. Also I stopped using Torrant quite some time ago. Any folders are historic.
Look forward to your reply.
Kind regards
Sean
>>
OTL Extras logfile created on: 20/01/2014 07:09:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 55.01% Memory free
3.10 Gb Paging File | 2.43 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 30.05 Gb Free Space | 33.60% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.22% Space Free | Partition Type: FAT32
Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"11450:TCP" = 11450:TCP:*:Enabled:Remote Assistance Local
"7550:TCP" = 7550:TCP:*:Enabled:Remote Assistance Remote
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\sean\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sean\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese
"{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish
"{12DA13F3-AE86-4FED-B7D8-D7D886FB1441}" = ArcSoft PhotoImpression
"{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch
"{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese
"{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French
"{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean
"{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French
"{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German
"{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai
"{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = PC Suite
"{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish
"{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation
"{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static
"{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility
"{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian
"{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech
"{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek
"{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional
"{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard
"{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish
"{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish
"{CA532E73-1BB7-11D8-9D6A-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_07
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian
"{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New
"{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish
"{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian
"{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian
"{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 3.0
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell 2.1.1 (build 325)
"Java Web Start" = Java Web Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19/01/2014 17:34:46 | Computer Name = LAPTOP02 | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
Policy processing aborted.
Error - 19/01/2014 17:35:24 | Computer Name = LAPTOP02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 19/01/2014 17:35:24 | Computer Name = LAPTOP02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 19/01/2014 17:35:24 | Computer Name = LAPTOP02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 19/01/2014 17:35:24 | Computer Name = LAPTOP02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 19/01/2014 17:35:24 | Computer Name = LAPTOP02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 19/01/2014 17:35:25 | Computer Name = LAPTOP02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 19/01/2014 19:29:29 | Computer Name = LAPTOP02 | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
Policy processing aborted.
Error - 19/01/2014 21:20:29 | Computer Name = LAPTOP02 | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
Policy processing aborted.
Error - 20/01/2014 02:48:18 | Computer Name = LAPTOP02 | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
Policy processing aborted.
[ System Events ]
Error - 16/01/2014 15:58:16 | Computer Name = LAPTOP02 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.64
with the system having network hardware address 00:16:6B:4E:8D:CA. Network operations
on this system may be disrupted as a result.
Error - 16/01/2014 15:58:17 | Computer Name = LAPTOP02 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.64
with the system having network hardware address 00:16:6B:4E:8D:CA. Network operations
on this system may be disrupted as a result.
Error - 16/01/2014 15:58:39 | Computer Name = LAPTOP02 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.64
with the system having network hardware address 00:16:6B:4E:8D:CA. Network operations
on this system may be disrupted as a result.
Error - 16/01/2014 15:58:40 | Computer Name = LAPTOP02 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.64
with the system having network hardware address 00:16:6B:4E:8D:CA. Network operations
on this system may be disrupted as a result.
Error - 16/01/2014 18:46:40 | Computer Name = LAPTOP02 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3
Error - 16/01/2014 18:54:05 | Computer Name = LAPTOP02 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
Error - 16/01/2014 18:54:05 | Computer Name = LAPTOP02 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 19/01/2014 17:34:17 | Computer Name = LAPTOP02 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0015AF6096DE.
Error - 19/01/2014 17:34:26 | Computer Name = LAPTOP02 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 19/01/2014 17:34:26 | Computer Name = LAPTOP02 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
< End of report >
Good Morning,
See some junk installed that can be effecting Chome, also your firewall, antivirus and windows updates are disabled, run malwarebytes again and have it fix it by checking remove selected or you can go into your Control Panel > Security Center and re enable those items.
Also looking at an infected Hosts file, this also is a problem we will address
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
cobolguy
2014-01-20, 20:22
Hi there. Output details below.
# AdwCleaner v3.017 - Report created 20/01/2014 at 17:57:37
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : sean - LAPTOP02
# Running from : C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\user.js
File Found : C:\Documents and Settings\sandra\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\user.js
File Found : C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Folder Found : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\Extensions\ffxtlbr@mysearchdial.com
Folder Found : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found C:\Documents and Settings\sandra\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\sean\Application Data\thinstall
Folder Found C:\Documents and Settings\sean\Local Settings\Application Data\genienext
Folder Found C:\Documents and Settings\sean\Local Settings\Application Data\Mobogenie
Folder Found C:\Documents and Settings\sean\Local Settings\Application Data\thinstall
Folder Found C:\Documents and Settings\sean\My Documents\Mobogenie
Folder Found C:\Program Files\Mobogenie
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\dt soft\daemon tools toolbar
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1618896267&ir=
-\\ Mozilla Firefox v
[ File : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\prefs.js ]
Line Found : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
[ File : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\prefs.js ]
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Documents and Settings\sandra\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Found : homepage
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [12321 octets] - [20/01/2014 17:57:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12382 octets] ##########
Great, thanks for the logs
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Then run a new scan with OTL and post that log. There wont be an extras log on the second run so don't knock yourself out looking for it, also if all the logs wont fit in one reply, take as many replies as you need to post them all. Please run the programs in the order listed
cobolguy
2014-01-21, 21:15
I'm pasting the adwcleaner log. The JRT process, its opened a dos screen, does not seem to be doing very much, not using a lot op cpu, small amount of disk activity, not much else. Any idea how long it is likely to run for ?
# AdwCleaner v3.017 - Report created 21/01/2014 at 07:33:37
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : sean - LAPTOP02
# Running from : C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Documents and Settings\sean\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\sean\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\sean\Local Settings\Application Data\thinstall
Folder Deleted : C:\Documents and Settings\sean\Application Data\thinstall
Folder Deleted : C:\Documents and Settings\sean\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\sandra\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\Extensions\ffxtlbr@mysearchdial.com
Folder Deleted : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
File Deleted : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\user.js
File Deleted : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\user.js
File Deleted : C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Documents and Settings\sandra\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v
[ File : C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
[ File : C:\Documents and Settings\sandra\Application Data\Mozilla\Firefox\Profiles\ti4a0nad.default\prefs.js ]
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Documents and Settings\sandra\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [12463 octets] - [20/01/2014 17:57:37]
AdwCleaner[R1].txt - [12524 octets] - [21/01/2014 07:31:39]
AdwCleaner[S0].txt - [12516 octets] - [21/01/2014 07:33:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12577 octets] ##########
Just close JRT , you can do that by pressing Ctrl....Alt...Del....on your keyboard and going into Task Manager, highlight JRT and select End Process
Run a new scan with OTL and post the log please
cobolguy
2014-01-21, 23:10
Hi Ken
Log file as requested.
OTL logfile created on: 21/01/2014 20:54:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.94 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 73.15% Memory free
3.10 Gb Paging File | 2.50 Gb Available in Paging File | 80.64% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 25.33 Gb Free Space | 28.32% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.21% Space Free | Partition Type: FAT32
Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Wireless Console 2\wcourier.exe ()
========== Services (SafeList) ==========
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR File not found
SRV - (OracleDBConsolesean01) -- C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (JoinMEUI Assistant Service) -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe ()
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (an69y4th) -- File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (zgwhsnmea) -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys (ZTE Incorporated)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (C2SCSI) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=A7FEA106-8456-46BC-8CD3-94B962590BAE&ind=2011102018&ptnrS=Y9xdm003YYgb&si=radiopi&n=77defb42&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=A7FEA106-8456-46BC-8CD3-94B962590BAE&ind=2011102018&ptnrS=Y9xdm003YYgb&si=radiopi&n=77defb42&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1618896267&ir=
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2B9579CC-CD7B-45AA-9B6E-7A22356DACBB}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2D63A974-1DA7-4317-98CC-6D625065FF50}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{4B16DFDC-D52F-41E7-B434-2CB3ADD87762}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: canitbecheaper@trafficbroker.co.uk:3.7.12
FF - prefs.js..extensions.enabledAddons: {C99D6302-E652-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.15
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C99D6302-E652-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\sean\Local Settings\Application Data\{C99D6302-E652-11E1-8270-B8AC6F996F26}\
[2008/06/22 06:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Extensions
[2014/01/21 07:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions
[2010/09/25 07:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/23 22:48:57 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/07/30 10:12:29 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\flashkiller@joli.clic
[2012/10/01 17:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged
[2012/08/17 18:12:56 | 000,344,664 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\autopager@mozilla.org.xpi
[2012/08/17 18:12:56 | 000,095,026 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2012/10/01 17:58:15 | 000,344,774 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\autopager@mozilla.org.xpi
[2012/10/01 17:58:12 | 000,070,902 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\canitbecheaper@trafficbroker.co.uk.xpi
[2013/12/20 00:10:22 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\yahoo.xml
========== Chrome ==========
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ch
CHR - plugin: First user (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/01/15 18:55:39 | 000,449,863 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-4204088417-295494685-3788373613-500..\Run: [] File not found
O4 - HKU\S-1-5-21-4204088417-295494685-3788373613-500..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab (GreasyPalmInstallHelper Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350936625281 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350936606734 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam1.ttu.ee/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisbury.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.22.201.135/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/21 18:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/21 07:30:52 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 07:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\PCHealth
[2014/01/20 21:46:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/20 20:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/20 19:14:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/20 19:12:52 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2014/01/20 19:12:05 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/20 19:12:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/20 17:56:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 22:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 22:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Application Data\ElevatedDiagnostics
[2014/01/15 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 22:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 21:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2014/01/15 21:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Application Data\Avira
[2014/01/15 21:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/15 21:13:57 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/01/15 21:13:55 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/01/15 21:13:53 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/01/15 21:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2014/01/15 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/15 20:01:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/15 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/01/12 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\Spotify
[2014/01/11 22:37:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/11 22:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/09 07:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/06 23:31:38 | 000,000,000 | ---D | C] -- C:\dansMemoryStick
[2014/01/06 19:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\My Documents\Probate
[2014/01/05 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014/01/03 22:07:07 | 000,000,000 | ---D | C] -- C:\mumphoto
[2014/01/03 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\mumphoto
[2013/12/27 11:04:38 | 000,000,000 | ---D | C] -- C:\Films
[2008/11/10 17:10:00 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/21 18:18:13 | 000,891,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/21 18:18:11 | 000,289,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/21 18:11:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/21 18:10:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/21 07:43:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/21 07:42:46 | 2079,576,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/21 07:32:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/21 07:31:06 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 06:59:06 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/21 00:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 17:56:51 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/16 19:56:19 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\O2 wireless box II - Home.url
[2014/01/15 21:17:56 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/15 20:01:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/15 18:55:39 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/15 18:55:28 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140115-185539.backup
[2014/01/14 18:51:20 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2014/01/13 22:26:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/12 23:31:03 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\Google Chrome.lnk
[2014/01/12 10:45:20 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140115-185527.backup
[2014/01/11 22:30:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140112-104520.backup
[2014/01/11 21:25:28 | 005,162,489 | R--- | M] (Swearware) -- C:\Documents and Settings\sean\Desktop\ComboFix.exe
[2014/01/06 22:46:53 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/03 21:20:30 | 000,140,736 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/03 21:15:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/02 19:01:02 | 004,819,207 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/20 17:56:36 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:25:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:25:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/15 23:00:20 | 2079,576,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/15 21:17:56 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/15 20:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/03 21:20:29 | 000,140,736 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/02 19:00:47 | 004,819,207 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[2013/12/20 21:11:04 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/20 21:05:02 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/09/16 00:08:49 | 000,258,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/15 23:39:33 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\sean\Application Data\Sys2662.Config.Repository.bin
[2013/05/31 22:43:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 21:43:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/20 21:43:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/20 21:43:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/20 21:43:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/20 21:43:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/22 20:21:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/14 00:31:20 | 004,469,910 | -H-- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\IconCache_sav.db
[2012/03/12 19:20:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\aopr.ini
========== ZeroAccess Check ==========
[2007/12/20 18:51:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 05:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/10/15 19:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF98000CC57F180B39EA7B07D287
[2014/01/15 21:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/07/14 10:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/04 21:49:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 12:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/02 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/05 22:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/08 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/05/13 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/07/14 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/08/16 23:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/07/28 22:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/01/06 19:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/01/03 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 22:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/07 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/04 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/03 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/14 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2013/05/10 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/05/31 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2013/06/24 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\AVG2013
[2012/04/19 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\HTC
[2008/10/21 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\PC Suite
[2010/04/15 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\Trusteer
[2010/01/02 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\DAEMON Tools Lite
[2014/01/11 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Dropbox
[2014/01/15 22:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ElevatedDiagnostics
[2013/12/19 19:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FinalTorrent
[2009/02/15 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FreeCall
[2012/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC
[2012/03/31 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008/05/24 22:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ieSpell
[2008/10/31 23:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\OfficeUpdate12
[2009/02/28 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\PC Suite
[2014/01/12 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Spotify
[2010/03/06 08:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Trusteer
[2014/01/11 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\uTorrent
[2011/06/10 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\WinBatch
[2008/08/24 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Xilisoft Corporation
========== Purity Check ==========
< End of report >
Hi, working up a fix for you but before I do can you tell me if you knowingly installed these two programs and use them ??
trafficbroker
autopager
cobolguy
2014-01-22, 21:30
hi, here is logfile from JRT process I tried to run but would not work the first time. I ran my antivirus tool and it picked up quite a few signatures which I deleted. I then ran the JRT process.
Seems to have improved but the Hardware Interrups & DPC's visible using process explorer still seem high. Alos laptop takes ages to boot up.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by sean on 22/01/2014 at 19:01:39.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2B9579CC-CD7B-45AA-9B6E-7A22356DACBB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/01/2014 at 19:08:36.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sean
Did you see my previous post about those two programs ???
cobolguy
2014-01-22, 23:13
Hi there.
No just seen your post. No I have not installed these programs.
I've just rebooted my laptop after running the jrt program to see if it made any difference. It took over 5 mins to get to the windows login screen, then probably 10 mins to get the windows GUI up and accessable. Disk access is constant. I've had this before and I'm sure I posted something on this site when another expert at spybot helped me.
Anyway a bit thanks for your time :)
Look forward to your reply post.
Sean
OK, lets do this. When you copy and paste the fix into OTL it has to start with :OTL and end with Reboot or the fix wont work so make sure you copy and paste the whole thing into the fix
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=A7FEA106-8456-46BC-8CD3-94B962590BAE&ind=2011102018&ptnrS=Y9xdm003YYgb&si=radiopi&n=77defb42&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=A7FEA106-8456-46BC-8CD3-94B962590BAE&ind=2011102018&ptnrS=Y9xdm003YYgb&si=radiopi&n=77defb42&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyE0FzytCyEzzzz0D0BzztN0D0Tzu0CyBtCzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1618896267&ir=
[2012/08/17 18:12:56 | 000,344,664 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\autopager@mozilla.org.xpi
[2012/08/17 18:12:56 | 000,095,026 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2012/10/01 17:58:15 | 000,344,774 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\autopager@mozilla.org.xpi
[2012/10/01 17:58:12 | 000,070,902 | ---- | M] () (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\canitbecheaper@trafficbroker.co.uk.xpi
CHR - default_search_provider: Mysearchdial
[2014/01/15 18:55:28 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140115-185539.backup
[2014/01/12 10:45:20 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140115-185527.backup
[2014/01/11 22:30:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140112-104520.backup
[2014/01/15 22:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ElevatedDiagnostics
[2013/12/19 19:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FinalTorrent
[2014/01/11 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\uTorrent
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
cobolguy
2014-01-23, 00:23
Here is the output. Laptop still runs like a dog.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
Registry key HKEY_USERS\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
Registry key HKEY_USERS\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\autopager@mozilla.org.xpi moved successfully.
C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi moved successfully.
C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\autopager@mozilla.org.xpi moved successfully.
C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged\canitbecheaper@trafficbroker.co.uk.xpi moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
C:\WINDOWS\system32\drivers\etc\hosts.20140115-185539.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20140115-185527.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20140112-104520.backup moved successfully.
C:\Documents and Settings\sean\Application Data\ElevatedDiagnostics\2035183873 folder moved successfully.
C:\Documents and Settings\sean\Application Data\ElevatedDiagnostics folder moved successfully.
C:\Documents and Settings\sean\Application Data\FinalTorrent folder moved successfully.
C:\Documents and Settings\sean\Application Data\uTorrent folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\sean\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: Administrator
User: All Users
User: Config.Msi
User: Default User
User: LocalService
User: NetworkService
User: sandra
->Java cache emptied: 157791 bytes
User: sean
->Java cache emptied: 3443668 bytes
Total Java Files Cleaned = 3.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 567 bytes
User: All Users
User: Config.Msi
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 75 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Flash cache emptied: 810 bytes
User: sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 488812 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66258811 bytes
->Google Chrome cache emptied: 385803673 bytes
->Flash cache emptied: 5179 bytes
User: sean
->Temp folder emptied: 222160901 bytes
->Temporary Internet Files folder emptied: 384017776 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 247764037 bytes
->Google Chrome cache emptied: 412603551 bytes
->Flash cache emptied: 1309 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 5386626 bytes
RecycleBin emptied: 115685656 bytes
Total Files Cleaned = 1,755.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01222014_214934
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF13BD.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF13DA.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF14DC.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF1504.tmp not found!
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\VVZA4QPI\how-to-restore-windows-firewall-after-some-malware-deleted-its-service[1].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\VVZA4QPI\maps[1].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\9XGHTENX\search[4].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\9DXI95X8\read[1].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\9DXI95X8\showthread[1].php moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\013SWY6G\openhand_8_8[1].bmp moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\013SWY6G\search[10].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OK, lots of other tools at our disposal but before we do run a new Scan with OTL and post the log please
cobolguy
2014-01-23, 01:29
laptop response really bad, slow, so slow. here is the log.................................
OTL logfile created on: 22/01/2014 22:46:09 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.94 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 71.92% Memory free
3.10 Gb Paging File | 2.48 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 27.18 Gb Free Space | 30.39% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.21% Space Free | Partition Type: FAT32
Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\inetupgrade_laptop02\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Wireless Console 2\wcourier.exe ()
========== Services (SafeList) ==========
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR File not found
SRV - (OracleDBConsolesean01) -- C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (JoinMEUI Assistant Service) -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe ()
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MFE_RR) -- C:\DOCUME~1\sean\LOCALS~1\Temp\mfe_rr.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (apgp3syx) -- File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (zgwhsnmea) -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys (ZTE Incorporated)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (C2SCSI) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2D63A974-1DA7-4317-98CC-6D625065FF50}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{4B16DFDC-D52F-41E7-B434-2CB3ADD87762}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: canitbecheaper@trafficbroker.co.uk:3.7.12
FF - prefs.js..extensions.enabledAddons: {C99D6302-E652-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.15
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C99D6302-E652-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\sean\Local Settings\Application Data\{C99D6302-E652-11E1-8270-B8AC6F996F26}\
[2008/06/22 06:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Extensions
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions
[2010/09/25 07:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/23 22:48:57 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/07/30 10:12:29 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\flashkiller@joli.clic
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged
[2013/12/20 00:10:22 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\yahoo.xml
========== Chrome ==========
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ch
CHR - plugin: First user (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/01/22 21:49:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-4204088417-295494685-3788373613-500..\Run: [] File not found
O4 - HKU\S-1-5-21-4204088417-295494685-3788373613-500..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab (GreasyPalmInstallHelper Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350936625281 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350936606734 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam1.ttu.ee/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisbury.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.22.201.135/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/22 21:49:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/22 18:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Napster
[2014/01/21 18:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/21 07:30:52 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 07:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\PCHealth
[2014/01/20 20:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/20 19:14:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/20 19:12:52 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2014/01/20 19:12:05 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/20 19:12:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/20 17:56:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 22:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 22:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 21:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Application Data\Avira
[2014/01/15 21:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/15 21:13:57 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/01/15 21:13:55 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/01/15 21:13:53 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/01/15 21:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2014/01/15 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/15 20:01:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/15 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/01/12 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\Spotify
[2014/01/11 22:37:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/11 22:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/09 07:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/06 23:31:38 | 000,000,000 | ---D | C] -- C:\dansMemoryStick
[2014/01/06 19:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\My Documents\Probate
[2014/01/05 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014/01/03 22:07:07 | 000,000,000 | ---D | C] -- C:\mumphoto
[2014/01/03 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\mumphoto
[2013/12/27 11:04:38 | 000,000,000 | ---D | C] -- C:\Films
[2008/11/10 17:10:00 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
========== Files - Modified Within 30 Days ==========
[2014/01/22 22:16:26 | 000,903,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/22 22:16:24 | 000,297,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/22 22:14:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/22 22:04:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/22 22:03:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/22 22:03:16 | 2079,576,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/22 21:49:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/22 19:35:39 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2014/01/22 19:32:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/22 18:43:51 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/21 07:31:06 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 06:59:06 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/21 00:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 17:56:51 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/16 19:56:19 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\O2 wireless box II - Home.url
[2014/01/15 21:17:56 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/15 20:01:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/15 18:55:39 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140121-230115.backup
[2014/01/13 22:26:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/12 23:31:03 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\Google Chrome.lnk
[2014/01/11 21:25:28 | 005,162,489 | R--- | M] (Swearware) -- C:\Documents and Settings\sean\Desktop\ComboFix.exe
[2014/01/06 22:46:53 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/03 21:20:30 | 000,140,736 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/03 21:15:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/02 19:01:02 | 004,819,207 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
========== Files Created - No Company Name ==========
[2014/01/22 18:43:51 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/22 18:31:34 | 2079,576,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 17:56:36 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:25:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:25:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/15 21:17:56 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/15 20:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/03 21:20:29 | 000,140,736 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/02 19:00:47 | 004,819,207 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[2013/12/20 21:11:04 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/20 21:05:02 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/09/16 00:08:49 | 000,258,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/15 23:39:33 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\sean\Application Data\Sys2662.Config.Repository.bin
[2013/05/31 22:43:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 21:43:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/20 21:43:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/20 21:43:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/20 21:43:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/20 21:43:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/22 20:21:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/14 00:31:20 | 004,469,910 | -H-- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\IconCache_sav.db
[2012/03/12 19:20:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\aopr.ini
========== ZeroAccess Check ==========
[2007/12/20 18:51:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 05:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/10/15 19:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF98000CC57F180B39EA7B07D287
[2013/07/14 10:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/04 21:49:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 12:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/02 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/05 22:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/08 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/05/13 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/07/14 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/22 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/07/28 22:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/01/06 19:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/01/03 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 22:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/07 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/04 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/03 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/14 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2013/05/10 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/05/31 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2013/06/24 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\AVG2013
[2012/04/19 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\HTC
[2008/10/21 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\PC Suite
[2010/04/15 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\Trusteer
[2010/01/02 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\DAEMON Tools Lite
[2014/01/11 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Dropbox
[2009/02/15 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FreeCall
[2012/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC
[2012/03/31 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008/05/24 22:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ieSpell
[2008/10/31 23:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\OfficeUpdate12
[2009/02/28 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\PC Suite
[2014/01/12 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Spotify
[2010/03/06 08:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Trusteer
[2011/06/10 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\WinBatch
[2008/08/24 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Xilisoft Corporation
========== Purity Check ==========
< End of report >
Still see some bad stuff in Firefox and a some in Chome, sometimes its hard to remove the entries in your browser so lets set both FF and Chome back to defaults like when you first installed it
Open Firefox
Click on Help > Troubleshooting Information > Reset Firefox to its default state
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Down on the bottom you will see an option for RESET BROWSER SETTINGS
Click on it and it will set Chome back to defaults
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
cobolguy
2014-01-23, 20:44
Hi.
Could not disable avira antivirus so I ran with it on. To stop it I would of had to reboot my laptop and it would have taken ages to reload. If you want me to do that and run it again I will.
ComboFix 14-01-23.02 - sean 23/01/2014 18:17:51.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1983.1364 [GMT 0:00]
Running from: c:\documents and settings\sean\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\sean\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\rsopprov.exe
C:\Thumbs.db
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-12-23 to 2014-01-23 )))))))))))))))))))))))))))))))
.
.
2014-01-22 21:49 . 2014-01-22 21:49 -------- d-----w- C:\_OTL
2014-01-21 18:20 . 2014-01-21 18:20 -------- d-----w- c:\windows\ERUNT
2014-01-21 07:14 . 2014-01-21 07:14 -------- d-----w- c:\documents and settings\sean\Local Settings\Application Data\PCHealth
2014-01-20 20:27 . 2014-01-20 20:38 -------- d-----w- c:\windows\system32\MRT
2014-01-20 19:14 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2014-01-20 19:12 . 2013-07-17 00:58 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2014-01-20 19:12 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2014-01-20 19:12 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2014-01-20 17:56 . 2014-01-21 07:34 -------- d-----w- C:\AdwCleaner
2014-01-15 21:26 . 2014-01-15 21:26 -------- d-----w- c:\documents and settings\sean\Application Data\Avira
2014-01-03 22:07 . 2014-01-06 22:52 -------- d-----w- C:\mumphoto
2014-01-03 22:06 . 2014-01-03 22:06 -------- d-----w- c:\documents and settings\sean\mumphoto
2013-12-27 11:04 . 2013-12-27 11:05 -------- d-----w- C:\Films
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-27 20:21 . 2008-05-23 09:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2008-05-23 09:06 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2006-08-17 09:54 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-17 14:49 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2008-05-23 09:06 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2006-08-17 09:54 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2006-08-17 09:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2006-08-17 09:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2006-08-17 09:54 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2006-08-17 09:54 385024 ----a-w- c:\windows\system32\html.iec
2003-08-27 14:19 . 2008-11-10 17:10 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\sean\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\sean\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\sean\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\sean\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\documents and settings\sean\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-03-19 16:31 92520 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Details.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PC Details.lnk
backup=c:\windows\pss\PC Details.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^sean^Start Menu^Programs^Startup^CCC.lnk]
path=c:\documents and settings\sean\Start Menu\Programs\Startup\CCC.lnk
backup=c:\windows\pss\CCC.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^sean^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\sean\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^sean^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\sean\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR]
2006-01-02 18:14 61440 -c--a-w- c:\windows\ABLKSR\ABLKSR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2007-07-10 09:59 851968 -c--a-w- c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2007-04-17 00:06 372825 ----a-w- c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 02:43 69632 -c--a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2007-12-20 19:46 33136 -c--a-w- c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]
2007-01-16 15:13 106496 -c--a-w- c:\windows\system32\ASUSTPE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2013-12-09 11:37 684600 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
2005-10-03 10:23 20480 ------w- c:\windows\CameraFixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvMon.exe]
2004-11-29 09:55 53248 -c----w- c:\windows\system32\DrvMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R285 Series]
2007-04-13 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICKE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2012-04-17 14:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JoinMEUIExec]
2009-03-10 17:50 131072 -c--a-w- c:\program files\PC Suite\JoinMEUIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\O2]
2008-03-28 22:47 198184 -c--a-w- c:\program files\O2\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
2006-07-26 17:01 90112 -c--a-w- c:\program files\ASUS\Power4 Gear\BatteryLife.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01 32768 -c--a-w- c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-08 21:13 1695744 -c--a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-10-30 03:49 16269312 -c--a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 16:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 02:04 2879488 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-01-12 21:17 1193176 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 12:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 09:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-05 22:28 202256 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-11-04 14:05 90112 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"w3svc"=2 (0x2)
"IISADMIN"=2 (0x2)
"Apache2.2"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"JoinMEUI Assistant Service"=2 (0x2)
"Secunia PSI Agent"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"sprtsvc_O2"=3 (0x3)
"PassThru Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\sean\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11450:TCP"= 11450:TCP:Remote Assistance Local
"7550:TCP"= 7550:TCP:Remote Assistance Remote
"5910:TCP"= 5910:TCP:vnc5910
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/01/2010 12:37 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15/01/2014 21:13 37352]
R1 C2SCSI;C2SCSI;c:\windows\system32\drivers\c2scsi.sys [28/05/2009 21:33 230272]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/01/2014 21:14 440376]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [15/01/2014 21:14 1011768]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [28/07/2010 20:08 27632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [31/03/2012 22:51 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 17:01 21248]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [28/07/2010 19:17 9728]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\sean\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\sean\LOCALS~1\Temp\mfe_rr.sys [?]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [28/07/2010 19:17 106752]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [28/07/2010 19:17 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [28/07/2010 19:17 106752]
S4 JoinMEUI Assistant Service;JoinMEUI Assistant Service;c:\program files\PC Suite\JoinMEAssistantServices.exe [28/07/2010 19:16 242688]
S4 OracleDBConsolesean01;OracleDBConsolesean01;c:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe --> c:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe [?]
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR --> c:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR [?]
S4 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 11:06 88576]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 09:34 171680]
S4 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 23:29 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2014-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: skillport.com
Trusted Zone: skillsoft.com\support
Trusted Zone: skillwsa.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} - hxxp://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab
DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} - hxxp://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.22.201.135/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SMSERIAL - c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
MSConfigStartUp-W5SkK5uFBsyfTaOaUziZJu9jsUI= - c:\documents and settings\sean\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\rsopprov.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-23 18:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4204088417-295494685-3788373613-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,11,9e,94,14,61,1b,4b,9c,0a,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,11,9e,94,14,61,1b,4b,9c,0a,ef,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2014-01-23 18:40:31
ComboFix-quarantined-files.txt 2014-01-23 18:40
ComboFix2.txt 2014-01-11 22:32
ComboFix3.txt 2013-09-16 20:10
ComboFix4.txt 2012-10-22 17:20
.
Pre-Run: 28,860,767,744 bytes free
Post-Run: 28,842,680,320 bytes free
.
- - End Of File - - 92D95528937FEBB78FD0E0D3A73F04BF
8F558EB6672622401DA993E1E865C861
Not much removed, you do have an awful lot of things running on start up ??
Did you reset Firefox back to defaults ?
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
cobolguy
2014-01-24, 00:42
Hi Ken.
Will run tdskiller in a mo. I dont believe I still have firefox installed so I cant reset it. Reset Chrome as requested. Also I'm not aware of 'alot of start up processes' being activated. msconfig shows only 4 initiated a boot time. I'll run what you advised now.
cobolguy
2014-01-24, 00:58
Hi Ken
Ran as requested. Did not get a request to continue and then reboot machine.
Here is the log. (part 1 as its too long)
22:46:19.0359 0x0e2c TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
22:46:23.0000 0x0e2c ============================================================
22:46:23.0000 0x0e2c Current date / time: 2014/01/23 22:46:23.0000
22:46:23.0000 0x0e2c SystemInfo:
22:46:23.0031 0x0e2c
22:46:23.0031 0x0e2c OS Version: 5.1.2600 ServicePack: 3.0
22:46:23.0031 0x0e2c Product type: Workstation
22:46:23.0031 0x0e2c ComputerName: LAPTOP02
22:46:23.0031 0x0e2c UserName: sean
22:46:23.0031 0x0e2c Windows directory: C:\WINDOWS
22:46:23.0031 0x0e2c System windows directory: C:\WINDOWS
22:46:23.0031 0x0e2c Processor architecture: Intel x86
22:46:23.0031 0x0e2c Number of processors: 2
22:46:23.0031 0x0e2c Page size: 0x1000
22:46:23.0031 0x0e2c Boot type: Normal boot
22:46:23.0031 0x0e2c ============================================================
22:46:27.0375 0x0e2c KLMD registered as C:\WINDOWS\system32\drivers\49004367.sys
22:46:29.0296 0x0e2c System UUID: {0B8DD707-0C7E-5216-2946-898596518924}
22:46:33.0656 0x0e2c Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:46:33.0718 0x0e2c ============================================================
22:46:33.0718 0x0e2c \Device\Harddisk0\DR0:
22:46:33.0718 0x0e2c MBR partitions:
22:46:33.0718 0x0e2c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7D047E, BlocksNum 0xB2DAD1A
22:46:33.0750 0x0e2c \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xBAAB1D7, BlocksNum 0x6F6D8EA
22:46:33.0750 0x0e2c ============================================================
22:46:33.0843 0x0e2c C: <-> \Device\Harddisk0\DR0\Partition1
22:46:33.0859 0x0e2c D: <-> \Device\Harddisk0\DR0\Partition2
22:46:33.0859 0x0e2c ============================================================
22:46:33.0859 0x0e2c Initialize success
22:46:33.0859 0x0e2c ============================================================
22:47:12.0734 0x0d7c ============================================================
22:47:12.0734 0x0d7c Scan started
22:47:12.0734 0x0d7c Mode: Manual; TDLFS;
22:47:12.0734 0x0d7c ============================================================
22:47:12.0734 0x0d7c KSN ping started
22:47:15.0296 0x0d7c KSN ping finished: true
22:47:17.0343 0x0d7c ================ Scan system memory ========================
22:47:17.0343 0x0d7c System memory - ok
22:47:17.0343 0x0d7c ================ Scan services =============================
22:47:18.0000 0x0d7c Abiosdsk - ok
22:47:18.0015 0x0d7c abp480n5 - ok
22:47:18.0187 0x0d7c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:47:18.0328 0x0d7c ACPI - ok
22:47:18.0718 0x0d7c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:47:18.0734 0x0d7c ACPIEC - ok
22:47:19.0031 0x0d7c [ A3E3552E9E99E9A690A12A25973EF30A, 0D457099D79FCCC3DA8B6EB3CD27D7409FEE953A518242043049C0D0A0CC255D ] ACS C:\WINDOWS\system32\acs.exe
22:47:19.0265 0x0d7c ACS - ok
22:47:19.0281 0x0d7c adpu160m - ok
22:47:19.0406 0x0d7c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:47:19.0500 0x0d7c aec - ok
22:47:19.0656 0x0d7c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:47:19.0765 0x0d7c AFD - ok
22:47:19.0781 0x0d7c Aha154x - ok
22:47:19.0796 0x0d7c aic78u2 - ok
22:47:19.0796 0x0d7c aic78xx - ok
22:47:19.0859 0x0d7c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:47:19.0875 0x0d7c Alerter - ok
22:47:19.0921 0x0d7c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
22:47:19.0921 0x0d7c ALG - ok
22:47:19.0937 0x0d7c AliIde - ok
22:47:19.0953 0x0d7c amsint - ok
22:47:21.0203 0x0d7c [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:47:21.0921 0x0d7c AntiVirSchedulerService - ok
22:47:22.0656 0x0d7c [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:47:23.0343 0x0d7c AntiVirService - ok
22:47:25.0015 0x0d7c [ 29D956C8CB67222D678FAF20D485B25B, 8833B3D2BC6D9ABEFFF77826A0CFE178488B28F98375FE3151CD7A49B5CB18B5 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:47:26.0531 0x0d7c AntiVirWebService - ok
22:47:26.0703 0x0d7c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:47:26.0843 0x0d7c AppMgmt - ok
22:47:27.0218 0x0d7c [ 6D5F95602B8D0D994D31A864872B38EF, E200D48DB4831D5073D1583067D254CD5C3F70557F07CAF77A26A4672FB32F8E ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
22:47:27.0531 0x0d7c AR5211 - ok
22:47:28.0578 0x0d7c [ 43CB9E73A60D27AD069046B88CC4EFEB, C5E8275F8E5BB5BF2EA79CC68913C900B3EAFDB70DA9A2B5B7F6409B9886D1BB ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
22:47:29.0562 0x0d7c AR5416 - ok
22:47:29.0578 0x0d7c asc - ok
22:47:29.0593 0x0d7c asc3350p - ok
22:47:29.0609 0x0d7c asc3550 - ok
22:47:29.0875 0x0d7c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:47:29.0890 0x0d7c aspnet_state - ok
22:47:29.0937 0x0d7c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:47:29.0953 0x0d7c AsyncMac - ok
22:47:30.0046 0x0d7c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:47:30.0046 0x0d7c atapi - ok
22:47:30.0109 0x0d7c [ 5DD646E4C9E447D83D7E781EF202F709, 6A54D0E1776CD14E94D1A5C9B89B8C9635A20E23E89C9BF0357AD60EE00D88DE ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys
22:47:30.0125 0x0d7c AtcL002 - ok
22:47:30.0125 0x0d7c Atdisk - ok
22:47:30.0578 0x0d7c [ 29B2874B3956B62C0DBEA32D75A8E776, 9C9EB56F9D4052C29EB42894BE5C9010CA9E4EF19E3E11DB7E20846B51E0B876 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:47:30.0859 0x0d7c Ati HotKey Poller - ok
22:47:32.0359 0x0d7c [ A1789368B4A31D2111AF7AEDA0C8D3FC, 34437146050146FE03627BB3B1EE063BB4F10A985C70B317925A6D40E83B85FD ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:47:33.0812 0x0d7c ati2mtag - ok
22:47:33.0906 0x0d7c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:47:33.0937 0x0d7c Atmarpc - ok
22:47:34.0015 0x0d7c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:47:34.0046 0x0d7c AudioSrv - ok
22:47:34.0093 0x0d7c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:47:34.0093 0x0d7c audstub - ok
22:47:34.0296 0x0d7c [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:47:34.0359 0x0d7c avgntflt - ok
22:47:34.0625 0x0d7c [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:47:34.0859 0x0d7c avipbb - ok
22:47:34.0937 0x0d7c [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:47:34.0968 0x0d7c avkmgr - ok
22:47:35.0031 0x0d7c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:47:35.0031 0x0d7c Beep - ok
22:47:35.0312 0x0d7c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
22:47:35.0546 0x0d7c BITS - ok
22:47:35.0703 0x0d7c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
22:47:35.0781 0x0d7c Browser - ok
22:47:35.0796 0x0d7c btaudio - ok
22:47:35.0812 0x0d7c BTDriver - ok
22:47:35.0843 0x0d7c [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:47:35.0859 0x0d7c BthEnum - ok
22:47:35.0921 0x0d7c [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
22:47:35.0953 0x0d7c BTHMODEM - ok
22:47:36.0031 0x0d7c [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:47:36.0093 0x0d7c BthPan - ok
22:47:36.0296 0x0d7c [ 662BFD909447DD9CC15B1A1C366583B4, 2E012304336769C24A6EFB4D975BA3F21289827A5EB4C9A8216E941344348447 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
22:47:36.0453 0x0d7c BTHPORT - ok
22:47:36.0515 0x0d7c [ F4C43C66471B87996D95DB7A3A664A37, C7324DBF75376578EC254FD64E2564FEF9A35B58DFE1095389F769F37EA68B21 ] BthServ C:\WINDOWS\System32\bthserv.dll
22:47:36.0546 0x0d7c BthServ - ok
22:47:36.0593 0x0d7c [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:47:36.0609 0x0d7c BTHUSB - ok
22:47:36.0625 0x0d7c BTWDNDIS - ok
22:47:36.0640 0x0d7c btwhid - ok
22:47:36.0656 0x0d7c BTWUSB - ok
22:47:36.0890 0x0d7c [ 5EF19C203288228354F8A98F80702D6B, BE38D79A8724372BCB8AB27E1798E7875DF7B40F968416E5313208B0DC8B5F7B ] C2SCSI C:\WINDOWS\system32\drivers\C2SCSI.sys
22:47:37.0062 0x0d7c C2SCSI - ok
22:47:37.0203 0x0d7c catchme - ok
22:47:37.0234 0x0d7c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:47:37.0250 0x0d7c cbidf2k - ok
22:47:37.0281 0x0d7c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:47:37.0296 0x0d7c CCDECODE - ok
22:47:37.0312 0x0d7c cd20xrnt - ok
22:47:37.0343 0x0d7c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:47:37.0359 0x0d7c Cdaudio - ok
22:47:37.0453 0x0d7c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:47:37.0500 0x0d7c Cdfs - ok
22:47:37.0578 0x0d7c [ 6674BB4A919220D05BD002BBF6081AAA, 4A77D25FA6D4091A7F93B2990A39CDA25C238599A8DA5694D8003C4084066353 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
22:47:37.0609 0x0d7c Cdr4_xp - ok
22:47:37.0640 0x0d7c [ 8822A9246C20AF99686E65710C7D6A5D, E8378C91CA19C6B2552211FD3F05C6477FD53A942EFDF194593AE7D586AE0AD4 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
22:47:37.0671 0x0d7c Cdralw2k - ok
22:47:37.0718 0x0d7c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:47:37.0765 0x0d7c Cdrom - ok
22:47:38.0046 0x0d7c [ 66B9F9C62721F2347211C0C9BCCE4E98, 66688DFAC99F0BE51BE96D5A814698C50D3C38AB9F261C24FD2CC6B0D9D4E2FC ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
22:47:38.0265 0x0d7c cdudf_xp - ok
22:47:38.0265 0x0d7c Changer - ok
22:47:38.0312 0x0d7c [ F6A0F51706CB4B0D5B8718FF69F831BA, C9BD0A1D10293466330B57F0F85B89F0609985C19F40F5B096F897C6C8A144D4 ] Cinemsup C:\WINDOWS\system32\drivers\Cinemsup.sys
22:47:38.0328 0x0d7c Cinemsup - ok
22:47:38.0375 0x0d7c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:47:38.0375 0x0d7c CiSvc - ok
22:47:38.0406 0x0d7c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:47:38.0421 0x0d7c ClipSrv - ok
22:47:38.0593 0x0d7c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:47:38.0687 0x0d7c clr_optimization_v2.0.50727_32 - ok
22:47:38.0828 0x0d7c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:47:38.0937 0x0d7c clr_optimization_v4.0.30319_32 - ok
22:47:38.0984 0x0d7c [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:47:38.0984 0x0d7c CmBatt - ok
22:47:39.0000 0x0d7c CmdIde - ok
22:47:39.0046 0x0d7c [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:47:39.0062 0x0d7c Compbatt - ok
22:47:39.0078 0x0d7c COMSysApp - ok
22:47:39.0109 0x0d7c Cpqarray - ok
22:47:39.0203 0x0d7c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:47:39.0250 0x0d7c CryptSvc - ok
22:47:39.0265 0x0d7c dac2w2k - ok
22:47:39.0281 0x0d7c dac960nt - ok
22:47:39.0656 0x0d7c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:47:39.0984 0x0d7c DcomLaunch - ok
22:47:40.0109 0x0d7c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:47:40.0203 0x0d7c Dhcp - ok
22:47:40.0265 0x0d7c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:47:40.0296 0x0d7c Disk - ok
22:47:40.0296 0x0d7c dmadmin - ok
22:47:40.0500 0x0d7c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:47:40.0671 0x0d7c dmboot - ok
22:47:40.0859 0x0d7c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:47:40.0984 0x0d7c dmio - ok
22:47:41.0015 0x0d7c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:47:41.0015 0x0d7c dmload - ok
22:47:41.0078 0x0d7c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
22:47:41.0093 0x0d7c dmserver - ok
22:47:41.0156 0x0d7c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:47:41.0187 0x0d7c DMusic - ok
22:47:41.0265 0x0d7c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:47:41.0312 0x0d7c Dnscache - ok
22:47:41.0421 0x0d7c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:47:41.0500 0x0d7c Dot3svc - ok
22:47:41.0515 0x0d7c dpti2o - ok
22:47:41.0531 0x0d7c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:47:41.0531 0x0d7c drmkaud - ok
22:47:41.0640 0x0d7c [ 7DF2E645FBDA7CDE94FCABBA7F0DE4C2, 7F67DD3DDEEC82DCBE44F8FC4D584F4BEC5DD42FB8C45B9A238E1F7E4408E0FE ] drvmcdb C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
22:47:41.0718 0x0d7c drvmcdb - ok
22:47:41.0875 0x0d7c [ 1D5EDA9961B16B8E800639038D7492AD, 2489116240E96D97CF77F50E356ACAAB4B8CF321E53FA6809C044C294BAD1230 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
22:47:41.0984 0x0d7c DVDVRRdr_xp - ok
22:47:42.0031 0x0d7c [ DF112F6F01EFEDC21C9BC5CE822CE1D3, 0FD381CD8E5B0328688887D31F8E53CE87AC44CB4DD69E0974A63C1342CBBB5C ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
22:47:42.0046 0x0d7c dvd_2K - ok
22:47:42.0093 0x0d7c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:47:42.0125 0x0d7c EapHost - ok
22:47:42.0171 0x0d7c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:47:42.0187 0x0d7c ERSvc - ok
22:47:42.0328 0x0d7c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
22:47:42.0359 0x0d7c Eventlog - ok
22:47:42.0609 0x0d7c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
22:47:42.0796 0x0d7c EventSystem - ok
22:47:42.0968 0x0d7c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:47:43.0078 0x0d7c Fastfat - ok
22:47:43.0218 0x0d7c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:47:43.0328 0x0d7c FastUserSwitchingCompatibility - ok
22:47:43.0359 0x0d7c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:47:43.0390 0x0d7c Fdc - ok
22:47:43.0437 0x0d7c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:47:43.0468 0x0d7c Fips - ok
22:47:43.0500 0x0d7c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:47:43.0515 0x0d7c Flpydisk - ok
22:47:43.0640 0x0d7c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:47:43.0734 0x0d7c FltMgr - ok
22:47:43.0843 0x0d7c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:47:43.0859 0x0d7c FontCache3.0.0.0 - ok
22:47:43.0875 0x0d7c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:47:43.0875 0x0d7c Fs_Rec - ok
22:47:43.0984 0x0d7c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:47:44.0078 0x0d7c Ftdisk - ok
22:47:44.0125 0x0d7c [ F2F431D1573EE632975C524418655B84, 4AE27D0AE3A35FF18DF7E341698DF62C51698FB964395DDB69C45C778CCCC27E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:47:44.0156 0x0d7c GEARAspiWDM - ok
22:47:44.0156 0x0d7c getPlusHelper - ok
22:47:44.0218 0x0d7c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:47:44.0250 0x0d7c Gpc - ok
22:47:44.0437 0x0d7c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:47:44.0531 0x0d7c gupdate - ok
22:47:44.0640 0x0d7c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:47:44.0640 0x0d7c gupdatem - ok
22:47:44.0859 0x0d7c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:47:45.0000 0x0d7c gusvc - ok
22:47:45.0156 0x0d7c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:47:45.0265 0x0d7c HDAudBus - ok
22:47:45.0375 0x0d7c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:47:45.0406 0x0d7c helpsvc - ok
22:47:45.0453 0x0d7c [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:47:45.0468 0x0d7c HidServ - ok
22:47:45.0515 0x0d7c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:47:45.0531 0x0d7c HidUsb - ok
22:47:45.0593 0x0d7c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:47:45.0625 0x0d7c hkmsvc - ok
22:47:45.0640 0x0d7c hpn - ok
22:47:45.0718 0x0d7c [ CBD09ED9CF6822177EE85AEA4D8816A2, 369897B4609B3FE55F9A82F19E38116E2E6527E349D48A956607EDED71F664D2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
22:47:45.0734 0x0d7c HTCAND32 - ok
22:47:45.0781 0x0d7c [ 04E3B3554076B8192A668EFE88A682A1, 95EE46A1100178CC1989D61897239C09694647CA638E25CED10005730728E7A5 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
22:47:45.0796 0x0d7c htcnprot - ok
22:47:46.0125 0x0d7c [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:47:46.0312 0x0d7c HTTP - ok
22:47:46.0375 0x0d7c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:47:46.0390 0x0d7c HTTPFilter - ok
22:47:46.0390 0x0d7c i2omgmt - ok
22:47:46.0406 0x0d7c i2omp - ok
22:47:46.0468 0x0d7c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:47:46.0500 0x0d7c i8042prt - ok
22:47:46.0625 0x0d7c [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:47:46.0656 0x0d7c IDriverT - ok
22:47:47.0109 0x0d7c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:47:47.0468 0x0d7c idsvc - ok
22:47:47.0546 0x0d7c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:47:47.0578 0x0d7c Imapi - ok
22:47:47.0734 0x0d7c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
22:47:47.0812 0x0d7c ImapiService - ok
22:47:47.0828 0x0d7c ini910u - ok
22:47:51.0234 0x0d7c [ 47F27AF890DA3E51C633FDD510910115, 87C24975ABF67349B70AFAB18A3C213F60CCD6A23BD5035504D9C831F75232FB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:47:54.0625 0x0d7c IntcAzAudAddService - ok
22:47:54.0671 0x0d7c IntelIde - ok
22:47:54.0718 0x0d7c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:47:54.0734 0x0d7c intelppm - ok
22:47:54.0781 0x0d7c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:47:54.0812 0x0d7c Ip6Fw - ok
22:47:54.0875 0x0d7c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:54.0890 0x0d7c IpFilterDriver - ok
22:47:54.0921 0x0d7c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:47:54.0937 0x0d7c IpInIp - ok
22:47:55.0015 0x0d7c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:47:55.0093 0x0d7c IpNat - ok
22:47:55.0156 0x0d7c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:47:55.0218 0x0d7c IPSec - ok
22:47:55.0265 0x0d7c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:47:55.0265 0x0d7c IRENUM - ok
22:47:55.0328 0x0d7c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:47:55.0359 0x0d7c isapnp - ok
22:47:55.0609 0x0d7c [ 691B9B7C0CC1653732717D292D6B305D, 4385B4B686A78912018EF974134FDD71FBE9843DDEDF1E6C305B2AAB342D5902 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:47:55.0718 0x0d7c JavaQuickStarterService - ok
22:47:55.0984 0x0d7c [ 928034ECCE50DC6AB6C4CD575B78BD10, 3612A510B9E80C31835FDF43E88309D79317E70209F5788F0ED1174E555AE86F ] JoinMEUI Assistant Service C:\Program Files\PC Suite\JoinMEAssistantServices.exe
22:47:56.0171 0x0d7c JoinMEUI Assistant Service - ok
22:47:56.0234 0x0d7c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:47:56.0250 0x0d7c Kbdclass - ok
22:47:56.0281 0x0d7c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:47:56.0296 0x0d7c kbdhid - ok
22:47:56.0312 0x0d7c [ CC2A86D7BBF14977340DCA61BBCBA771, 25A7EFE04D4972FB46DD9F0D89AD7E2168B3B91DF354FC607A29719DE23CE826 ] kbfiltr C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
22:47:56.0312 0x0d7c kbfiltr - ok
22:47:56.0515 0x0d7c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:47:56.0640 0x0d7c kmixer - ok
22:47:56.0765 0x0d7c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:47:56.0843 0x0d7c KSecDD - ok
22:47:56.0937 0x0d7c [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:47:57.0015 0x0d7c lanmanserver - ok
22:47:57.0187 0x0d7c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:47:57.0312 0x0d7c LanmanWorkstation - ok
22:47:57.0328 0x0d7c lbrtfdc - ok
22:47:57.0390 0x0d7c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:47:57.0406 0x0d7c LmHosts - ok
22:47:57.0421 0x0d7c LMIInfo - ok
22:47:57.0468 0x0d7c [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
22:47:57.0484 0x0d7c lmimirr - ok
22:47:57.0500 0x0d7c LMIRfsClientNP - ok
22:47:57.0546 0x0d7c [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
22:47:57.0593 0x0d7c LMIRfsDriver - ok
22:47:57.0640 0x0d7c [ 38BFA8FA6D838CBAB58A1C2B49EBF96B, DC3DE8BD62BB9EA8DC35FB3F5623A8B06EC51DFC197278DBF19D773A9537B951 ] massfilter_hs C:\WINDOWS\system32\drivers\massfilter_hs.sys
22:47:57.0656 0x0d7c massfilter_hs - ok
22:47:57.0718 0x0d7c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:47:57.0734 0x0d7c Messenger - ok
22:47:57.0750 0x0d7c MFE_RR - ok
22:47:57.0796 0x0d7c [ A52ED33515755E825D090A47793B773F, 2DA037C9013260488282FC1DCD22BE746E2155182FA87264044C2FA3706AC914 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
22:47:57.0812 0x0d7c mmc_2K - ok
22:47:57.0843 0x0d7c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:47:57.0843 0x0d7c mnmdd - ok
22:47:57.0921 0x0d7c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:47:57.0937 0x0d7c mnmsrvc - ok
22:47:57.0984 0x0d7c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:47:58.0015 0x0d7c Modem - ok
22:47:58.0046 0x0d7c [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:47:58.0062 0x0d7c MODEMCSA - ok
22:47:58.0109 0x0d7c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:47:58.0125 0x0d7c Mouclass - ok
22:47:58.0171 0x0d7c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:47:58.0187 0x0d7c mouhid - ok
22:47:58.0234 0x0d7c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:47:58.0281 0x0d7c MountMgr - ok
22:47:58.0296 0x0d7c mraid35x - ok
22:47:58.0468 0x0d7c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:47:58.0609 0x0d7c MRxDAV - ok
22:47:59.0000 0x0d7c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:47:59.0359 0x0d7c MRxSmb - ok
22:47:59.0406 0x0d7c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:47:59.0406 0x0d7c MSDTC - ok
22:47:59.0453 0x0d7c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:47:59.0468 0x0d7c Msfs - ok
22:47:59.0484 0x0d7c MSIServer - ok
22:47:59.0546 0x0d7c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:47:59.0546 0x0d7c MSKSSRV - ok
22:47:59.0578 0x0d7c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:47:59.0578 0x0d7c MSPCLOCK - ok
22:47:59.0609 0x0d7c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:47:59.0609 0x0d7c MSPQM - ok
22:47:59.0656 0x0d7c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:47:59.0671 0x0d7c mssmbios - ok
22:47:59.0718 0x0d7c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:47:59.0734 0x0d7c MSTEE - ok
22:47:59.0781 0x0d7c [ 97AFFA9D95FFE20EEE6229BC6BE166CF, 6E13230AF96A3A5C518EFA21B9B1833E3DE9D6DA05A6E664E305EF18B162E1B9 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
22:47:59.0796 0x0d7c MTsensor - ok
22:47:59.0921 0x0d7c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:48:00.0015 0x0d7c Mup - ok
22:48:00.0078 0x0d7c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:48:00.0125 0x0d7c NABTSFEC - ok
22:48:00.0312 0x0d7c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:48:00.0468 0x0d7c napagent - ok
22:48:00.0656 0x0d7c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:48:00.0796 0x0d7c NDIS - ok
22:48:00.0843 0x0d7c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:48:00.0859 0x0d7c NdisIP - ok
22:48:00.0906 0x0d7c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:48:00.0921 0x0d7c NdisTapi - ok
cobolguy
2014-01-24, 00:59
Part 2
22:48:00.0953 0x0d7c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:48:00.0968 0x0d7c Ndisuio - ok
22:48:01.0046 0x0d7c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:48:01.0125 0x0d7c NdisWan - ok
22:48:01.0203 0x0d7c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:48:01.0281 0x0d7c NDProxy - ok
22:48:01.0328 0x0d7c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:48:01.0359 0x0d7c NetBIOS - ok
22:48:01.0500 0x0d7c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:48:01.0640 0x0d7c NetBT - ok
22:48:01.0750 0x0d7c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
22:48:01.0812 0x0d7c NetDDE - ok
22:48:01.0875 0x0d7c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:48:01.0890 0x0d7c NetDDEdsdm - ok
22:48:01.0937 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:48:01.0937 0x0d7c Netlogon - ok
22:48:02.0093 0x0d7c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
22:48:02.0250 0x0d7c Netman - ok
22:48:02.0375 0x0d7c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:48:02.0453 0x0d7c NetTcpPortSharing - ok
22:48:02.0671 0x0d7c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
22:48:02.0843 0x0d7c Nla - ok
22:48:02.0890 0x0d7c NMIndexingService - ok
22:48:02.0953 0x0d7c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:48:02.0968 0x0d7c Npfs - ok
22:48:03.0015 0x0d7c [ 53F7546E8DAEFB3A0813F5E19C4613C9, 3083129855BA0C9435D18A7D2693807F07751E2A3080D968D2777A6457CDFC59 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
22:48:03.0031 0x0d7c NSNDIS5 - ok
22:48:03.0500 0x0d7c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:48:03.0937 0x0d7c Ntfs - ok
22:48:03.0984 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:48:03.0984 0x0d7c NtLmSsp - ok
22:48:04.0296 0x0d7c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:48:04.0531 0x0d7c NtmsSvc - ok
22:48:04.0578 0x0d7c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
22:48:04.0578 0x0d7c Null - ok
22:48:04.0625 0x0d7c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:48:04.0625 0x0d7c NwlnkFlt - ok
22:48:04.0671 0x0d7c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:48:04.0687 0x0d7c NwlnkFwd - ok
22:48:04.0703 0x0d7c OracleDBConsolesean01 - ok
22:48:04.0718 0x0d7c OracleOraDb10g_home1TNSListener - ok
22:48:04.0859 0x0d7c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:48:04.0937 0x0d7c ose - ok
22:48:05.0031 0x0d7c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:48:05.0078 0x0d7c Parport - ok
22:48:05.0125 0x0d7c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:48:05.0140 0x0d7c PartMgr - ok
22:48:05.0187 0x0d7c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:48:05.0203 0x0d7c ParVdm - ok
22:48:05.0328 0x0d7c [ 39B9DCD7040654C2E57D7396736C718E, 70A637A955A2611E5ADA31FDD4B1D7EEECFBC22504A770DA71B502E160AEDAFD ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
22:48:05.0359 0x0d7c PassThru Service - ok
22:48:05.0421 0x0d7c [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:48:05.0437 0x0d7c pccsmcfd - ok
22:48:05.0500 0x0d7c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:48:05.0546 0x0d7c PCI - ok
22:48:05.0562 0x0d7c PCIDump - ok
22:48:05.0593 0x0d7c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:48:05.0593 0x0d7c PCIIde - ok
22:48:05.0703 0x0d7c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:48:05.0781 0x0d7c Pcmcia - ok
22:48:05.0781 0x0d7c PDCOMP - ok
22:48:05.0796 0x0d7c PDFRAME - ok
22:48:05.0812 0x0d7c PDRELI - ok
22:48:05.0828 0x0d7c PDRFRAME - ok
22:48:05.0859 0x0d7c perc2 - ok
22:48:05.0875 0x0d7c perc2hib - ok
22:48:06.0031 0x0d7c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
22:48:06.0031 0x0d7c PlugPlay - ok
22:48:06.0062 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:48:06.0062 0x0d7c PolicyAgent - ok
22:48:06.0125 0x0d7c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:48:06.0156 0x0d7c PptpMiniport - ok
22:48:06.0187 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:48:06.0187 0x0d7c ProtectedStorage - ok
22:48:06.0250 0x0d7c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:48:06.0312 0x0d7c PSched - ok
22:48:06.0390 0x0d7c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:48:06.0406 0x0d7c Ptilink - ok
22:48:06.0515 0x0d7c [ 62D29677F6A7F018C5D49119CEA67DE5, 90D9FE73511EEC27CD6E6EB73E96538C62BA375AEB73AB67C623E71FD2FB07EA ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
22:48:06.0609 0x0d7c pwd_2k - ok
22:48:06.0671 0x0d7c [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1, 3AC8A3AD4DD23B57B1CF12CD692003B4C8F76358F26246C565DDADDD88B1D39A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:48:06.0687 0x0d7c PxHelp20 - ok
22:48:06.0687 0x0d7c ql1080 - ok
22:48:06.0703 0x0d7c Ql10wnt - ok
22:48:06.0718 0x0d7c ql12160 - ok
22:48:06.0734 0x0d7c ql1240 - ok
22:48:06.0750 0x0d7c ql1280 - ok
22:48:06.0765 0x0d7c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:48:06.0781 0x0d7c RasAcd - ok
22:48:06.0843 0x0d7c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:48:06.0890 0x0d7c RasAuto - ok
22:48:06.0953 0x0d7c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:48:07.0000 0x0d7c Rasl2tp - ok
22:48:07.0171 0x0d7c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:48:07.0312 0x0d7c RasMan - ok
22:48:07.0359 0x0d7c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:48:07.0390 0x0d7c RasPppoe - ok
22:48:07.0421 0x0d7c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:48:07.0437 0x0d7c Raspti - ok
22:48:07.0593 0x0d7c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:48:07.0718 0x0d7c Rdbss - ok
22:48:07.0734 0x0d7c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:48:07.0734 0x0d7c RDPCDD - ok
22:48:07.0906 0x0d7c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:48:08.0046 0x0d7c rdpdr - ok
22:48:08.0203 0x0d7c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:48:08.0312 0x0d7c RDPWD - ok
22:48:08.0468 0x0d7c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:48:08.0531 0x0d7c RDSessMgr - ok
22:48:08.0593 0x0d7c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:48:08.0640 0x0d7c redbook - ok
22:48:08.0718 0x0d7c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:48:08.0750 0x0d7c RemoteAccess - ok
22:48:08.0843 0x0d7c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:48:08.0890 0x0d7c RemoteRegistry - ok
22:48:08.0953 0x0d7c [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:48:08.0984 0x0d7c RFCOMM - ok
22:48:09.0031 0x0d7c [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
22:48:09.0046 0x0d7c ROOTMODEM - ok
22:48:09.0125 0x0d7c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:48:09.0140 0x0d7c RpcLocator - ok
22:48:09.0500 0x0d7c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:48:09.0500 0x0d7c RpcSs - ok
22:48:09.0640 0x0d7c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:48:09.0703 0x0d7c RSVP - ok
22:48:09.0734 0x0d7c [ DAAF657C0B5BD0595669496857040F75, 4C8910D1CAB5FFAD404FCD1A481094B68AEF338E2625F6B47D9F94F2EBCAFD7E ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS
22:48:09.0765 0x0d7c RTSTOR - ok
22:48:09.0781 0x0d7c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
22:48:09.0781 0x0d7c SamSs - ok
22:48:09.0906 0x0d7c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:48:09.0937 0x0d7c SCardSvr - ok
22:48:10.0125 0x0d7c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:48:10.0265 0x0d7c Schedule - ok
22:48:10.0343 0x0d7c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:48:10.0359 0x0d7c Secdrv - ok
22:48:10.0437 0x0d7c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:48:10.0453 0x0d7c seclogon - ok
22:48:10.0562 0x0d7c [ E5B56569A9F79B70314FEDE6C953641E, 41B088CD3AE5A342D44F2FDCB63975E15D79155F56DFC75631663D9C31D98634 ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
22:48:10.0578 0x0d7c seehcri - ok
22:48:10.0640 0x0d7c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
22:48:10.0671 0x0d7c SENS - ok
22:48:10.0750 0x0d7c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:48:10.0796 0x0d7c Serial - ok
22:48:10.0875 0x0d7c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:48:10.0875 0x0d7c Sfloppy - ok
22:48:11.0093 0x0d7c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:48:11.0265 0x0d7c SharedAccess - ok
22:48:11.0453 0x0d7c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:48:11.0453 0x0d7c ShellHWDetection - ok
22:48:11.0468 0x0d7c Simbad - ok
22:48:11.0671 0x0d7c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:48:11.0796 0x0d7c SkypeUpdate - ok
22:48:11.0843 0x0d7c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:48:11.0859 0x0d7c SLIP - ok
22:48:11.0875 0x0d7c smserial - ok
22:48:11.0984 0x0d7c [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
22:48:11.0984 0x0d7c SMTPSVC - ok
22:48:19.0812 0x0d7c [ 11BB0E11D42CC3A43D741D9B30839BE1, FDC35289D966A7CB318C5BD646148E1E2BCC0AB9F9FD4243C82FC567D72DDAE9 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys
22:48:27.0906 0x0d7c SNPSTD3 - ok
22:48:28.0015 0x0d7c [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:48:28.0031 0x0d7c SONYPVU1 - ok
22:48:28.0031 0x0d7c Sparrow - ok
22:48:28.0078 0x0d7c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:48:28.0078 0x0d7c splitter - ok
22:48:28.0171 0x0d7c [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:48:28.0171 0x0d7c Spooler - ok
22:48:28.0375 0x0d7c [ 539D0391B680E6FDF5D9004F42902B1B, 861AFB558164CCFA1D7803799CEE1768D85ADD7EE7FF6657CB3CAD81E0A5009E ] sprtsvc_O2 C:\Program Files\O2\bin\sprtsvc.exe
22:48:28.0484 0x0d7c sprtsvc_O2 - ok
22:48:29.0046 0x0d7c [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
22:48:29.0046 0x0d7c Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
22:48:29.0046 0x0d7c sptd - detected LockedFile.Multi.Generic ( 1 )
22:48:31.0484 0x0d7c Detect skipped due to KSN trusted
22:48:31.0484 0x0d7c sptd - ok
22:48:31.0562 0x0d7c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:48:31.0625 0x0d7c sr - ok
22:48:31.0796 0x0d7c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
22:48:31.0937 0x0d7c srservice - ok
22:48:32.0296 0x0d7c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:48:32.0562 0x0d7c Srv - ok
22:48:32.0640 0x0d7c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:48:32.0703 0x0d7c SSDPSRV - ok
22:48:32.0781 0x0d7c [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:48:32.0796 0x0d7c ssmdrv - ok
22:48:33.0062 0x0d7c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:48:33.0312 0x0d7c stisvc - ok
22:48:33.0343 0x0d7c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:48:33.0359 0x0d7c streamip - ok
22:48:33.0734 0x0d7c [ 882FC174AC21C536E41351AFF58A7D7D, E33ABEA6FE61C33FD8996A52730BD2F69F38FDD044DEC323B703F704F884C693 ] SupportSoft RemoteAssist C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
22:48:33.0968 0x0d7c SupportSoft RemoteAssist - ok
22:48:34.0000 0x0d7c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:48:34.0015 0x0d7c swenum - ok
22:48:34.0109 0x0d7c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:48:34.0140 0x0d7c swmidi - ok
22:48:34.0156 0x0d7c SwPrv - ok
22:48:34.0187 0x0d7c symc810 - ok
22:48:34.0203 0x0d7c symc8xx - ok
22:48:34.0218 0x0d7c sym_hi - ok
22:48:34.0218 0x0d7c sym_u3 - ok
22:48:34.0406 0x0d7c [ 69BF2DD9B1099D1AA3E7CF14B4B842CD, 0743585BF25131EA6373103EEA086CCAE28ACC92AB918240EE23E37A956CDE0B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:48:34.0546 0x0d7c SynTP - ok
22:48:34.0625 0x0d7c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:48:34.0687 0x0d7c sysaudio - ok
22:48:34.0796 0x0d7c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:48:34.0828 0x0d7c SysmonLog - ok
22:48:35.0046 0x0d7c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:48:35.0250 0x0d7c TapiSrv - ok
22:48:35.0546 0x0d7c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:48:35.0828 0x0d7c Tcpip - ok
22:48:35.0875 0x0d7c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:48:35.0875 0x0d7c TDPIPE - ok
22:48:35.0921 0x0d7c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:48:35.0937 0x0d7c TDTCP - ok
22:48:36.0000 0x0d7c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:48:36.0031 0x0d7c TermDD - ok
22:48:36.0265 0x0d7c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
22:48:36.0484 0x0d7c TermService - ok
22:48:36.0609 0x0d7c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
22:48:36.0625 0x0d7c Themes - ok
22:48:36.0718 0x0d7c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:48:36.0734 0x0d7c TlntSvr - ok
22:48:36.0734 0x0d7c TosIde - ok
22:48:36.0828 0x0d7c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:48:36.0875 0x0d7c TrkWks - ok
22:48:37.0046 0x0d7c [ FD0B16F8828F360390135031D8924CCD, 3227657763FC150ED086C7CD222B9712A8AB78ADABCCE2B5E47509EABE826224 ] UDFReadr C:\WINDOWS\system32\drivers\UDFReadr.sys
22:48:37.0203 0x0d7c UDFReadr - ok
22:48:37.0265 0x0d7c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:48:37.0312 0x0d7c Udfs - ok
22:48:37.0328 0x0d7c ultra - ok
22:48:37.0687 0x0d7c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:48:37.0968 0x0d7c Update - ok
22:48:38.0109 0x0d7c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
22:48:38.0218 0x0d7c upnphost - ok
22:48:38.0234 0x0d7c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
22:48:38.0250 0x0d7c UPS - ok
22:48:38.0265 0x0d7c USBAAPL - ok
22:48:38.0328 0x0d7c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:48:38.0359 0x0d7c usbccgp - ok
22:48:38.0421 0x0d7c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:48:38.0437 0x0d7c usbehci - ok
22:48:38.0515 0x0d7c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:48:38.0562 0x0d7c usbhub - ok
22:48:38.0609 0x0d7c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:48:38.0625 0x0d7c usbohci - ok
22:48:38.0671 0x0d7c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:48:38.0703 0x0d7c usbprint - ok
22:48:38.0765 0x0d7c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:48:38.0765 0x0d7c usbscan - ok
22:48:38.0828 0x0d7c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:48:38.0843 0x0d7c usbstor - ok
22:48:38.0921 0x0d7c [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
22:48:38.0937 0x0d7c VClone - ok
22:48:38.0984 0x0d7c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:48:39.0000 0x0d7c VgaSave - ok
22:48:39.0000 0x0d7c ViaIde - ok
22:48:39.0062 0x0d7c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:48:39.0109 0x0d7c VolSnap - ok
22:48:39.0375 0x0d7c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
22:48:39.0546 0x0d7c VSS - ok
22:48:39.0703 0x0d7c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
22:48:39.0828 0x0d7c W32Time - ok
22:48:39.0875 0x0d7c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:48:39.0906 0x0d7c Wanarp - ok
22:48:40.0312 0x0d7c [ 4769596D7CC0F5FA447D2BABC239672A, 1E889FE9FDA0A23F07FD8BAE11204D739033F6795CE7F23FE3EF66A0B76958C8 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:48:40.0671 0x0d7c Wdf01000 - ok
22:48:40.0687 0x0d7c WDICA - ok
22:48:40.0781 0x0d7c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:48:40.0843 0x0d7c wdmaud - ok
22:48:40.0937 0x0d7c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
22:48:41.0000 0x0d7c WebClient - ok
22:48:41.0218 0x0d7c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:48:41.0328 0x0d7c winmgmt - ok
22:48:41.0421 0x0d7c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:48:41.0437 0x0d7c WmdmPmSN - ok
22:48:41.0937 0x0d7c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:48:42.0437 0x0d7c Wmi - ok
22:48:42.0562 0x0d7c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:48:42.0609 0x0d7c WmiApSrv - ok
22:48:43.0343 0x0d7c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:48:44.0046 0x0d7c WMPNetworkSvc - ok
22:48:44.0687 0x0d7c [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:48:45.0171 0x0d7c WPFFontCache_v0400 - ok
22:48:45.0234 0x0d7c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:48:45.0234 0x0d7c WS2IFSL - ok
22:48:45.0359 0x0d7c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:48:45.0421 0x0d7c wscsvc - ok
22:48:45.0515 0x0d7c [ 8FEDE6CF2EB103EF1274CE2C9D8EE0E7, 37EF2DBDC357115D9DF0B97982F6A084E36A3FBD3243192AC949C9D90EDA4911 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
22:48:45.0546 0x0d7c WSIMD - ok
22:48:45.0593 0x0d7c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:48:45.0609 0x0d7c WSTCODEC - ok
22:48:45.0640 0x0d7c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:48:45.0656 0x0d7c wuauserv - ok
22:48:45.0765 0x0d7c [ EAA6324F51214D2F6718977EC9CE0DEF, B9DE1521395E09233FE519873702979C3EAF65FEC4B94B12A46CECB16C488543 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:48:45.0843 0x0d7c WudfPf - ok
22:48:45.0953 0x0d7c [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:48:46.0015 0x0d7c WudfRd - ok
22:48:46.0093 0x0d7c [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:48:46.0156 0x0d7c WudfSvc - ok
22:48:46.0578 0x0d7c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:48:46.0953 0x0d7c WZCSVC - ok
22:48:47.0078 0x0d7c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:48:47.0140 0x0d7c xmlprov - ok
22:48:47.0250 0x0d7c [ FF737AF88F2198DC63A3BEDF21F3C657, D3EFDDB2C61C41DF9B1601597A04EF67AE8AE878F433271A7AE64D3E1EDC36E6 ] zgwhsdiag C:\WINDOWS\system32\DRIVERS\zgwhsdiag.sys
22:48:47.0296 0x0d7c zgwhsdiag - ok
22:48:47.0375 0x0d7c [ FF737AF88F2198DC63A3BEDF21F3C657, D3EFDDB2C61C41DF9B1601597A04EF67AE8AE878F433271A7AE64D3E1EDC36E6 ] zgwhsmdm C:\WINDOWS\system32\DRIVERS\zgwhsmdm.sys
22:48:47.0437 0x0d7c zgwhsmdm - ok
22:48:47.0578 0x0d7c [ FF737AF88F2198DC63A3BEDF21F3C657, D3EFDDB2C61C41DF9B1601597A04EF67AE8AE878F433271A7AE64D3E1EDC36E6 ] zgwhsnmea C:\WINDOWS\system32\DRIVERS\zgwhsnmea.sys
22:48:47.0640 0x0d7c zgwhsnmea - ok
22:48:47.0687 0x0d7c ================ Scan global ===============================
22:48:47.0765 0x0d7c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
22:48:48.0062 0x0d7c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:48:48.0484 0x0d7c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:48:48.0593 0x0d7c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
22:48:48.0593 0x0d7c [ Global ] - ok
22:48:48.0593 0x0d7c ================ Scan MBR ==================================
22:48:48.0640 0x0d7c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:48:49.0437 0x0d7c \Device\Harddisk0\DR0 - ok
22:48:49.0437 0x0d7c ================ Scan VBR ==================================
22:48:49.0453 0x0d7c [ 697FF5EE4E5E4BD427DFF7413B37C9E4 ] \Device\Harddisk0\DR0\Partition1
22:48:49.0468 0x0d7c \Device\Harddisk0\DR0\Partition1 - ok
22:48:49.0484 0x0d7c [ 00F92B32E384127104E9D3B7C0ABBDB7 ] \Device\Harddisk0\DR0\Partition2
22:48:49.0484 0x0d7c \Device\Harddisk0\DR0\Partition2 - ok
22:48:49.0484 0x0d7c Waiting for KSN requests completion. In queue: 66
22:48:50.0484 0x0d7c Waiting for KSN requests completion. In queue: 66
22:48:51.0484 0x0d7c Waiting for KSN requests completion. In queue: 66
22:48:52.0890 0x0d7c AV detected via SS1: Avira Desktop, 14.0.1.519, enabled, updated
22:48:52.0921 0x0d7c FW detected via SS1: ZoneAlarm Firewall, 9.2.106.000, disabled
22:48:52.0921 0x0d7c Win FW state via NFM: disabled
22:48:55.0343 0x0d7c ============================================================
22:48:55.0343 0x0d7c Scan finished
22:48:55.0343 0x0d7c ============================================================
22:48:55.0359 0x0530 Detected object count: 0
22:48:55.0359 0x0530 Actual detected object count: 0
22:49:34.0281 0x05b8 Deinitialize success
TDSSkiller is a tool we use to remove Rootkits, this type of infection hides and it not picked up by most scanners but this tool will pick it up if one is installed and there is not, so we can rule that out as slowing down your computer.
I was looking at the report from Combofix, it showed a lot of startup entries, if this is the problem than I can refer you to a windows forum to help you sort them out.
Your saying that you uninstalled Firefox ?
Lets do a fews things
This is just a cleaner that will clean out all your temp files and other not needed garbage
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Do this when you have time, it depends on your system, I have seen this run for some users for an hour or so and some many more hours than that, theres no way of telling how long it will take, the important thing is to not have it remove anything, just post the log
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
cobolguy
2014-01-25, 11:29
Morning Ken
Had to uninstall my avira virus check software. Could not get the services to stop.
Here are the contents of the log file.
C:\Qoobox\Quarantine\C\Documents and Settings\sean\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\rsopprov.exe.vir a variant of Win32/Kryptik.BTLV trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP280\A0285422.exe a variant of Win32/Kryptik.BSNE trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP283\A0292243.exe a variant of Win32/Kryptik.BSSH trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP286\A0294430.exe a variant of Win32/Kryptik.BTCC trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP286\A0294435.exe a variant of Win32/Kryptik.BTCC trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP286\A0294442.exe a variant of Win32/Kryptik.BTCC trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP288\A0297428.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP288\A0297465.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP289\A0297480.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP289\A0297503.exe a variant of Win32/Kryptik.BTKO trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP289\A0297512.exe Win32/Caphaw.I trojan
C:\System Volume Information\_restore{E422C504-DD0C-4351-82F3-8689D2C7CE65}\RP291\A0298700.exe a variant of Win32/Kryptik.BTLV trojan
Cheers
Sean
Good Morning Sean,
The one file in Qoobox will be removed when we uninstall Combofix , the rest are in a System Restore Point
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
cobolguy
2014-01-25, 13:01
hi Ken
Just to check, running ESET, I ran it in scan mode so did not delete the entries it found. This was correct ??????
Here is log file. I'll run scan now and post it when it finishes
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\sean\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Error creating restore point.
[EMPTYJAVA]
User: Administrator
User: All Users
User: Config.Msi
User: Default User
User: LocalService
User: NetworkService
User: sandra
->Java cache emptied: 0 bytes
User: sean
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Config.Msi
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: sean
->Temp folder emptied: 21555571 bytes
->Temporary Internet Files folder emptied: 18595223 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 316130882 bytes
Total Files Cleaned = 340.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01252014_103623
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF1F2F.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF4974.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF4B71.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF706.tmp not found!
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\QN73WVP8\showthread[1].php moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\O53L3ND1\search[4].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Yes, but it looks like OTL may not have deleted old restore points so if those entries show up on the new ESET scan go ahead and remove them
cobolguy
2014-01-25, 13:23
Hi Ken
New scan results below. BTW response still very poor on the laptop :(
OTL logfile created on: 25/01/2014 11:02:09 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.94 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 70.47% Memory free
3.10 Gb Paging File | 2.72 Gb Available in Paging File | 87.90% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 33.05 Gb Free Space | 36.96% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.22% Space Free | Partition Type: FAT32
Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Wireless Console 2\wcourier.exe ()
========== Services (SafeList) ==========
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR File not found
SRV - (OracleDBConsolesean01) -- C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (JoinMEUI Assistant Service) -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe ()
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MFE_RR) -- C:\DOCUME~1\sean\LOCALS~1\Temp\mfe_rr.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (axlnvvj6) -- File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (zgwhsnmea) -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys (ZTE Incorporated)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (C2SCSI) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2D63A974-1DA7-4317-98CC-6D625065FF50}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{4B16DFDC-D52F-41E7-B434-2CB3ADD87762}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: canitbecheaper@trafficbroker.co.uk:3.7.12
FF - prefs.js..extensions.enabledAddons: {C99D6302-E652-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.15
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C99D6302-E652-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\sean\Local Settings\Application Data\{C99D6302-E652-11E1-8270-B8AC6F996F26}\
[2008/06/22 06:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Extensions
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions
[2010/09/25 07:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/23 22:48:57 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/07/30 10:12:29 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\flashkiller@joli.clic
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged
[2013/12/20 00:10:22 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\yahoo.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Google Docs = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/01/23 18:33:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab (GreasyPalmInstallHelper Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350936625281 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350936606734 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam1.ttu.ee/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisbury.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.22.201.135/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/24 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/01/24 21:08:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/24 21:08:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 22:44:54 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sean\Desktop\TDSSKiller.exe
[2014/01/23 18:40:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/22 21:49:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/22 18:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Napster
[2014/01/21 18:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/21 07:30:52 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 07:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\PCHealth
[2014/01/20 20:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/20 19:14:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/20 19:12:52 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2014/01/20 19:12:05 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/20 19:12:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/20 17:56:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 22:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 22:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/15 20:01:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/15 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/01/12 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\Spotify
[2014/01/09 07:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/06 23:31:38 | 000,000,000 | ---D | C] -- C:\dansMemoryStick
[2014/01/06 19:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\My Documents\Probate
[2014/01/05 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014/01/03 22:07:07 | 000,000,000 | ---D | C] -- C:\mumphoto
[2014/01/03 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\mumphoto
[2013/12/27 11:04:38 | 000,000,000 | ---D | C] -- C:\Films
[2008/11/10 17:10:00 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
========== Files - Modified Within 30 Days ==========
[2014/01/25 10:56:37 | 000,912,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/25 10:56:37 | 000,303,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 10:52:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/25 10:52:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/25 10:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/25 10:50:03 | 2079,576,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 09:43:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/24 21:45:52 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2014/01/24 21:30:53 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\O2 wireless box II - Home.url
[2014/01/24 21:08:39 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 18:33:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/23 17:42:42 | 005,175,240 | R--- | M] (Swearware) -- C:\Documents and Settings\sean\Desktop\ComboFix.exe
[2014/01/22 18:43:51 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/21 07:31:06 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 06:59:06 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/21 00:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 17:56:51 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 20:01:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/15 18:55:39 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140121-230115.backup
[2014/01/13 22:26:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/12 23:31:03 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\Google Chrome.lnk
[2014/01/06 22:46:53 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/03 21:20:30 | 000,140,736 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/03 21:15:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/02 19:01:02 | 004,819,207 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
========== Files Created - No Company Name ==========
[2014/01/22 18:43:51 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/22 18:31:34 | 2079,576,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 17:56:36 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:25:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:25:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/15 20:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/03 21:20:29 | 000,140,736 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/02 19:00:47 | 004,819,207 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[2013/12/20 21:11:04 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/20 21:05:02 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/09/16 00:08:49 | 000,258,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/15 23:39:33 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\sean\Application Data\Sys2662.Config.Repository.bin
[2013/05/31 22:43:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 21:43:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/20 21:43:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/20 21:43:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/20 21:43:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/20 21:43:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/22 20:21:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/14 00:31:20 | 004,469,910 | -H-- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\IconCache_sav.db
[2012/03/12 19:20:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\aopr.ini
========== ZeroAccess Check ==========
[2007/12/20 18:51:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 05:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/01/24 22:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF98000CC57F180B39EA7B07D287
[2013/04/04 21:49:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 12:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/02 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/05 22:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/08 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/05/13 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/07/14 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/22 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/01/03 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 22:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/07 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/04 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/03 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/14 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2013/05/10 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/05/31 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2013/06/24 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\AVG2013
[2012/04/19 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\HTC
[2008/10/21 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\PC Suite
[2010/04/15 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\Trusteer
[2010/01/02 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\DAEMON Tools Lite
[2014/01/11 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Dropbox
[2009/02/15 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FreeCall
[2012/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC
[2012/03/31 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008/05/24 22:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ieSpell
[2008/10/31 23:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\OfficeUpdate12
[2009/02/28 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\PC Suite
[2014/01/12 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Spotify
[2010/03/06 08:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Trusteer
[2011/06/10 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\WinBatch
[2008/08/24 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Xilisoft Corporation
========== Purity Check ==========
< End of report >
You have an infected host file back up
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
[2014/01/15 18:55:39 | 000,449,863 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140121-230115.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
cobolguy
2014-01-25, 16:54
Hi Ken
Just running eset again at the mo to delete any virus signatures found.
The hosts file, spybot updated this file with the current entries (all pointing back to 127.0.0.1) You still want me to run the script you provided ?
Sean
Yes, we need to get rid of that bad hosts file back up.
When where done you can use Spybots host file feature that will protect it
cobolguy
2014-01-25, 21:11
hi Ken
Log file as requested. Will post scan log file when process completed.
All processes killed
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20140121-230115.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\sean\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: Administrator
User: All Users
User: Config.Msi
User: Default User
User: LocalService
User: NetworkService
User: sandra
->Java cache emptied: 0 bytes
User: sean
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Config.Msi
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: sean
->Temp folder emptied: 115712 bytes
->Temporary Internet Files folder emptied: 5225103 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 269312 bytes
Total Files Cleaned = 5.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01252014_185642
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DF9ED6.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DFA20F.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DFC8DC.tmp not found!
File\Folder C:\Documents and Settings\sean\Local Settings\Temp\~DFCE42.tmp not found!
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\PVLSCPON\online-scanner[1].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\4O8C11JL\search[2].htm moved successfully.
C:\Documents and Settings\sean\Local Settings\Temporary Internet Files\Content.IE5\4O8C11JL\showthread[2].php moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
cobolguy
2014-01-25, 21:26
Hi Ken
Scan results
OTL logfile created on: 25/01/2014 19:12:39 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.94 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 70.47% Memory free
3.10 Gb Paging File | 2.72 Gb Available in Paging File | 87.88% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.43 Gb Total Space | 36.70 Gb Free Space | 41.04% Space Free | Partition Type: NTFS
Drive D: | 55.69 Gb Total Space | 54.69 Gb Free Space | 98.22% Space Free | Partition Type: FAT32
Computer Name: LAPTOP02 | User Name: sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Wireless Console 2\wcourier.exe ()
========== Services (SafeList) ==========
SRV - (OracleOraDb10g_home1TNSListener) -- C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR File not found
SRV - (OracleDBConsolesean01) -- C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (JoinMEUI Assistant Service) -- C:\Program Files\PC Suite\JoinMEAssistantServices.exe ()
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MFE_RR) -- C:\DOCUME~1\sean\LOCALS~1\Temp\mfe_rr.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (aakuzacl) -- File not found
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (zgwhsnmea) -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys (ZTE Incorporated)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (C2SCSI) -- C:\WINDOWS\System32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{2D63A974-1DA7-4317-98CC-6D625065FF50}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\SearchScopes\{4B16DFDC-D52F-41E7-B434-2CB3ADD87762}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6
FF - prefs.js..extensions.enabledAddons: canitbecheaper@trafficbroker.co.uk:3.7.12
FF - prefs.js..extensions.enabledAddons: {C99D6302-E652-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.15
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: flashkiller@joli.clic:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/05 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C99D6302-E652-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\sean\Local Settings\Application Data\{C99D6302-E652-11E1-8270-B8AC6F996F26}\
[2008/06/22 06:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Extensions
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions
[2010/09/25 07:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/23 22:48:57 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/07/30 10:12:29 | 000,000,000 | ---D | M] (Flash Killer) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\flashkiller@joli.clic
[2014/01/22 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\extensions\staged
[2013/12/20 00:10:22 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\sean\Application Data\Mozilla\Firefox\Profiles\1eyl4brm.default\searchplugins\yahoo.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Google Docs = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\sean\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/01/25 18:56:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-4204088417-295494685-3788373613-1005\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} http://cam.thesandbar.com/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab (GreasyPalmInstallHelper Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350936625281 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350936606734 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam1.ttu.ee/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisbury.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.22.201.135/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97A08D4-B39E-4E5F-A1D4-622F067B28E0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 18:37:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/24 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/01/24 21:08:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/24 21:08:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 22:44:54 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sean\Desktop\TDSSKiller.exe
[2014/01/23 18:40:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/01/22 21:49:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/22 18:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Napster
[2014/01/21 18:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/21 07:30:52 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 07:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\PCHealth
[2014/01/20 20:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/01/20 19:14:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/20 19:12:52 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2014/01/20 19:12:05 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2014/01/20 19:12:05 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2014/01/20 17:56:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 22:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/01/15 22:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/15 20:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/15 20:01:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/15 20:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/01/13 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/01/12 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\Local Settings\Application Data\Spotify
[2014/01/09 07:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/01/06 23:31:38 | 000,000,000 | ---D | C] -- C:\dansMemoryStick
[2014/01/06 19:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/06 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\My Documents\Probate
[2014/01/05 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014/01/03 22:07:07 | 000,000,000 | ---D | C] -- C:\mumphoto
[2014/01/03 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sean\mumphoto
[2013/12/27 11:04:38 | 000,000,000 | ---D | C] -- C:\Films
[2008/11/10 17:10:00 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
========== Files - Modified Within 30 Days ==========
[2014/01/25 19:08:59 | 000,914,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/25 19:08:57 | 000,304,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 19:03:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/25 19:03:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/25 19:02:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/25 19:02:07 | 2079,576,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 18:56:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/25 18:47:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/24 21:45:52 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2014/01/24 21:30:53 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\O2 wireless box II - Home.url
[2014/01/24 21:08:39 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\TFC.exe
[2014/01/23 17:42:42 | 005,175,240 | R--- | M] (Swearware) -- C:\Documents and Settings\sean\Desktop\ComboFix.exe
[2014/01/22 18:43:51 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/21 07:31:06 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\sean\Desktop\JRT.exe
[2014/01/21 06:59:06 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/21 00:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 17:56:51 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sean\Desktop\OTL.exe
[2014/01/15 20:01:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/12 23:31:03 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\sean\Desktop\Google Chrome.lnk
[2014/01/06 22:46:53 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2014/01/03 21:20:30 | 000,140,736 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/03 21:15:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/02 19:01:02 | 004,819,207 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | M] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
========== Files Created - No Company Name ==========
[2014/01/22 18:43:51 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2014/01/22 18:31:34 | 2079,576,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 17:56:36 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\AdwCleaner.exe
[2014/01/19 22:25:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/19 22:25:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4204088417-295494685-3788373613-1005.job
[2014/01/15 20:01:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/13 22:26:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\MBR.dat
[2014/01/13 20:57:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/13 20:57:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\NTREGOPT.lnk
[2014/01/13 20:57:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sean\Desktop\ERUNT.lnk
[2014/01/03 21:20:29 | 000,140,736 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\Caine.jpg
[2014/01/02 19:00:47 | 004,819,207 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\TenancyAgreement.pdf
[2013/12/28 00:29:15 | 000,271,410 | ---- | C] () -- C:\Documents and Settings\sean\My Documents\photo mum.JPG
[2013/12/20 21:11:04 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/20 21:05:02 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/09/16 00:08:49 | 000,258,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/15 23:39:33 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\sean\Application Data\Sys2662.Config.Repository.bin
[2013/05/31 22:43:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 21:43:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/20 21:43:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/20 21:43:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/20 21:43:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/20 21:43:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/22 20:21:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/14 00:31:20 | 004,469,910 | -H-- | C] () -- C:\Documents and Settings\sean\Local Settings\Application Data\IconCache_sav.db
[2012/03/12 19:20:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\aopr.ini
========== ZeroAccess Check ==========
[2007/12/20 18:51:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 05:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/01/24 22:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF98000CC57F180B39EA7B07D287
[2013/04/04 21:49:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 12:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/11/02 19:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/05 22:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/08 23:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/05/13 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/07/14 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/22 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/01/03 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 22:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/07 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/04 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/03 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/14 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2013/05/10 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/05/31 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2013/06/24 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\AVG2013
[2012/04/19 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\HTC
[2008/10/21 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\PC Suite
[2010/04/15 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sandra\Application Data\Trusteer
[2010/01/02 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\DAEMON Tools Lite
[2014/01/11 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Dropbox
[2009/02/15 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\FreeCall
[2012/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC
[2012/03/31 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2008/05/24 22:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\ieSpell
[2008/10/31 23:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\OfficeUpdate12
[2009/02/28 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\PC Suite
[2014/01/12 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Spotify
[2010/03/06 08:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Trusteer
[2011/06/10 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\WinBatch
[2008/08/24 07:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sean\Application Data\Xilisoft Corporation
========== Purity Check ==========
< End of report >
Out side of Firefox everything looks fine, are you sure you uninstalled it ?
Try this program to see if it can find and uninstall firefox as I still see bad entries related to it
http://www.revouninstaller.com/revo_uninstaller_free_download.html
cobolguy
2014-01-26, 11:19
Morning Ken.
Laptop stills run like a dog, takes ages to get windows booted up, then ages to get logged on. I'm going to uninstall some of the installed programs to see if that makes any difference.
Can you view archived posts (it was a few years ago) as I've had this issue before and with the help of this forum got rid of the issue. The last post I made to the thread provided what I did.
Firefox, can see it installed. What I will do is install it, remove it, scan with OTL and post the results OK ?
Sean
Sounds like a plan, use Revo Uninstaller to remove FF so it will take all the files folders and registry entries with it.
Do you remember the name of the helper that helped you a few years ago, so far all i am finding is this post and the one in the waiting room, did you use the same username that your using now cobolguy
I found archived threads , one from 10/08/12 by Blade81 and we have done about everything on this thread that was done then. Is this the same acer computer that was worked on a few years ago ?
Also found this but it wont work for you unless its the same computer, this was a few years ago also
Hi there.
Could not run task manager to see processes running. Could not find out why. Found a utility called processexplorer from internet that allowed me to manage the windows running processes. Seemed there was a power management process (Acer) running that was consuming 90+% cpu. Killed this and malwarebytes was able to run thru to completion. It found lots of stuff !!, cleaned this up and hey presto, laptop working ok.
Cheers
Go here and delete ERUNT from the startup folder, this could be bogging you down
C:\Documents and Settings\sean\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
Let me know if its the same computer , there are a few other things we can try
cobolguy
2014-01-26, 22:11
done the remove from start for erunt.
The archive was for an asus laptop, not aser.
researcing the internet it would seem that an excessive hardware interrups and DPC's seems to point to faulty driver :(
I've rebooted and executed both spybot and malwarebyes from startup using f8 and nothing was found.
Only other thing is to get a spare hard drive and rebuild the os onto it and copy data files.
Happy Sunday........
Sean
Sometimes hard drives get so bogged down that a good option is to back up all your files and do a format and reinstall of windows. If you need help with this please let me know
cobolguy
2014-01-27, 20:16
Hi ken. Well I think we have tried everything. I dont like being beaten but....... high hardware interrupts and dpc calls seem to indicate a corrupt driver. I just cant be bothered to track this suggested fault down. Unless you have any additional suggestions I think we should call it a day. Many thanks for your assistance over the period. Kind regards. Sean
Sean, before you give up try posting in this windows forum, you can tell them you posted here if you like .
First you will need to register, like safer its free, tell them your issues and see if they can help you sort it out
http://forums.whatthetech.com/index.php?showforum=119
Ken :)