PDA

View Full Version : Possible Virus Please Help



danib
2014-04-21, 18:27
Hello.

My dad's PC will no update or keep the correct time along with a host of other problems. At first I did not think the issue could be a virus so I set the PC back to factory settings, but nothing has changed as non of the security certificates for websites are correct/ accepted, windows update will still not work and the date and time just will not set.

Thank you, for your help.

Below is the DDS.log and the aswMBR log is underneath.

___________________________________________________________

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16575
Run by Alan at 15:40:01 on 2013-08-12
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.1322 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRunOnce: [PCDrProfiler] <no file>
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{BC8A0FF6-6E48-45C7-BD7D-7AAB53E677A3} : DHCPNameServer = 192.168.0.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-27 464384]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-27 1245064]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-27 180272]
.
=============== Created Last 30 ================
.
2013-08-12 14:07:20 -------- d-----w- c:\users\alan\appdata\local\ATI
2013-08-12 14:07:14 -------- d-----w- c:\users\alan\appdata\roaming\Symantec
2013-08-12 14:06:48 -------- d-----w- c:\users\alan\appdata\local\VirtualStore
2013-08-12 13:54:08 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 15:40:18.56 ===============

AND HERE IS THE aswMBR LOG

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-12 16:07:19
-----------------------------
16:07:19.095 OS Version: Windows 6.0.6000
16:07:19.095 Number of processors: 2 586 0x6B02
16:07:19.095 ComputerName: ALAN-PC UserName: Alan
16:07:19.657 Initialize success
16:07:42.854 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-12 16:11:43
-----------------------------
16:11:43.622 OS Version: Windows 6.0.6000
16:11:43.622 Number of processors: 2 586 0x6B02
16:11:43.637 ComputerName: ALAN-PC UserName: Alan
16:11:44.339 Initialize success
16:14:31.158 AVAST engine defs: 14042100
16:18:04.922 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
16:18:04.937 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
16:18:05.093 Disk 0 MBR read successfully
16:18:05.093 Disk 0 MBR scan
16:18:05.125 Disk 0 unknown MBR code
16:18:05.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 332744 MB offset 63
16:18:05.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10652 MB offset 681461235
16:18:05.203 Disk 0 scanning sectors +703277505
16:18:05.359 Disk 0 scanning C:\Windows\system32\drivers
16:18:16.294 Service scanning
16:18:43.318 Modules scanning
16:18:47.861 Disk 0 trace - called modules:
16:18:47.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys USBPORT.SYS usbehci.sys netr73.sys usbhub.sys dxgkrnl.sys atikmdag.sys tcpip.sys NETIO.SYS i8042prt.sys mouclass.sys watchdog.sys
16:18:47.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c22ad8]
16:18:47.891 3 ntkrnlpa.exe[81cb07ee] -> nt!IofCallDriver -> [0x8486d710]
16:18:47.891 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\00000057[0x83a82910]
16:18:47.892 7 netr73.sys[8bf24f60] -> nt!IofCallDriver -> \Device\USBPDO-2[0x864c7030]
16:18:47.892 9 usbhub.sys[8b2ffe61] -> nt!IofCallDriver -> \Device\USBPDO-1[0x85587028]
16:18:49.219 AVAST engine scan C:\Windows
16:18:51.052 AVAST engine scan C:\Windows\system32
16:21:58.324 AVAST engine scan C:\Windows\system32\drivers
16:22:15.188 AVAST engine scan C:\Users\Alan
16:22:25.936 File: C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe **INFECTED** Win32:Malware-gen
16:22:39.539 AVAST engine scan C:\ProgramData
16:23:31.347 Scan finished successfully
16:24:32.400 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Documents\MBR.dat"
16:24:32.415 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"

ken545
2014-04-21, 21:42
:snwelcome:

How old is your dads computer, if its more than 7 or 8 years or so the battery may need to be replaced


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
The Dashboard will look like this


http://i24.photobucket.com/albums/c30/ken545/MBAM_zps65e8300e.jpg
Once the program has loaded, go to the scan tab on top and select Threat Scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

ken545
2014-04-21, 21:46
Bump to remove double post

danib
2014-04-22, 15:53
Hi Ken 545,

Thank you, very much for your support.

Yes, the battery is easily 7-8 years old; so, I am going to purchase a new one today for him. I have also looked in the manual and on You Tube for replacement instructions and I think that I will be OK with trying it myself.

Below is the scan report as requested. I noticed that the earlier log that I posted appeared to detail a Java update in the temp folder that seemed to be infected, is that correct please as Malwarebytes appears to have found nothing malicious?

I shall await your next instructions.

Thanks again.

_________________________________


Scan Date: 12/08/2013
Scan Time: 21:09:52
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.22.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Alan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 215992
Time Elapsed: 8 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2014-04-22, 16:36
Hi,

Is this a laptop or desktop ? If its a desktop you can buy the battery at places like Walmart, its a Lithium 3v 2032, there very inexpensive, but check with your manufacture first. The battery has to be replaced very quickly as it powers the cmos chip that holds all your configuration and if not done quickly enough that info can be lost. We can look into this further when where done.

Run this cleaner that will clean out all your temp files

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean







Then run this scan and lets look deeper

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

danib
2014-04-23, 12:25
Hi Ken545,

I'm sorry about the short delay when getting back to you each time; as I don't live with my parents, I go back to their house to carry out your instructions when I see a new reply from you.

Please find OTL.txt and Extras.txt below. I bought a new battery yesterday, but I have not fitted it yet.

Thanks for your support.

________________________________________

OTL.txt

OTL logfile created on: 22/04/2014 17:36:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.94% Memory free
4.21 Gb Paging File | 3.18 Gb Available in Paging File | 75.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 324.95 Gb Total Space | 307.02 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
Drive D: | 10.40 Gb Total Space | 1.43 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alan\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7b84bef09adbf786f9192b2d4bb994e0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8e57048e9d3b3321c4ff3c66880067b9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9071776a98334df487823379e930be74\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\849d3457b222542b7a70d93fa77e79e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fa956ff1d8e1100005c9aab0a9a22410\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a75c5fe513acaff9954c7a83684f56f5\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b751482f4ae6ced79fe5d27b5c8ecb12\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2955.38824__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2955.38783__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2955.38836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2955.38998__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2955.38965__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2955.38815__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2955.38924__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2955.38802__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2955.39027__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2955.38973__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2955.39033__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2955.38978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2955.38796__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2955.39051__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2955.38972__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2955.39025__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2955.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2955.38848__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2955.38926__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2955.38803__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2955.38991__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2955.38919__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2955.38843__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2955.38947__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2955.38925__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2955.38853__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2955.38946__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2955.38958__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2886.28852__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2955.38790__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2955.38810__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2955.39018__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2955.38775__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2955.39017__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2955.39044__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2955.38773__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2955.38775__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2955.38775__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2955.38774__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2955.39018__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\System32\atitmmxx.dll ()


========== Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (nvrd32) -- C:\WINDOWS\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {24ED1F25-AEA4-4A4A-B914-32F266843651}
IE - HKLM\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKLM\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes,DefaultScope = {851A8443-B5A8-47F0-9639-C15E516C4C7B}
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{851A8443-B5A8-47F0-9639-C15E516C4C7B}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC8A0FF6-6E48-45C7-BD7D-7AAB53E677A3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 23:33:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/22 16:58:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2014/04/22 17:36:47 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/22 17:36:47 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/22 17:31:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 17:31:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 17:31:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/22 17:31:09 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/22 16:58:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/08/12 15:17:25 | 000,000,680 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/02/27 22:37:29 | 011,315,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006/11/02 10:46:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========

< End of report >
________________________________________


Extras.txt

OTL Extras logfile created on: 22/04/2014 17:36:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.94% Memory free
4.21 Gb Paging File | 3.18 Gb Available in Paging File | 75.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 324.95 Gb Total Space | 307.02 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
Drive D: | 10.40 Gb Total Space | 1.43 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B8BEAD96-3A3B-4455-A075-08633A8C7875}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01EF7E36-5E23-96E5-C195-CB45880AB805}" = CCC Help Czech
"{0238C5F4-A485-DE76-530F-F467AFACD7AC}" = Catalyst Control Center Localization Chinese Traditional
"{039DB2DA-151D-8AF8-1BC8-B7E7157180A0}" = CCC Help French
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D705D16-064C-BAA6-C4E1-067F9DC2A477}" = Catalyst Control Center Localization Hungarian
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11C97ACD-BD9C-027A-B490-67C5D6FCB14E}" = Catalyst Control Center Localization French
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{133A778F-13AD-A1B4-57DB-74D6DF2D0519}" = CCC Help Turkish
"{13EFD013-6DD3-F5F4-F357-A95AA12C8A70}" = Catalyst Control Center Localization Greek
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{23D6E5AB-18D1-A6A1-69D0-F8D717B22306}" = CCC Help Portuguese
"{240D1D4E-099E-8A4C-6A4C-241C60DB1863}" = CCC Help Dutch
"{24B62B98-A210-1AF0-10DE-630538BB150D}" = Catalyst Control Center Graphics Full New
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25D1518C-B7C1-53C6-10E1-C06B340302FC}" = CCC Help Chinese Standard
"{28FC4B8A-7FA5-B078-E25B-1D60BA1B135B}" = Catalyst Control Center Localization German
"{2A31318A-C9F8-482E-6860-F738D8A9A94B}" = CCC Help Korean
"{2ABD2125-CBBE-4E11-3573-D1F088BD2594}" = Catalyst Control Center Localization Italian
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{352EA20F-C3F5-A2C4-5A63-472AF1FD87B5}" = Catalyst Control Center Graphics Previews Common
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3D066F3A-48BA-E6BC-4C8A-0477FCE8DA87}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4B3C7239-11B9-F8F3-0303-897538F3CFC8}" = Catalyst Control Center Core Implementation
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{5587AD4E-2A66-C0A5-95C9-7D04683BEECB}" = Catalyst Control Center Localization Japanese
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5BD715FA-CAAF-D30D-2613-22776086B382}" = CCC Help Finnish
"{61F09589-4A31-B31D-2BE1-AC2A65583180}" = Catalyst Control Center Localization Dutch
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{671EEC45-A4AF-6E57-9808-F887CB1F5EE3}" = Catalyst Control Center Localization Swedish
"{6AC3C209-610A-0799-7A5A-486AB7B0D8E1}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734E5DD4-912F-A7CF-3945-ABDB768CEB34}" = Skins
"{737CABA8-7A6C-C777-B568-285DAD5E90BC}" = CCC Help Thai
"{73E82A61-DB85-A0A9-B09B-C480059F58EE}" = Catalyst Control Center Graphics Light
"{741F918D-A8F8-E6CD-8A6E-12BCC47F952D}" = Catalyst Control Center Localization Chinese Standard
"{82984E09-F0F7-60F2-8C6E-BCDB23FC0283}" = CCC Help Norwegian
"{8800D4DB-33F1-DF48-F5FA-3F8A8D46D5D9}" = Catalyst Control Center Localization Portuguese
"{899DA790-A271-6A1D-D7DC-573900BC4047}" = CCC Help German
"{8B8433F3-BE3D-E9A2-B878-91633AAE80E2}" = Catalyst Control Center Localization Norwegian
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9505717F-666B-9AAA-008B-96F2A1759ED6}" = CCC Help Spanish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A573E06-A63A-4054-DEBF-66116F066859}" = Catalyst Control Center Localization Korean
"{9BDEE2D8-B415-6678-C8D3-1DEACD134637}" = Catalyst Control Center Localization Polish
"{9C9E474F-075C-9414-2CB8-38FEDA33F70B}" = CCC Help Russian
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F00F0AC-AF1C-6242-0237-AA83B342C71D}" = CCC Help Polish
"{A2AC0DE5-73A5-61CC-13B6-3B4DD1B9963B}" = Catalyst Control Center Localization Thai
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB29189D-56E8-5B13-0036-6B233346B2A8}" = CCC Help Danish
"{AC491FE4-B6F9-01ED-F5B4-75F04266FD68}" = Catalyst Control Center Localization Danish
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B52DFE51-966A-3A2F-0CA3-6A86D18D1CA5}" = Catalyst Control Center Localization Turkish
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC75E2A0-6E73-5DBD-4B81-267EEFC93666}" = Catalyst Control Center Localization Finnish
"{BCA4A04F-2BF5-4A1A-01E2-C527D8CD0B35}" = ccc-utility
"{C138C612-345A-A1B6-7DED-CCE5ADC3FD53}" = Catalyst Control Center Localization Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C9A34BE5-FCA2-11B1-6A48-512FF58AA4BD}" = Catalyst Control Center Graphics Full Existing
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB267145-8ADA-C66E-2D61-5F989BFDA17A}" = CCC Help Japanese
"{CD9282E5-F3B4-1942-D56D-9DCACEEA7BF9}" = CCC Help English
"{CE7DC9FC-1E2C-394E-ACEE-1FFDE152A292}" = Catalyst Control Center Graphics Previews Vista
"{D1EFBDCB-3C0A-C01E-A56B-26AEF453896B}" = CCC Help Hungarian
"{DA42A12A-DA69-0D32-6254-7976F7AE268B}" = CCC Help Swedish
"{DC01D608-E195-569B-180A-3661D60D44FE}" = ATI Catalyst Install Manager
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E5C4FD04-A70C-E186-C30E-9AB08ACAD3B9}" = CCC Help Greek
"{F001C6A1-56EC-643F-2A91-164AA4EFECA3}" = CCC Help Italian
"{F01EA7D4-4851-B2C9-E08D-029AED1203D3}" = Catalyst Control Center Localization Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29D2233-EB8F-F36D-40FF-6B556729E3E1}" = CCC Help Chinese Traditional
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"ERUNT_is1" = ERUNT 1.1j
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"WildTangent hp Master Uninstall" = My HP Games

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/08/2013 15:58:33 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
Description =

Error - 12/08/2013 16:59:11 | Computer Name = Alan-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/08/2013 17:59:31 | Computer Name = Alan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/08/2013 17:59:55 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
Description =

Error - 12/08/2013 18:01:13 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
Description =

Error - 22/04/2014 12:31:19 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
Description =

Error - 22/04/2014 12:31:36 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
exception code 0xc0000005, fault offset 0x0003c345, process id 0xe00, application
start time 0x01cf5e48513d1263.

Error - 22/04/2014 12:31:57 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
exception code 0xc0000005, fault offset 0x0003c345, process id 0xbec, application
start time 0x01cf5e485e3819b3.

Error - 22/04/2014 12:32:16 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
exception code 0xc0000005, fault offset 0x0003c345, process id 0xb8c, application
start time 0x01cf5e4869d2cdb3.

Error - 22/04/2014 12:32:35 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
exception code 0xc0000005, fault offset 0x0003c345, process id 0xaa4, application
start time 0x01cf5e487550f133.

[ System Events ]
Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >

ken545
2014-04-23, 12:48
Not to worry, reply back when you can.

Check with your manufacturer and make sure you have the correct battery, is this a laptop or desktop ?

Did you run TFC (Temp File Cleaner )


-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.





http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

danib
2014-04-23, 13:20
Hi Ken545,

My apologies, yes, I did run TFC Cleaner and the PC is a desktop HP Pavillion Slimline.

I am now going to run the Adw cleaner and Junkware removal tool; I will let you know as soon as they are done.

Thanks again.

danib
2014-04-23, 14:10
Hi Ken545,

Please find the requested logs below:

Note AdwCleaner was titled AdwCleaner[S0].txt and NOT (S1) for some reason.

I checked the user manual for the PC and it appears that the battery should be a 2032, 3 volt Lithium; so, I purchased a Duracell 2032 3V Lithium.

Thanks again.
____________________________


AdwCleaner[S1].txt


# AdwCleaner v3.201 - Report created 22/04/2014 at 18:58:38
# Updated 22/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Alan - ALAN-PC
# Running from : C:\Users\Alan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16575


*************************

AdwCleaner[R0].txt - [664 octets] - [22/04/2014 18:56:12]
AdwCleaner[S0].txt - [588 octets] - [22/04/2014 18:58:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [647 octets] ##########

_____________________________________

AND JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Alan on 22/04/2014 at 19:11:34.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/04/2014 at 19:13:46.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545
2014-04-23, 14:50
:bigthumb:



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
IE - HKLM\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKLM\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

danib
2014-04-23, 15:54
Hi Ken545,

Please find the the OTL custom fix Log below and the OTL log in next post. Please note there was no Extras.txt produced.

Thanks.

_____________________________________

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ED1F25-AEA4-4A4A-B914-32F266843651}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}\ not found.
Registry key HKEY_USERS\S-1-5-21-507268109-3519426565-122146191-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ED1F25-AEA4-4A4A-B914-32F266843651}\ not found.
Registry key HKEY_USERS\S-1-5-21-507268109-3519426565-122146191-1000\Software\Microsoft\Internet Explorer\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Alan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Alan

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Alan
->Temp folder emptied: 2284799 bytes
->Temporary Internet Files folder emptied: 37404636 bytes
->Flash cache emptied: 458 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49649 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04232014_125723

Files\Folders moved on Reboot...
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

danib
2014-04-23, 15:56
___________________________________


OTL.txt HAS BEEN SPLIT INTO TWO POSTS DUE TO LENGTH

OTL logfile created on: 23/04/2014 13:45:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.73% Memory free
4.22 Gb Paging File | 3.28 Gb Available in Paging File | 77.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 324.95 Gb Total Space | 299.06 Gb Free Space | 92.03% Space Free | Partition Type: NTFS
Drive D: | 10.40 Gb Total Space | 1.43 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Alan\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2955.38824__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2955.38783__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2955.38836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2955.38998__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2955.38965__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2955.38815__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2955.38924__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2955.38802__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2955.39027__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2955.38973__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2955.39033__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2955.38978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2955.38796__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2955.39051__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2955.38972__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2955.39025__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2955.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2955.38848__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2955.38926__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2955.38803__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2955.38991__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2955.38919__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2955.38843__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2955.38947__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2955.38925__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2955.38853__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2955.38946__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2955.38958__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2886.28852__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2955.38790__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2955.38810__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2955.39018__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2955.38775__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2955.39017__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2955.39044__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2955.38773__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2955.38775__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2955.38775__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2955.38774__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2955.39018__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\System32\atitmmxx.dll ()


========== Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

danib
2014-04-23, 15:57
========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (nvrd32) -- C:\WINDOWS\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{851A8443-B5A8-47F0-9639-C15E516C4C7B}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2014/04/23 12:57:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-507268109-3519426565-122146191-1000..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-507268109-3519426565-122146191-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC8A0FF6-6E48-45C7-BD7D-7AAB53E677A3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 23:33:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/23 13:31:36 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014/04/23 13:31:36 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2014/04/23 13:31:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2014/04/23 13:31:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014/04/23 13:31:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2014/04/23 13:31:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2014/04/23 13:31:15 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2014/04/23 13:30:36 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2014/04/23 13:30:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2014/04/23 13:30:36 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2014/04/23 13:30:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2014/04/23 13:30:14 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2014/04/23 13:30:14 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2014/04/23 13:30:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2014/04/23 13:30:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014/04/23 13:30:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2014/04/23 13:30:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2014/04/23 13:30:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2014/04/23 13:29:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014/04/23 13:29:26 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/04/23 13:29:26 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/04/23 13:29:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/04/23 13:29:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/04/23 13:29:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/04/23 13:29:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/04/23 13:27:57 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014/04/23 13:27:57 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2014/04/23 13:27:57 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2014/04/23 13:27:56 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2014/04/23 13:27:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2014/04/23 13:27:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2014/04/23 13:27:33 | 003,504,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/04/23 13:27:33 | 003,470,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/04/23 13:25:41 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2014/04/23 13:25:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2014/04/23 13:25:23 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014/04/23 13:25:23 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/04/23 13:25:01 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014/04/23 13:24:23 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2014/04/23 13:23:01 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2014/04/23 13:23:01 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2014/04/23 13:23:01 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2014/04/23 13:23:01 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2014/04/23 13:23:01 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2014/04/23 13:23:01 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2014/04/23 13:23:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2014/04/23 13:23:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2014/04/23 13:21:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/04/23 13:21:08 | 000,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/04/23 13:21:08 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2014/04/23 13:20:56 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/04/23 13:20:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2014/04/23 13:19:38 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014/04/23 13:19:38 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2014/04/23 13:19:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2014/04/23 13:19:37 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014/04/23 13:19:37 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014/04/23 13:19:37 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014/04/23 13:19:37 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2014/04/23 13:19:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014/04/23 13:19:37 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2014/04/23 13:19:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2014/04/23 13:19:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2014/04/23 13:19:36 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2014/04/23 13:19:36 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2014/04/23 13:19:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2014/04/23 13:19:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2014/04/23 13:19:35 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014/04/23 13:19:35 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2014/04/23 13:19:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2014/04/23 13:19:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2014/04/23 13:19:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/23 13:19:01 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/23 13:19:01 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/23 13:19:01 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/23 13:19:00 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/23 13:19:00 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/23 13:18:47 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2014/04/23 13:18:47 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2014/04/23 13:18:30 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/04/23 13:18:30 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014/04/23 13:18:30 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2014/04/23 13:18:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2014/04/23 13:17:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2014/04/23 13:17:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2014/04/23 13:17:50 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/23 13:17:49 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/23 13:17:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/23 13:17:16 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/23 13:17:11 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/23 13:17:11 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/23 13:17:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/23 13:17:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/23 13:16:27 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/23 13:16:27 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/23 13:16:27 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/23 13:16:27 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/23 13:16:27 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/23 13:16:26 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/23 13:16:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/23 13:16:26 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/23 13:16:26 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/23 13:16:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2014/04/23 12:57:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/22 19:11:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/22 19:04:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT.exe
[2014/04/22 18:56:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/22 18:23:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2014/04/22 18:23:05 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2014/04/22 18:23:05 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2014/04/22 18:16:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2014/04/22 18:16:37 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2014/04/22 18:16:37 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2014/04/22 18:16:15 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014/04/22 18:16:14 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014/04/22 18:14:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/04/22 18:14:08 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2014/04/22 18:13:50 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2014/04/22 18:13:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2014/04/22 18:12:16 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014/04/22 18:12:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2014/04/22 18:11:49 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2014/04/22 18:11:48 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2014/04/22 18:11:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2014/04/22 18:11:37 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2014/04/22 18:11:29 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/04/22 18:11:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014/04/22 18:11:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014/04/22 18:11:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2014/04/22 18:11:24 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2014/04/22 16:58:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2014/04/23 13:44:13 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/23 13:44:13 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/23 13:37:11 | 000,001,591 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2014/04/23 13:37:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 13:37:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 13:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/23 13:36:41 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/23 13:33:54 | 000,288,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/23 13:31:36 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014/04/23 13:31:36 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2014/04/23 13:31:36 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2014/04/23 13:31:36 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014/04/23 13:31:36 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2014/04/23 13:31:16 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2014/04/23 13:31:15 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2014/04/23 13:30:36 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2014/04/23 13:30:36 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2014/04/23 13:30:36 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2014/04/23 13:30:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2014/04/23 13:30:14 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2014/04/23 13:30:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2014/04/23 13:30:14 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2014/04/23 13:30:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014/04/23 13:30:14 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2014/04/23 13:30:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2014/04/23 13:30:14 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2014/04/23 13:29:27 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2014/04/23 13:29:27 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014/04/23 13:29:26 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/04/23 13:29:26 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/04/23 13:29:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/04/23 13:29:26 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/04/23 13:29:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/04/23 13:29:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/04/23 13:27:57 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014/04/23 13:27:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2014/04/23 13:27:57 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2014/04/23 13:27:56 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2014/04/23 13:27:56 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2014/04/23 13:27:56 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2014/04/23 13:27:33 | 003,504,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/04/23 13:27:33 | 003,470,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/04/23 13:25:41 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2014/04/23 13:25:41 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2014/04/23 13:25:23 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014/04/23 13:25:23 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/04/23 13:25:01 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014/04/23 13:24:23 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2014/04/23 13:23:01 | 001,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2014/04/23 13:23:01 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2014/04/23 13:23:01 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2014/04/23 13:23:01 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2014/04/23 13:23:01 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2014/04/23 13:23:01 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2014/04/23 13:23:01 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2014/04/23 13:21:41 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/04/23 13:21:08 | 000,110,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/04/23 13:21:08 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2014/04/23 13:20:56 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/04/23 13:20:17 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2014/04/23 13:19:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2014/04/23 13:19:39 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2014/04/23 13:19:39 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2014/04/23 13:19:39 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2014/04/23 13:19:39 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2014/04/23 13:19:39 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2014/04/23 13:19:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014/04/23 13:19:38 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2014/04/23 13:19:38 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2014/04/23 13:19:37 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014/04/23 13:19:37 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014/04/23 13:19:37 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014/04/23 13:19:37 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2014/04/23 13:19:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014/04/23 13:19:37 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2014/04/23 13:19:36 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2014/04/23 13:19:36 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2014/04/23 13:19:36 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2014/04/23 13:19:36 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2014/04/23 13:19:36 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2014/04/23 13:19:36 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2014/04/23 13:19:35 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014/04/23 13:19:35 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2014/04/23 13:19:35 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2014/04/23 13:19:35 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2014/04/23 13:19:02 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/23 13:19:02 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/23 13:19:01 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/23 13:19:01 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/23 13:19:00 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/23 13:19:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/23 13:18:47 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2014/04/23 13:18:47 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2014/04/23 13:18:30 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/04/23 13:18:30 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014/04/23 13:18:30 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2014/04/23 13:18:11 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2014/04/23 13:17:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2014/04/23 13:17:59 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2014/04/23 13:17:50 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/23 13:17:49 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/23 13:17:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/23 13:17:16 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/23 13:17:11 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/23 13:17:11 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/23 13:17:02 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/23 13:17:02 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/23 13:16:28 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/23 13:16:27 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/23 13:16:27 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/23 13:16:27 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/23 13:16:27 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/23 13:16:26 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/23 13:16:26 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/23 13:16:26 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/23 13:16:26 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/23 13:16:09 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2014/04/23 12:57:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/04/22 19:04:54 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT.exe
[2014/04/22 18:54:01 | 001,345,299 | ---- | M] () -- C:\Users\Alan\Desktop\AdwCleaner.exe
[2014/04/22 18:29:11 | 033,095,680 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2014/04/22 18:29:11 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/04/22 18:29:11 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/04/22 18:23:08 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2014/04/22 18:23:05 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2014/04/22 18:23:05 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2014/04/22 18:16:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2014/04/22 18:16:38 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2014/04/22 18:16:37 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2014/04/22 18:16:15 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014/04/22 18:16:15 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014/04/22 18:14:08 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2014/04/22 18:13:50 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2014/04/22 18:13:25 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2014/04/22 18:12:16 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014/04/22 18:12:10 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2014/04/22 18:11:48 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2014/04/22 18:11:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2014/04/22 18:11:37 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2014/04/22 18:11:30 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/04/22 18:11:28 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014/04/22 18:11:28 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014/04/22 18:11:24 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2014/04/22 16:58:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2014/04/23 13:37:11 | 000,001,591 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2014/04/23 13:29:27 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014/04/22 18:53:54 | 001,345,299 | ---- | C] () -- C:\Users\Alan\Desktop\AdwCleaner.exe
[2014/04/22 18:25:36 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/04/22 18:25:36 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/04/22 18:25:35 | 033,095,680 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013/08/12 15:17:25 | 000,000,680 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/23 13:22:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/23 13:19:01 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >


___________________________________

ken545
2014-04-23, 16:11
Good, you should still have aswMBR on your desktop, run a new scan (DONT FIX ANYTHING) I just want to see the report to see if that bad java entry is gone

danib
2014-04-23, 16:35
Hi Ken545,

Due to the time/ date issue the Malwarebytes trial version is showing as out of date by over a year. I tried uninstalling and reinstalling Malwarebytes; however, the new version also detailed the trial as expired and requested that I bought the premium version.

That said, the Malwarebytes database did appear to update and the program did let me run a threat scan; the results are below.

Thanks once more.

__________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/04/2014
Scan Time: 14:34:31
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.23.05
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Alan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 216753
Time Elapsed: 5 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2014-04-23, 16:47
I was referring to aswMBR , the program you ran in your first post that showed the infected Java file

In case you need it

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

danib
2014-04-23, 17:12
Thanks Ken545,

Apologies for wasting your time. Here is the log:

__________________________________________

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-23 14:53:16
-----------------------------
14:53:16.093 OS Version: Windows 6.0.6000
14:53:16.093 Number of processors: 2 586 0x6B02
14:53:16.093 ComputerName: ALAN-PC UserName: Alan
14:53:17.419 Initialize success
15:01:16.751 AVAST engine defs: 14042300
15:01:46.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004b
15:01:46.516 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
15:01:46.641 Disk 0 MBR read successfully
15:01:46.641 Disk 0 MBR scan
15:01:46.672 Disk 0 unknown MBR code
15:01:46.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 332744 MB offset 63
15:01:46.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10652 MB offset 681461235
15:01:46.812 Disk 0 scanning sectors +703277505
15:01:46.999 Disk 0 scanning C:\Windows\system32\drivers
15:02:01.882 Service scanning
15:02:31.569 Modules scanning
15:02:34.533 Disk 0 trace - called modules:
15:02:34.548 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll tcpip.sys NETIO.SYS storport.sys nvstor32.sys
15:02:34.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d1c3d0]
15:02:34.564 3 ntkrnlpa.exe[81cb0d35] -> nt!IofCallDriver -> [0x83a85520]
15:02:34.564 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\0000004b[0x83a85740]
15:02:35.469 AVAST engine scan C:\Windows
15:02:38.526 AVAST engine scan C:\Windows\system32
15:07:36.275 AVAST engine scan C:\Windows\system32\drivers
15:08:11.656 AVAST engine scan C:\Users\Alan
15:09:03.635 AVAST engine scan C:\ProgramData
15:10:02.556 Scan finished successfully
15:10:34.016 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat"
15:10:34.016 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt"

ken545
2014-04-23, 18:08
Your not wasting my time, not to worry, this stuff when your new can be sometimes confusing

aswMBR shows the infected file as gone

We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 55, if not proceed with the instructions.

Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)



How is your computer behaving now ???

danib
2014-04-23, 18:33
Hi Ken545,

Java is updated - thanks.

Re: PC status

The HP w 1907v monitor drivers keep crashing and recovering.

The constant website security certificate issues haven't happened yet; but, I have set the time correctly again today and it takes a little while to lose the correct time; so, that will probably happen again. I set the time yesterday and the PC managed to lose it by one year today.

When I try to sign in into Hotmail explorer opens up tab after tab after tab.... when I click the sign in button - could this be a time issue too?

Thanks.

ken545
2014-04-23, 23:00
This is what I would like you to do as this forum is just for malware removal, post at this site that we use in there windows forum, we help each other out

Go here and register, use the same user name your using here so that I can find you and offer my two cents, just like Safer its free
www.whatthetech.com


After your registered, go here
http://forums.whatthetech.com/index.php?showforum=119

This is there windows forum, you can tell them you posted here and link them back to this thread so they can see what we have done, explain in detail whats going on including changing your battery, I am sure that will clear some issues.


If you want to post back here after you posted at the other forum please do and I can give one of the helpers a heads up

Ken :)

danib
2014-04-24, 15:55
Hi Ken,

Thank you, so much, on behalf of my father, for your expert help. I have suggested that he makes a donation to the site as I did when I received personal help from the forum to remove a virus.

Regarding whatthetech.com:

Last night I registered on the site; however, after three attempts I have not received the account validation email. As I am not registered I cannot use the forums or the personal messaging system to contact admin, and I cannot find an admin contact email address.

In the end, I did manage to get the email address of a moderator by clicking on a 'report this page' link. I have sent him an email; so, hopefully he will get back to me regarding validating the account.

As I'm only off work for one more day and my dad is a regular blogger I really wanted to try to get his PC sorted this week; therefore, I have posted in the Windows Vista forum of bleepingcomputer.com until someone at whatthetech.com gets back to me.

The link is: http://www.bleepingcomputer.com/forums/t/532154/possible-date-time-issues-please-help/.

I will let you know how I get on. In the meantime, I will keep an eye on my inbox for a validation email from What The Tech.

Thanks again.

Daniel.

ken545
2014-04-24, 16:17
Your welcome Daniel, I see you posted at Bleeping, it also looks like you can post at WTT, lets see what Bleeping says and if no joy than go ahead and post at WTT

Take care

Ken :)

danib
2014-04-25, 15:40
Hi Ken545,

One question please?

How do I correctly uninstall ERUNT, asw.MBR, OTL and JRT please? They are not listed in Add/ Remove Programs; so, do I just delete them?

Thanks.

danib
2014-04-25, 15:46
Hi Ken,

And uninstall AdwCleaner please.

(I am not allowed to edit my posts; therefore, I have had to post again).

Thanks. Dan.

ken545
2014-04-25, 16:29
Morning Dan,

Sorry about that


Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.









Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

danib
2014-04-25, 16:39
Morning Ken, well, it's the afternoon now in the UK.

That's great, thanks.

Vista Service Pack 1 won't install; but, I think it's because of the above. I'll have a tidy up and try again.

Thanks.

Dan.

ken545
2014-04-25, 18:13
Be sure to point out about Vista SP 1 when you post at the forum, I am sure your not alone with this problem

Your active at WTT so go ahead and post

danib
2014-04-27, 16:59
Hi Ken,

The PC is fine now.

All the service packs are back on the computer; all the factory bloat ware is removed; JAVA and Adobe are up to date; the security is up to date; the monitor drivers are up to date and the PC is updating itself now.

The PC hasn't run better in a long time and I have happy parents - great.

I will attempt to close the topic if I am able to.

Thank you, very much, for your expert help.

Good luck.

Regards, Daniel.

ken545
2014-04-28, 03:47
Thats great to hear Daniel, so happy that all is ok. I will leave this thread open for a few days in case you have any questions and if not than I will close it.

Take care my friend,

Ken :)

ken545
2014-05-01, 17:04
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.