Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

goingonearth redirect along with MSE not working


  • This topic is locked This topic is locked
13 replies to this topic

#1 Roblarkin

Roblarkin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 25 July 2011 - 02:49 PM

Hi all,
I am having trouble with the goingonearth.com redirect. I am also not able to turn Microsoft Security Essentials on at all.
I am running Windows 7 64bit and have tried all sorts to fix!!
I have ran malwarebytes and have found nothing (also in safemode)
If anyone can help I would be so greatful as a clean install would be a nightmare at present!! Also running no antivirus is asking for trouble!!
Pls Help. :-)

Hello, this will require some special tools to remove.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

MOD EDIT: I merged all 3 posts into one. Moderator boopme

Thanks.
I have ran all and logs as follows.
Yep I thought it may be a rough ride!

DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Rob at 21:09:40 on 2011-07-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6135.2211 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\FileManager.exe
C:\Program Files (x86)\HTC Home\Clock.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe
C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\adb.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [FileManager] "C:\Program Files\DriveHQ\DriveHQ FileManager\FileManager.exe" autorun
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Clock Widget (HTC Home)] "C:\Program Files (x86)\HTC Home\Clock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe"
mRun: [TVEService] "C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DFB33DBD-482F-41B5-B330-852B3F4DD098} : DhcpNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe"
mRun-x64: [TVEService] "C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ikjwwvsy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ikjwwvsy.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/04/24 16:07:23];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-12-29 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2011-4-7 96896]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 DVBPCIE_2006_Sevice;PCIE PCIE_2006 DVB-S2 Device;C:\Windows\system32\DRIVERS\PCIE_2006.sys --> C:\Windows\system32\DRIVERS\PCIE_2006.sys [?]
R2 FileManagerFun;FileManagerFun;C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2011-4-30 55808]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-5-23 366640]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2011-4-24 464224]
R2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2011-4-24 189792]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S1 DVBNet;DVB Net ETAdapter Service;C:\Windows\system32\DRIVERS\DVBNet.sys --> C:\Windows\system32\DRIVERS\DVBNet.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-31 136176]
S2 NPVR Recording Service;NPVR Recording Service;"C:\Program Files (x86)\NPVR\NRecord.exe" --> C:\Program Files (x86)\NPVR\NRecord.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-07-25 19:43:39 -------- d-----w- C:\Users\Rob\AppData\Local\{13C62C9E-5E6C-4D63-A5AA-812F4AF75846}
2011-07-25 07:43:14 -------- d-----w- C:\Users\Rob\AppData\Local\{6605BB14-2E25-420D-8711-F324AEFF44B7}
2011-07-24 19:42:58 -------- d-----w- C:\Users\Rob\AppData\Local\{A9704301-7140-4B43-A6A8-6FDB3E5C81D2}
2011-07-24 07:42:46 -------- d-----w- C:\Users\Rob\AppData\Local\{FE0FB7FF-329E-4514-8C9C-953C7FA004E8}
2011-07-23 19:42:34 -------- d-----w- C:\Users\Rob\AppData\Local\{BFF563F3-B122-487D-88BC-9D9A7BD083D2}
2011-07-23 07:42:22 -------- d-----w- C:\Users\Rob\AppData\Local\{B63669ED-4354-4B91-9A46-D9DFF5B6B884}
2011-07-22 19:42:11 -------- d-----w- C:\Users\Rob\AppData\Local\{849D7B40-E26C-4760-BA93-3CC73065613B}
2011-07-22 07:41:59 -------- d-----w- C:\Users\Rob\AppData\Local\{57323CAB-D1CF-499B-9444-0C7A390AA9F7}
2011-07-21 19:41:47 -------- d-----w- C:\Users\Rob\AppData\Local\{07C22DB9-DE26-47A3-A82F-4F6CF4289749}
2011-07-21 07:41:35 -------- d-----w- C:\Users\Rob\AppData\Local\{2AD2F617-BFEB-4974-A875-B8029A2C9131}
2011-07-20 20:34:41 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-20 19:41:24 -------- d-----w- C:\Users\Rob\AppData\Local\{2E20E1A4-43F9-40E0-86DD-EE0F98BE7461}
2011-07-20 07:41:12 -------- d-----w- C:\Users\Rob\AppData\Local\{26CD78A3-FE87-4B06-87AE-D4E19007D6DD}
2011-07-19 19:41:00 -------- d-----w- C:\Users\Rob\AppData\Local\{E8BD5C45-BAE7-48DF-8757-8F14A2130650}
2011-07-19 07:40:48 -------- d-----w- C:\Users\Rob\AppData\Local\{2FEFB15C-C22A-442D-8874-227B8225AB45}
2011-07-18 19:39:06 -------- d-----w- C:\Users\Rob\AppData\Local\{3B06E2A8-C951-44C5-9E4D-11B631FCB705}
2011-07-18 07:38:40 -------- d-----w- C:\Users\Rob\AppData\Local\{AC44466C-2A65-4948-9A65-7702814FE91B}
2011-07-17 19:36:45 -------- d-----w- C:\Users\Rob\AppData\Local\{F1F1D941-CF30-455B-9ADE-9BB0533A605E}
2011-07-17 17:08:42 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2399559-54DA-448F-B153-B594BE2CFC32}\gapaengine.dll
2011-07-17 17:08:25 8873296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{031F81B8-39A7-497F-B1A8-EF7000C5B234}\mpengine.dll
2011-07-17 16:59:31 -------- d-----w- C:\Windows\pss
2011-07-17 15:13:54 -------- d-----w- C:\Users\Rob\Outlook Express Backups
2011-07-17 15:13:42 -------- d-----w- C:\Program Files (x86)\Outlook Express Backup Restore
2011-07-17 07:07:06 -------- d-----w- C:\Users\Rob\AppData\Local\CrashDumps
2011-07-17 07:02:22 -------- d-----w- C:\Users\Rob\AppData\Local\NPE
2011-07-17 07:02:22 -------- d-----w- C:\ProgramData\Norton
2011-07-17 06:48:09 -------- d-----w- C:\Users\Rob\AppData\Local\{560480FB-0A14-4A77-8C9B-754F5B9BAEB4}
2011-07-17 06:08:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-17 06:08:54 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-16 18:55:41 62976 --sha-r- C:\Windows\SysWow64\msyuvg.dll
2011-07-15 06:23:35 -------- d-----w- C:\Users\Rob\AppData\Local\{08E0ABD4-5BAA-4BF4-84B7-217CF8F36664}
2011-07-14 18:34:41 -------- d-----w- C:\Users\Rob\AppData\Roaming\Outlook
2011-07-14 18:27:45 -------- d-----w- C:\Users\Rob\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-07-14 05:50:26 -------- d-----w- C:\Users\Rob\AppData\Local\{21D9ECB3-6451-425E-BE2F-FFBBBF982176}
2011-07-13 20:04:59 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-09 23:11:46 -------- d-----w- C:\Users\Rob\AppData\Local\{4474BD17-9175-4B0F-B660-FE2F423F2EBE}
2011-07-09 09:19:29 -------- d-----w- C:\Users\Rob\AppData\Local\{A90A1033-6703-4E3A-B799-08109212459A}
2011-07-09 09:19:29 -------- d-----w- C:\Users\Rob\AppData\Local\{990BE2DB-4048-4261-96F2-C2B2050A838E}
2011-07-06 18:03:40 -------- d-----w- C:\Users\Rob\AppData\Local\{B5BBB3C4-F8B9-4BF1-9E0D-889E92D3B9DF}
2011-07-06 17:59:54 -------- d-----w- C:\Windows\en
2011-07-06 17:54:06 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-06 17:48:39 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-07-06 17:47:48 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-07-06 17:47:48 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-07-06 17:47:48 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-07-06 17:47:48 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-07-06 17:47:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce4fa8bb1cc3c0409\DSETUP.dll
2011-07-06 17:47:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce4fa8bb1cc3c0409\DXSETUP.exe
2011-07-06 17:47:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ce4fa8bb1cc3c0409\dsetup32.dll
2011-07-06 17:47:40 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-07-06 17:47:40 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-07-06 17:47:34 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c8f3f7d61cc3c0408\DSETUP.dll
2011-07-06 17:47:34 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c8f3f7d61cc3c0408\DXSETUP.exe
2011-07-06 17:47:34 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c8f3f7d61cc3c0408\dsetup32.dll
2011-07-06 17:46:02 -------- d-----w- C:\Users\Rob\AppData\Local\Windows Live
2011-07-06 17:46:02 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-01 16:46:51 984624 ------w- C:\Windows\SysWow64\empgdmx.ax
2011-07-01 16:46:51 816264 ------w- C:\Windows\SysWow64\wmvdmod.dll
2011-07-01 16:46:51 410248 ----a-w- C:\Windows\SysWow64\wmad3222.rra
2011-07-01 16:46:51 384512 ------w- C:\Windows\SysWow64\mp4sdmod.dll
2011-07-01 16:46:51 316040 ------w- C:\Windows\SysWow64\mp43dmod.dll
2011-07-01 16:46:51 241664 ----a-w- C:\Windows\SysWow64\qasf31d4.rra
2011-07-01 16:46:51 241664 ------w- C:\Windows\SysWow64\mpg4dmod.dll
2011-07-01 16:46:49 45056 ------w- C:\Windows\SysWow64\bda_capture_filter.dll
2011-07-01 16:46:49 135251 ------w- C:\Windows\SysWow64\bda_tuner_filter.dll
2011-07-01 16:46:48 647168 ------w- C:\Windows\SysWow64\DWUSBAPI.dll
2011-07-01 16:46:48 24576 ------w- C:\Windows\SysWow64\AF15BDAEX.dll
2011-07-01 16:46:48 24576 ------w- C:\Windows\SysWow64\AF05BDAEX.dll
2011-06-29 02:52:03 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-29 02:52:03 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-29 02:52:03 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-29 02:52:03 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-29 02:52:03 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
.
==================== Find3M ====================
.
2011-07-18 13:53:45 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2011-07-18 13:53:44 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2011-07-18 13:53:44 33152 ----a-w- C:\Windows\System32\LMIport.dll
2011-07-06 18:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-16 06:20:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-30 13:42:51 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-05-30 13:42:35 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-23 09:52:08 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-05-23 07:49:41 173568 ----a-w- C:\Windows\System32\xvid.ax
2011-05-23 07:46:31 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-05-23 07:45:39 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2011-05-16 19:54:01 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-13 15:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2011-05-13 14:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-04-27 14:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
.
============= FINISH: 21:09:51.60 ===============

As for the Gmer, it is not as shown the only boxes that are ticked are Services, Registry & Files. The others are ghosted out.
I have ran as admin and proceeded with scan results as below:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-25 21:21:07
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272d4ef38
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272d4ef38 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B110B766-548E-00FE-07B6-D26DBCDC6542}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B110B766-548E-00FE-07B6-D26DBCDC6542}@famffanmkfld 0x6F 0x62 0x61 0x67 ...

---- EOF - GMER 1.0.15 ----

Edited by boopme, 25 July 2011 - 06:47 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:15 AM

Posted 04 August 2011 - 04:47 AM

Hi Roblarkin, and welcome to Bleeping Computer.

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Roblarkin

Roblarkin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 04 August 2011 - 10:22 AM

Thanks for this :-)
firstly attached is MAMB results as follows:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7376

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

04/08/2011 16:08:34
mbam-log-2011-08-04 (16-08-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 350421
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Next is the OTL txt as follows:
OTL logfile created on: 04/08/2011 16:11:39 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rob\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 15.00% Memory free
11.98 Gb Paging File | 6.62 Gb Available in Paging File | 55.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 6.42 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1658.76 Gb Free Space | 89.04% Space Free | Partition Type: NTFS
Drive F: | 362.11 Gb Total Space | 55.99 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 44.19 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
Drive I: | 58.50 Gb Total Space | 4.35 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive K: | 429.69 Gb Total Space | 10.90 Gb Free Space | 2.54% Space Free | Partition Type: NTFS
Drive Q: | 58.50 Gb Total Space | 10.61 Gb Free Space | 18.13% Space Free | Partition Type: NTFS
Drive S: | 976.56 Gb Total Space | 128.28 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
Drive T: | 443.23 Gb Total Space | 4.53 Gb Free Space | 1.02% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rob\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\adb.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\CancelAutoplay.exe ()
PRC - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe (VSO Software SARL)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)


========== Modules (SafeList) ==========

MOD - C:\Users\Rob\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (FileManagerFun) -- C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe (Drive Headquarter)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (DVBPCIE_2006_Sevice) -- C:\Windows\SysNative\drivers\PCIE_2006.sys ()
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (e1yexpress) Intel® -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (DVBNet) -- C:\Windows\SysNative\drivers\DVBNet.sys (DVB Provider)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 F8 B0 3E 1C 47 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/18 21:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/25 08:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/18 21:41:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/18 21:40:14 | 000,000,000 | ---D | M]

[2011/04/07 17:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2011/07/30 19:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ikjwwvsy.default\extensions
[2011/07/19 21:48:37 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ikjwwvsy.default\extensions\2020Player_IKEA@2020Technologies.com
[2011/07/30 19:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ikjwwvsy.default\extensions\staged
[2011/06/02 07:39:59 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ikjwwvsy.default\extensions\toolbar@ask.com
[2011/05/23 20:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/17 08:11:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/23 20:52:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IKJWWVSY.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IKJWWVSY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IKJWWVSY.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/06/25 08:19:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2009/11/06 16:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009/11/06 16:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Clock Widget (HTC Home)] C:\Program Files (x86)\HTC Home\Clock.exe ()
O4 - HKCU..\Run: [FileManager] C:\Program Files\DriveHQ\DriveHQ FileManager\FileManager.exe (DriveHQ)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159620.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Windows\SysWow64\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.VP70 - C:\Windows\SysWow64\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 16:09:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL(1).exe
[2011/08/04 08:47:56 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{084905F4-C72A-4897-AC7D-47E72E9AB646}
[2011/08/03 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{207D895B-9A06-4F3E-90CF-827BD79FB49A}
[2011/08/03 08:47:33 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{43D8EE79-6754-4C7F-A491-4DD5A67FD010}
[2011/08/02 20:47:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C47F8B11-00C5-4518-A9F1-D30B68350CFE}
[2011/08/02 08:47:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9CFB7F07-6514-40FB-BEBD-EADFEAC90205}
[2011/08/01 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{E8EEF5A1-0888-4FB5-92E2-E4EAB4808731}
[2011/08/01 08:46:45 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{B374431A-7077-4CFD-A689-AD4B3C6A1BCA}
[2011/07/31 20:46:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C00225B2-996D-47FD-BCAD-09CD955401B7}
[2011/07/31 08:46:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{795AB9F9-3863-4B89-9A7B-51620BBE984E}
[2011/07/30 20:46:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{87865434-5993-4D11-97D9-571D416E2FBA}
[2011/07/30 08:45:56 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{61B7AEBF-98D4-4399-94E1-7EF7C23B5C78}
[2011/07/29 20:45:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{5BBAAEB0-A305-46A5-87EF-0E433B16B76C}
[2011/07/29 08:45:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2065349F-E98A-4654-AF3D-467FD75ED3D2}
[2011/07/28 20:45:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0D012CEE-B9EE-4AD8-A673-4B37BC816424}
[2011/07/28 08:45:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AB7D8F04-94D3-433F-9CDB-523AC8314B95}
[2011/07/27 20:44:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{ED16000F-CAC7-4674-AC92-0F48C17FF556}
[2011/07/27 08:44:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{8837C441-DCA6-4684-8206-C689D57E40B5}
[2011/07/26 20:44:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{84A4A43C-2068-4171-8837-9BB18E5CE34F}
[2011/07/26 08:44:16 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AC744F94-45C2-49FF-9981-A887533AF90C}
[2011/07/25 21:09:15 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\dds(1).scr
[2011/07/25 20:43:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{13C62C9E-5E6C-4D63-A5AA-812F4AF75846}
[2011/07/25 08:43:14 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6605BB14-2E25-420D-8711-F324AEFF44B7}
[2011/07/24 20:42:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A9704301-7140-4B43-A6A8-6FDB3E5C81D2}
[2011/07/24 08:42:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{FE0FB7FF-329E-4514-8C9C-953C7FA004E8}
[2011/07/23 20:42:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{BFF563F3-B122-487D-88BC-9D9A7BD083D2}
[2011/07/23 08:42:22 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{B63669ED-4354-4B91-9A46-D9DFF5B6B884}
[2011/07/22 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{849D7B40-E26C-4760-BA93-3CC73065613B}
[2011/07/22 08:41:59 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{57323CAB-D1CF-499B-9444-0C7A390AA9F7}
[2011/07/21 20:41:47 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{07C22DB9-DE26-47A3-A82F-4F6CF4289749}
[2011/07/21 08:41:35 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2AD2F617-BFEB-4974-A875-B8029A2C9131}
[2011/07/20 21:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/20 20:41:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2E20E1A4-43F9-40E0-86DD-EE0F98BE7461}
[2011/07/20 08:41:12 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{26CD78A3-FE87-4B06-87AE-D4E19007D6DD}
[2011/07/19 20:41:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{E8BD5C45-BAE7-48DF-8757-8F14A2130650}
[2011/07/19 08:40:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2FEFB15C-C22A-442D-8874-227B8225AB45}
[2011/07/18 20:39:06 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3B06E2A8-C951-44C5-9E4D-11B631FCB705}
[2011/07/18 08:38:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AC44466C-2A65-4948-9A65-7702814FE91B}
[2011/07/17 20:36:45 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F1F1D941-CF30-455B-9ADE-9BB0533A605E}
[2011/07/17 17:59:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/07/17 16:13:54 | 000,000,000 | ---D | C] -- C:\Users\Rob\Outlook Express Backups
[2011/07/17 16:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Express Backup Restore
[2011/07/17 16:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express Backup Restore
[2011/07/17 08:07:06 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\CrashDumps
[2011/07/17 08:02:22 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\NPE
[2011/07/17 08:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/17 07:48:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{560480FB-0A14-4A77-8C9B-754F5B9BAEB4}
[2011/07/17 07:28:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/17 07:28:31 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/17 07:28:31 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/17 07:28:30 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/07/17 07:28:30 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/07/17 07:28:30 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/07/17 07:28:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/17 07:28:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/17 07:28:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/17 07:28:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/17 07:28:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/17 07:28:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/17 07:28:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/17 07:28:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/17 07:28:29 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/07/17 07:28:29 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/07/17 07:28:29 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/07/17 07:28:29 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/07/17 07:28:29 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/07/17 07:28:29 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/07/17 07:28:29 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/07/17 07:28:29 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/07/17 07:28:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/07/17 07:28:29 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/07/17 07:28:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/07/17 07:28:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/07/17 07:28:29 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/07/17 07:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/17 07:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/15 07:23:35 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{08E0ABD4-5BAA-4BF4-84B7-217CF8F36664}
[2011/07/14 19:36:18 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\My Photos
[2011/07/14 19:36:18 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\My Documents
[2011/07/14 19:34:41 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Outlook
[2011/07/14 19:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011/07/14 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/07/14 06:50:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2011/07/14 06:50:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{21D9ECB3-6451-425E-BE2F-FFBBBF982176}
[2011/07/13 21:05:07 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 21:05:07 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 21:05:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 21:05:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 21:05:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 21:05:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 21:05:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 21:05:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 21:05:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 21:05:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 21:05:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 21:05:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/10 00:11:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4474BD17-9175-4B0F-B660-FE2F423F2EBE}
[2011/07/09 10:19:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A90A1033-6703-4E3A-B799-08109212459A}
[2011/07/09 10:19:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{990BE2DB-4048-4261-96F2-C2B2050A838E}
[2011/07/07 07:12:01 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\My Received Files
[2011/07/06 19:03:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{B5BBB3C4-F8B9-4BF1-9E0D-889E92D3B9DF}
[2011/07/06 18:59:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/07/06 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/07/06 18:48:39 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2011/07/06 18:48:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/07/06 18:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/07/06 18:48:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/07/06 18:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/07/06 18:47:48 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/07/06 18:47:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/07/06 18:47:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/07/06 18:47:48 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/07/06 18:47:40 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/07/06 18:47:40 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/07/06 18:46:02 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Windows Live
[2011/07/06 18:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/05/04 20:39:00 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/04/07 18:19:26 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Rob\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/08/04 16:09:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL(1).exe
[2011/08/04 15:53:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 11:53:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 20:39:00 | 000,351,242 | ---- | M] () -- C:\Users\Public\Documents\L and S Developments logo.jpg
[2011/07/30 17:56:17 | 000,781,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/30 17:56:17 | 000,666,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/30 17:56:17 | 000,125,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/30 08:33:46 | 000,001,189 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\vso_ts_preview.xml
[2011/07/29 17:37:03 | 000,616,991 | ---- | M] () -- C:\Users\Rob\Documents\british gas user manual.PDF
[2011/07/25 21:08:40 | 000,000,000 | ---- | M] () -- C:\Users\Rob\defogger_reenable
[2011/07/25 21:06:50 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\dds(1).scr
[2011/07/19 21:26:30 | 007,932,537 | ---- | M] () -- C:\Users\Rob\Documents\house work rl001.skp
[2011/07/19 03:36:32 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 03:36:32 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/18 18:31:32 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\DROJLHJ.job
[2011/07/18 18:31:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/18 18:31:26 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/18 18:16:41 | 000,001,272 | ---- | M] () -- C:\Users\Rob\Desktop\ConvertXtoDVD 4.lnk
[2011/07/18 18:16:41 | 000,001,264 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/18 14:53:45 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011/07/18 14:53:44 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011/07/18 14:53:44 | 000,033,152 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011/07/17 19:59:24 | 000,136,792 | ---- | M] () -- C:\Users\Public\Documents\cc_20110717_195904.reg
[2011/07/17 19:57:11 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/17 17:55:10 | 000,000,017 | ---- | M] () -- C:\Users\Rob\AppData\Local\resmon.resmoncfg
[2011/07/17 16:33:11 | 000,001,219 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Cover Studio 2.lnk
[2011/07/17 16:33:11 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Cover Studio 2.lnk
[2011/07/17 16:13:42 | 000,001,205 | ---- | M] () -- C:\Users\Rob\Desktop\Outlook Express Backup Restore.lnk
[2011/07/17 08:03:42 | 000,412,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/17 07:09:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/17 07:08:55 | 000,787,116 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/16 23:29:14 | 000,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2011/07/16 23:26:31 | 000,005,256 | ---- | M] () -- C:\Users\Rob\Desktop\wscsvcbackup.reg
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Rob\Desktop\gmer.exe
[2011/07/16 19:55:41 | 000,062,976 | RHS- | M] () -- C:\Windows\SysWow64\msyuvg.dll
[2011/07/14 19:33:55 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/02 20:39:00 | 000,351,242 | ---- | C] () -- C:\Users\Public\Documents\L and S Developments logo.jpg
[2011/07/29 17:47:02 | 000,616,991 | ---- | C] () -- C:\Users\Rob\Documents\british gas user manual.PDF
[2011/07/25 21:13:18 | 000,302,592 | ---- | C] () -- C:\Users\Rob\Desktop\gmer.exe
[2011/07/25 21:08:40 | 000,000,000 | ---- | C] () -- C:\Users\Rob\defogger_reenable
[2011/07/19 21:26:29 | 007,932,537 | ---- | C] () -- C:\Users\Rob\Documents\house work rl001.skp
[2011/07/18 18:16:41 | 000,001,272 | ---- | C] () -- C:\Users\Rob\Desktop\ConvertXtoDVD 4.lnk
[2011/07/18 18:16:41 | 000,001,264 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/17 19:59:08 | 000,136,792 | ---- | C] () -- C:\Users\Public\Documents\cc_20110717_195904.reg
[2011/07/17 17:55:10 | 000,000,017 | ---- | C] () -- C:\Users\Rob\AppData\Local\resmon.resmoncfg
[2011/07/17 16:33:11 | 000,001,219 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Cover Studio 2.lnk
[2011/07/17 16:33:11 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Cover Studio 2.lnk
[2011/07/17 16:13:42 | 000,001,205 | ---- | C] () -- C:\Users\Rob\Desktop\Outlook Express Backup Restore.lnk
[2011/07/17 07:08:54 | 000,001,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/16 23:26:31 | 000,005,256 | ---- | C] () -- C:\Users\Rob\Desktop\wscsvcbackup.reg
[2011/07/16 19:55:41 | 000,062,976 | RHS- | C] () -- C:\Windows\SysWow64\msyuvg.dll
[2011/07/16 19:55:41 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\DROJLHJ.job
[2011/07/14 19:33:55 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/07/06 18:55:36 | 000,001,349 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/07/06 18:54:45 | 000,001,418 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/07/06 18:53:17 | 000,001,502 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/07/06 18:52:41 | 000,002,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/07/01 17:46:49 | 000,135,251 | ---- | C] () -- C:\Windows\SysWow64\bda_tuner_filter.dll
[2011/07/01 17:46:49 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\bda_capture_filter.dll
[2011/07/01 17:46:48 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\DWUSBAPI.dll
[2011/07/01 17:46:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AF15BDAEX.dll
[2011/06/18 21:38:46 | 000,220,696 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/06/18 21:38:46 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2011/06/09 20:31:09 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/09 20:31:09 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/20 10:08:16 | 000,220,668 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2011/05/20 10:08:16 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2011/05/04 20:39:02 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/04 20:39:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/04 20:38:59 | 002,712,064 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/05/04 20:38:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/12 21:22:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/04/09 09:43:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/07 23:00:48 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/04/07 23:00:47 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/04/07 23:00:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/07 23:00:44 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/07 22:48:32 | 000,045,749 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/07 22:47:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/07 22:47:08 | 000,032,480 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/04/07 19:07:27 | 000,787,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/07 18:52:44 | 000,010,475 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/04/07 18:20:59 | 000,001,189 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\vso_ts_preview.xml
[2011/04/07 18:19:26 | 000,099,384 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\inst.exe
[2011/04/07 18:19:26 | 000,007,859 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\pcouffin.cat
[2011/04/07 18:19:26 | 000,001,167 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\pcouffin.inf
[2011/04/06 23:24:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/09 14:25:00 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/07/18 18:31:26 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/16 19:44:34 | 000,000,440 | ---- | M] () -- C:\install.log
[2011/07/18 18:31:27 | 2138,165,247 | -HS- | M] () -- C:\pagefile.sys
[2011/04/07 22:54:11 | 000,002,198 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
as for the extras.txt this was not produced?
I hope this helps

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:15 AM

Posted 04 August 2011 - 02:15 PM

Hi again Roblarkin!!.. :)

as for the extras.txt this was not produced?

OTL.exe was run before by you, but I cannot determine when...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2009/11/06 16:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2009/11/06 16:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    O4 - HKLM..\Run: [] File not found
    [2011/07/16 19:55:41 | 000,062,976 | RHS- | C] () -- C:\Windows\SysWow64\msyuvg.dll
    [2011/07/16 19:55:41 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\DROJLHJ.job
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Then, after a reboot,
Right click this folder: c:\_OTL and choose: "Send to" --> "Compressed (zipped) Folder".
Upload that zipped folder for analysis: go to this site, click on Browse, and choose the zipped file, click Upload. Allow the file to be uploaded - wait till: The file has been uploaded! appears.

Thirdly,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Finally,
Please run OTL.exe, click None on the upper bar, under Extra Registry check Use Safe List; then click Run Scan - post the Extras.txt logfile produced...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 Roblarkin

Roblarkin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 04 August 2011 - 02:43 PM

All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\Plugins\npCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\Plugins\npMozCouponPrinter.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\SysWOW64\msyuvg.dll moved successfully.
C:\Windows\Tasks\DROJLHJ.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Public

User: repairadmin
->Temp folder emptied: 144419 bytes
->Temporary Internet Files folder emptied: 125198991 bytes
->Flash cache emptied: 56468 bytes

User: Rob
->Temp folder emptied: 183472031 bytes
->Temporary Internet Files folder emptied: 39589622 bytes
->Java cache emptied: 642834 bytes
->FireFox cache emptied: 675430250 bytes
->Flash cache emptied: 79959 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28687331 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 450525123 bytes

Total Files Cleaned = 1,434.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: Public

User: repairadmin
->Flash cache emptied: 0 bytes

User: Rob
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08042011_202102

Files\Folders moved on Reboot...
C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Rob\AppData\Local\Temp\HPV627B.tmp.vdf not found!
File\Folder C:\Users\Rob\AppData\Local\Temp\HPV627C.tmp.vdf not found!
File\Folder C:\Users\Rob\AppData\Local\Temp\HPV62DB.tmp.vdf not found!
C:\Users\Rob\AppData\Local\Temp\HPV659F.tmp.vdf moved successfully.
File\Folder C:\Users\Rob\AppData\Local\Temp\tmp8836.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Temp\~DFE6F78C0D293B3C1C.TMP not found!
File\Folder C:\Users\Rob\AppData\Local\Temp\~DFF562157BCBDD0BA6.TMP not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{9E140ACD-1282-4AD7-8213-08BBFEA73C78}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{06FA5523-0858-4EFC-A091-9FC3329353AC}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{116228D9-6E76-478E-A642-8FFC974D8117}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3B2D82D8-1870-49C4-8BA9-2AEDE68093C7}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{54A76921-0861-4FCB-B4CD-30B0EA708012}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A342CCDF-CD0C-44F6-81E1-D9838D3039AD}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BB73CF6E-42EF-493C-819D-36C9CCC68C48}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C0C5A818-7A8B-43F4-B237-2BD93448DAAD}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DFC1FAD6-BB1A-4D2A-B3A8-E9BC9ACF0D9D}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EADC6FAC-DA19-4904-A21D-E3BB8CAF72F8}.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoFC7.tmp not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKA5II57\Today[1].aspx not found!
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4255KKD\ADSAdClient31[1].txt not found!
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4255KKD\B5353379[3].htm moved successfully.
File\Folder C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4255KKD\tt[1].txt not found!

Registry entries deleted on Reboot...


TDSS rootkit results as follows:

2011/08/04 20:34:32.0138 1192 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/04 20:34:32.0359 1192 ================================================================================
2011/08/04 20:34:32.0359 1192 SystemInfo:
2011/08/04 20:34:32.0359 1192
2011/08/04 20:34:32.0359 1192 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/04 20:34:32.0359 1192 Product type: Workstation
2011/08/04 20:34:32.0359 1192 ComputerName: ROB-PC
2011/08/04 20:34:32.0359 1192 UserName: Rob
2011/08/04 20:34:32.0359 1192 Windows directory: C:\Windows
2011/08/04 20:34:32.0359 1192 System windows directory: C:\Windows
2011/08/04 20:34:32.0359 1192 Running under WOW64
2011/08/04 20:34:32.0359 1192 Processor architecture: Intel x64
2011/08/04 20:34:32.0359 1192 Number of processors: 8
2011/08/04 20:34:32.0359 1192 Page size: 0x1000
2011/08/04 20:34:32.0359 1192 Boot type: Normal boot
2011/08/04 20:34:32.0359 1192 ================================================================================
2011/08/04 20:34:33.0426 1192 Initialize success
2011/08/04 20:34:37.0322 7956 ================================================================================
2011/08/04 20:34:37.0322 7956 Scan started
2011/08/04 20:34:37.0322 7956 Mode: Manual;
2011/08/04 20:34:37.0322 7956 ================================================================================
2011/08/04 20:34:38.0296 7956 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/04 20:34:38.0314 7956 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/04 20:34:38.0329 7956 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/04 20:34:38.0347 7956 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/04 20:34:38.0365 7956 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/04 20:34:38.0382 7956 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/04 20:34:38.0405 7956 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/04 20:34:38.0421 7956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/04 20:34:38.0439 7956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/04 20:34:38.0456 7956 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/04 20:34:38.0472 7956 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/04 20:34:38.0547 7956 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/04 20:34:38.0708 7956 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/04 20:34:38.0726 7956 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/04 20:34:38.0746 7956 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/04 20:34:38.0763 7956 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/04 20:34:38.0778 7956 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/04 20:34:38.0795 7956 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/04 20:34:38.0820 7956 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/04 20:34:38.0836 7956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/04 20:34:38.0870 7956 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/04 20:34:38.0885 7956 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/04 20:34:38.0965 7956 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/04 20:34:39.0019 7956 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/04 20:34:39.0037 7956 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/04 20:34:39.0060 7956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/04 20:34:39.0080 7956 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/04 20:34:39.0096 7956 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/04 20:34:39.0110 7956 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/04 20:34:39.0124 7956 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/04 20:34:39.0143 7956 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/04 20:34:39.0158 7956 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/04 20:34:39.0173 7956 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/04 20:34:39.0188 7956 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/04 20:34:39.0203 7956 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/08/04 20:34:39.0218 7956 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/04 20:34:39.0234 7956 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/04 20:34:39.0252 7956 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/08/04 20:34:39.0274 7956 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/04 20:34:39.0288 7956 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/04 20:34:39.0304 7956 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/04 20:34:39.0322 7956 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/04 20:34:39.0337 7956 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/04 20:34:39.0363 7956 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/04 20:34:39.0378 7956 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/04 20:34:39.0395 7956 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/04 20:34:39.0411 7956 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/04 20:34:39.0426 7956 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/04 20:34:39.0443 7956 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/04 20:34:39.0466 7956 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/04 20:34:39.0486 7956 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
2011/08/04 20:34:39.0508 7956 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/04 20:34:39.0525 7956 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/04 20:34:39.0540 7956 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/04 20:34:39.0578 7956 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/04 20:34:39.0687 7956 DVBNet (ed389710965d59eaf9fefc1e065b2d7b) C:\Windows\system32\DRIVERS\DVBNet.sys
2011/08/04 20:34:39.0734 7956 DVBPCIE_2006_Sevice (c0127ef944044634664a85e3c77ba754) C:\Windows\system32\DRIVERS\PCIE_2006.sys
2011/08/04 20:34:39.0759 7956 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/04 20:34:39.0780 7956 e1yexpress (56f127edf97af8295ffc0fa485f9669c) C:\Windows\system32\DRIVERS\e1y62x64.sys
2011/08/04 20:34:39.0822 7956 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/04 20:34:39.0872 7956 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/04 20:34:39.0890 7956 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/04 20:34:39.0917 7956 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/04 20:34:39.0932 7956 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/04 20:34:39.0949 7956 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/04 20:34:39.0969 7956 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/04 20:34:39.0987 7956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/04 20:34:40.0001 7956 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/04 20:34:40.0020 7956 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/04 20:34:40.0040 7956 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/04 20:34:40.0055 7956 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/04 20:34:40.0072 7956 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/04 20:34:40.0087 7956 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/04 20:34:40.0101 7956 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/04 20:34:40.0123 7956 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/04 20:34:40.0144 7956 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/04 20:34:40.0161 7956 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/04 20:34:40.0175 7956 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/04 20:34:40.0190 7956 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/04 20:34:40.0205 7956 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/04 20:34:40.0223 7956 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/04 20:34:40.0251 7956 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/04 20:34:40.0268 7956 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/08/04 20:34:40.0283 7956 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
2011/08/04 20:34:40.0302 7956 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/04 20:34:40.0320 7956 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/04 20:34:40.0336 7956 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/04 20:34:40.0354 7956 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/04 20:34:40.0373 7956 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/04 20:34:40.0407 7956 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/04 20:34:40.0428 7956 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/04 20:34:40.0443 7956 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/04 20:34:40.0460 7956 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/04 20:34:40.0478 7956 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/04 20:34:40.0493 7956 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/04 20:34:40.0507 7956 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/04 20:34:40.0522 7956 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/04 20:34:40.0540 7956 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/04 20:34:40.0556 7956 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
2011/08/04 20:34:40.0571 7956 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/04 20:34:40.0616 7956 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/04 20:34:40.0692 7956 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/08/04 20:34:40.0708 7956 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/04 20:34:40.0750 7956 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/04 20:34:40.0765 7956 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/04 20:34:40.0792 7956 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/04 20:34:40.0808 7956 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
2011/08/04 20:34:40.0828 7956 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/08/04 20:34:40.0858 7956 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/08/04 20:34:40.0878 7956 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/04 20:34:40.0893 7956 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/04 20:34:40.0908 7956 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/04 20:34:40.0924 7956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/04 20:34:40.0940 7956 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/04 20:34:40.0955 7956 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/04 20:34:40.0974 7956 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/04 20:34:40.0991 7956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/04 20:34:41.0009 7956 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/04 20:34:41.0024 7956 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/04 20:34:41.0039 7956 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/04 20:34:41.0055 7956 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/04 20:34:41.0070 7956 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/04 20:34:41.0087 7956 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/04 20:34:41.0102 7956 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/04 20:34:41.0117 7956 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/04 20:34:41.0132 7956 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/04 20:34:41.0150 7956 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/04 20:34:41.0165 7956 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/04 20:34:41.0181 7956 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/04 20:34:41.0196 7956 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/04 20:34:41.0211 7956 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/04 20:34:41.0227 7956 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/04 20:34:41.0249 7956 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/04 20:34:41.0263 7956 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/04 20:34:41.0278 7956 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/04 20:34:41.0299 7956 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/04 20:34:41.0316 7956 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/04 20:34:41.0331 7956 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/04 20:34:41.0348 7956 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/04 20:34:41.0366 7956 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/04 20:34:41.0381 7956 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/04 20:34:41.0396 7956 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/04 20:34:41.0411 7956 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/08/04 20:34:41.0427 7956 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/04 20:34:41.0444 7956 mv91xx (8db5861a8db19abaf430fcd001ef5e93) C:\Windows\system32\DRIVERS\mv91xx.sys
2011/08/04 20:34:41.0462 7956 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/04 20:34:41.0483 7956 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/04 20:34:41.0502 7956 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/04 20:34:41.0517 7956 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/04 20:34:41.0532 7956 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/04 20:34:41.0548 7956 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/04 20:34:41.0562 7956 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/04 20:34:41.0580 7956 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/04 20:34:41.0665 7956 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/04 20:34:41.0745 7956 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/04 20:34:41.0760 7956 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/04 20:34:41.0781 7956 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/04 20:34:41.0801 7956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/04 20:34:41.0829 7956 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/04 20:34:41.0851 7956 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/04 20:34:41.0867 7956 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/08/04 20:34:41.0883 7956 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/08/04 20:34:41.0899 7956 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/04 20:34:41.0915 7956 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/04 20:34:41.0931 7956 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/04 20:34:41.0946 7956 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/04 20:34:41.0973 7956 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/04 20:34:41.0988 7956 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/04 20:34:42.0010 7956 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/04 20:34:42.0025 7956 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/04 20:34:42.0041 7956 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/04 20:34:42.0057 7956 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/08/04 20:34:42.0072 7956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/04 20:34:42.0090 7956 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/04 20:34:42.0143 7956 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/04 20:34:42.0158 7956 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/04 20:34:42.0179 7956 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/04 20:34:42.0203 7956 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/04 20:34:42.0226 7956 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/04 20:34:42.0243 7956 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/04 20:34:42.0258 7956 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/04 20:34:42.0273 7956 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/04 20:34:42.0292 7956 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/04 20:34:42.0309 7956 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/04 20:34:42.0324 7956 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/04 20:34:42.0339 7956 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/04 20:34:42.0354 7956 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/04 20:34:42.0369 7956 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/04 20:34:42.0387 7956 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/04 20:34:42.0402 7956 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/04 20:34:42.0419 7956 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/04 20:34:42.0438 7956 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/04 20:34:42.0454 7956 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/04 20:34:42.0470 7956 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/04 20:34:42.0491 7956 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/04 20:34:42.0516 7956 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/04 20:34:42.0531 7956 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/04 20:34:42.0549 7956 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/04 20:34:42.0566 7956 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/04 20:34:42.0589 7956 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/04 20:34:42.0762 7956 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/04 20:34:42.0783 7956 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/04 20:34:42.0803 7956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/04 20:34:42.0829 7956 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/04 20:34:42.0844 7956 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/04 20:34:42.0859 7956 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/04 20:34:42.0874 7956 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/04 20:34:42.0894 7956 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/04 20:34:42.0909 7956 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/04 20:34:42.0925 7956 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/04 20:34:42.0948 7956 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/04 20:34:42.0973 7956 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/04 20:34:42.0992 7956 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/04 20:34:43.0009 7956 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/04 20:34:43.0029 7956 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/04 20:34:43.0044 7956 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/04 20:34:43.0062 7956 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/04 20:34:43.0079 7956 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/04 20:34:43.0094 7956 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/04 20:34:43.0147 7956 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/08/04 20:34:43.0185 7956 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/04 20:34:43.0206 7956 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/04 20:34:43.0224 7956 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/04 20:34:43.0239 7956 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/04 20:34:43.0255 7956 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/04 20:34:43.0270 7956 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/04 20:34:43.0295 7956 tosporte (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys
2011/08/04 20:34:43.0312 7956 tosrfbd (1b09357180034639e62cf745e77ac66e) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/08/04 20:34:43.0329 7956 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) C:\Windows\system32\Drivers\tosrfcom.sys
2011/08/04 20:34:43.0345 7956 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/08/04 20:34:43.0360 7956 Tosrfusb (fc88baf46ff87d2bc80f8b0f0322d84a) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/08/04 20:34:43.0382 7956 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/04 20:34:43.0397 7956 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/04 20:34:43.0427 7956 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/04 20:34:43.0447 7956 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/04 20:34:43.0464 7956 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/04 20:34:43.0488 7956 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/04 20:34:43.0502 7956 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/04 20:34:43.0517 7956 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/04 20:34:43.0539 7956 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/08/04 20:34:43.0554 7956 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/04 20:34:43.0569 7956 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/04 20:34:43.0584 7956 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/04 20:34:43.0602 7956 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/04 20:34:43.0618 7956 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/04 20:34:43.0760 7956 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/04 20:34:43.0794 7956 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/04 20:34:43.0814 7956 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/04 20:34:43.0837 7956 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/04 20:34:43.0861 7956 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/04 20:34:43.0879 7956 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/04 20:34:43.0894 7956 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/04 20:34:43.0925 7956 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/04 20:34:43.0940 7956 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/04 20:34:43.0957 7956 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/04 20:34:43.0972 7956 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/04 20:34:43.0988 7956 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/04 20:34:44.0005 7956 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/04 20:34:44.0024 7956 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/04 20:34:44.0040 7956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/04 20:34:44.0057 7956 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/04 20:34:44.0078 7956 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/04 20:34:44.0102 7956 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/04 20:34:44.0110 7956 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/04 20:34:44.0137 7956 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/04 20:34:44.0156 7956 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/04 20:34:44.0188 7956 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/04 20:34:44.0204 7956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/04 20:34:44.0245 7956 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/04 20:34:44.0272 7956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/04 20:34:44.0290 7956 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/04 20:34:44.0313 7956 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/04 20:34:44.0330 7956 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/04 20:34:44.0348 7956 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/08/04 20:34:44.0363 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4
2011/08/04 20:34:44.0371 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/04 20:34:44.0389 7956 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/04 20:34:44.0394 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
2011/08/04 20:34:44.0402 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
2011/08/04 20:34:44.0409 7956 Boot (0x1200) (e795ba1a26af9c89c2b086c9d90ba327) \Device\Harddisk4\DR4\Partition0
2011/08/04 20:34:44.0417 7956 Boot (0x1200) (aa0a52ff5db0b76a06b600298062d16f) \Device\Harddisk4\DR4\Partition1
2011/08/04 20:34:44.0424 7956 Boot (0x1200) (eead019adffbdb04d94dc9df320699c9) \Device\Harddisk0\DR0\Partition0
2011/08/04 20:34:44.0432 7956 Boot (0x1200) (2308a7c95d10fa389564e041e815facc) \Device\Harddisk0\DR0\Partition1
2011/08/04 20:34:44.0439 7956 Boot (0x1200) (88df8d98aafd640c1d0918b687c40652) \Device\Harddisk0\DR0\Partition2
2011/08/04 20:34:44.0447 7956 Boot (0x1200) (726a5c88fb32c7cc10fc46beeb135eff) \Device\Harddisk1\DR1\Partition0
2011/08/04 20:34:44.0454 7956 Boot (0x1200) (d61bd1df01fee8e1e05d6a9e8678ec90) \Device\Harddisk2\DR2\Partition0
2011/08/04 20:34:44.0461 7956 Boot (0x1200) (d649be7cff75594cc3b00d17b290205f) \Device\Harddisk2\DR2\Partition1
2011/08/04 20:34:44.0469 7956 Boot (0x1200) (922a827766f8a88c96acf12dffe7d5d8) \Device\Harddisk2\DR2\Partition2
2011/08/04 20:34:44.0476 7956 Boot (0x1200) (a3ffea386b74d411e3169f4bc8e2489e) \Device\Harddisk3\DR3\Partition0
2011/08/04 20:34:44.0481 7956 ================================================================================
2011/08/04 20:34:44.0481 7956 Scan finished
2011/08/04 20:34:44.0481 7956 ================================================================================
2011/08/04 20:34:44.0487 8036 Detected object count: 0
2011/08/04 20:34:44.0487 8036 Actual detected object count: 0

Now for the OTL extras:
OTL Extras logfile created on: 04/08/2011 20:37:11 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Rob\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 63.40% Memory free
11.98 Gb Paging File | 9.47 Gb Available in Paging File | 79.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 7.40 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1658.76 Gb Free Space | 89.04% Space Free | Partition Type: NTFS
Drive F: | 362.11 Gb Total Space | 56.49 Gb Free Space | 15.60% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 44.19 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
Drive I: | 58.50 Gb Total Space | 4.35 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive K: | 429.69 Gb Total Space | 10.90 Gb Free Space | 2.54% Space Free | Partition Type: NTFS
Drive Q: | 58.50 Gb Total Space | 10.61 Gb Free Space | 18.13% Space Free | Partition Type: NTFS
Drive S: | 976.56 Gb Total Space | 125.75 Gb Free Space | 12.88% Space Free | Partition Type: NTFS
Drive T: | 443.23 Gb Total Space | 4.53 Gb Free Space | 1.02% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java™ 6 Update 25 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8882ED04-FE2B-478C-AF10-E7BE2A3C7AD4}" = Intel® Network Connections 15.0.4.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel® Network Connections 15.0.4.0
"Q-Dir" = Q-Dir
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D171001-4ECE-44C6-A6F6-AE7884BBD480}" = Quality Capture
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1877EB02-A6F4-AD88-EF4B-CC0AA2BBE061}" = Zoodles
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{6567F265-62EC-4BA9-9629-6B483B608854}" = SmarterMail Sync for Outlook 2003 and above
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BCDA7B81-D35B-4D72-8266-6BAB9383CF2B}" = Readon TV Movie Radio Player 7.3.0.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCDA9BAE-9EDD-4633-8CDC-9C9DE7204755}" = DVB World
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6633044-F22B-46FC-BC8F-3838CA791A7C}" = DriveHQ FileManager 5.0
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1
"Ashampoo Cover Studio 2_is1" = Ashampoo Cover Studio 2.2.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1" = Zoodles
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"HTC Home Apis" = HTC Home Apis
"Inkscape" = Inkscape 0.48.1
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Outlook Express Backup Restore_is1" = Outlook Express Backup Restore
"PhotoPad" = PhotoPad Image Editor
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2011 19:47:03 | Computer Name = Rob-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 30/07/2011 20:56:24 | Computer Name = Rob-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 30/07/2011 20:56:27 | Computer Name = Rob-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2011 03:16:39 | Computer Name = Rob-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 31/07/2011 04:35:53 | Computer Name = Rob-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 01/08/2011 20:22:30 | Computer Name = Rob-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 01/08/2011 20:22:34 | Computer Name = Rob-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 02/08/2011 20:41:35 | Computer Name = Rob-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 02/08/2011 20:41:38 | Computer Name = Rob-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 04/08/2011 05:46:32 | Computer Name = Rob-PC | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

[ Media Center Events ]
Error - 30/06/2011 21:31:55 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 02:31:55 - Error connecting to the internet. 02:31:55 - Unable
to contact server..

Error - 30/06/2011 21:32:32 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 02:32:24 - Error connecting to the internet. 02:32:24 - Unable
to contact server..

Error - 30/06/2011 22:33:04 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 03:33:04 - Error connecting to the internet. 03:33:04 - Unable
to contact server..

Error - 30/06/2011 22:33:40 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 03:33:33 - Error connecting to the internet. 03:33:33 - Unable
to contact server..

Error - 30/06/2011 23:34:11 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 04:34:11 - Error connecting to the internet. 04:34:11 - Unable
to contact server..

Error - 30/06/2011 23:34:44 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 04:34:40 - Error connecting to the internet. 04:34:40 - Unable
to contact server..

Error - 01/07/2011 00:35:15 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 05:35:15 - Error connecting to the internet. 05:35:15 - Unable
to contact server..

Error - 01/07/2011 00:35:49 | Computer Name = Rob-PC | Source = MCUpdate | ID = 0
Description = 05:35:44 - Error connecting to the internet. 05:35:44 - Unable
to contact server..

[ System Events ]
Error - 03/08/2011 17:33:34 | Computer Name = Rob-PC | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
the server reached the configured limit for nonpaged pool allocations.

Error - 03/08/2011 17:34:34 | Computer Name = Rob-PC | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
the server reached the configured limit for nonpaged pool allocations.

Error - 03/08/2011 17:35:34 | Computer Name = Rob-PC | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
the server reached the configured limit for nonpaged pool allocations.

Error - 04/08/2011 13:34:38 | Computer Name = Rob-PC | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
the server reached the configured limit for nonpaged pool allocations.

Error - 04/08/2011 13:35:38 | Computer Name = Rob-PC | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
the server reached the configured limit for nonpaged pool allocations.

Error - 04/08/2011 13:36:38 | Computer Name = Rob-PC | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
the server reached the configured limit for nonpaged pool allocations.

Error - 04/08/2011 15:21:02 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7034
Description = The ASUS System Control Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/08/2011 15:26:09 | Computer Name = Rob-PC | Source = DCOM | ID = 10010
Description =

Error - 04/08/2011 15:27:12 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
Description = The NPVR Recording Service service failed to start due to the following
error: %%2

Error - 04/08/2011 15:27:13 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DVBNet


< End of report >

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:15 AM

Posted 04 August 2011 - 04:07 PM

Hi again Roblarkin!!.. :)

Thanks for the upload!!..

That looks better - tell me what problem remains...

Also, please do the following:

Firstly,
One optional program to remove: Ask Toolbar - bundled with many third party applications, I recommend you uninstall it, see here for more information: Products with Ask Toolbar, your choice...

Secondly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 25 (64-bit)
Java™ 6 Update 24


Then,
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 7".
  • Click the Download button under "JRE".
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-7-windows-i586.exe to download an offline installer for Windows x86. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.

If you wish to use Java on a 64bit browser as well, you can also download and install a version for a Windows x64 system...

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Thirdly,
Update and run an Eset online scan:
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 Roblarkin

Roblarkin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 05 August 2011 - 01:34 AM

Thanks for everything so far. I had to sleep last night some really long days at work lately.
I have yet to check the redirect on google or do any of the updates as yet. I will do as soon as i can today though.
The only thing I have checked is Microsoft security essentials and it still won't start up. A window pops up saying 'The windows security service cant be started'

will be back from work after dinner and will proceed with updates etc.

Many thanks
Rob

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:15 AM

Posted 05 August 2011 - 04:28 AM

Hi again Rob!!.. :)

No problem, perform the updates when you have some free time...

The only thing I have checked is Microsoft security essentials and it still won't start up. A window pops up saying 'The windows security service cant be started'

Yep, please try this:

Run services.msc - refer to this tutorial: How to Start or Disable Services in Windows 7

Scroll down to the Windows Security Service, right-click it and choose Properties, change the "Startup type" to: Automatic (Delayed Start); confirm by clicking Apply and OK...

Then, do the same for the Microsoft Antimalware Service, but choose the "Startup type" to: Automatic ... Reboot then...
Check if problem remains after a reboot...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 Roblarkin

Roblarkin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 05 August 2011 - 05:22 AM

One big big big Thank you.. so far all seems ok but haven't had chance to test the redirect as such. Microsoft security essentials is now operational though. I had to enable security service as windows security service did not exist in the list (minor I know but may be worth noting for the inexperianced users)
The ESET report is as follows:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=9625a1308f6343468469ccfe45c51402
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-05 09:31:56
# local_time=2011-08-05 10:31:56 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10251478 64998655 0 0
# compatibility_mode=8192 67108863 100 0 1339524 1339524 0 0
# scanned=260923
# found=3
# cleaned=3
# scan_time=3111
F:\downloads\OPERATING SYSTEMS\Autodesk AutoCAD 2010 [64-bit]\AAC2010_Keygen-64bits.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Web Downloads\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
S:\PUBLIC TRACKERS\CyberLink.PowerCinema.v6.0.3316.Multilingual.Incl.Keymaker-CORE\keygen.exe probably a variant of Win32/Agent.EYYMVHV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I must add that I will most definately be recomending this website as it has a vast amount of reliable information and should help prevent infections for most people. I for one have already added this site to my most frequently visited.
Could you please do me one last favour and leave topic open for a few days which will give me time to prove the redirect has gone forever over the weekend and I will respond with an update thereafter.

Once again I can't thank you and your team enough,
One very happy surfer!

Kindest regards
Rob.

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:15 AM

Posted 05 August 2011 - 06:28 AM

Hi again Rob!!.. :)

Thank you for your very kind words!!.. :thumbup2:

I had to enable security service as windows security service did not exist in the list (minor I know but may be worth noting for the inexperianced users)

Might be - I do have a Polish version of Windows and I do not always remember some things right... :) (Security Center)

Could you please do me one last favour and leave topic open for a few days which will give me time to prove the redirect has gone forever over the weekend and I will respond with an update thereafter.

No problem... :) Just update me with the information in a few days...

Once you make sure the problem with the redirects is gone, I'll give you the last set of instructions...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 Roblarkin

Roblarkin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 08 August 2011 - 02:36 AM

:thumbsup: Big thanks all seems well now no redirects at all :thumbsup:
I have managed all the updates but have been unsucessful removing the asktoolbar! the hyperlink regarding the asktoolbar won't load page? any further advice on this would be a great help as I don't really want it!
Thanks again
Rob :thumbup2:

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:15 AM

Posted 08 August 2011 - 04:16 AM

Hi again Rob!!.. :)

I'm glad to see that the problem with redirects is gone now!!.. :thumbup2:

I have managed all the updates but have been unsucessful removing the asktoolbar! the hyperlink regarding the asktoolbar won't load page? any further advice on this would be a great help as I don't really want it!

Maybe it was a temporary problem, as I can load that page without any problems: Products with Ask Toolbar

Quoting from it:

Privacy Issue
Ask.com Search Assistant or Ask.com Toolbar if in use by people will send/receive data from the following third party domains:
othersonline.com
ad.doubleclick.net
media.adrevolver.com
everesttech.net
All these is not in the EULA of Ask.com Search or Toolbar
Note: Search/Toolbar of Google, Yahoo and Windows Live do not have to do what Ask.com is doing when using their search engine.
This is documented by me here and here.


I just recommend you uninstall Ask Toolbar from Start -> Control Panel -> Programs and Features...

I noticed some crack/keygen detections by ESET online scanner - I cannot tell if this particular infection got into your system in this way (by running a crack/keygen), but using pirated software often leads to getting your computer infected... So, please be careful in the future...

Since no problem remains, please perform the last set of instructions:

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 Roblarkin

Roblarkin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 09 August 2011 - 12:20 PM

Sorry for delay in replying, been a bit ill last couple of days!! + :wacko:
I have now completed all items as desribed above. BIG BIG THANK YOU :thumbup2: :thumbup2: :thumbup2:
I know there were a couple of keygens lurking around :whistle: but they were not the cause of infection. I am very cautious and have not been infected in over 6 yrs then this one which I couldn't resolve without your expertise :clapping:
I will be keeping a close eye on this site as mentioned before and for all those reading this currently looking for help, be patient the response is worth it, very helpful and informative. Listen hard, follow instructions and all should be well soon enough.
Anyway enough of my blabber...
BIG THANKS
I'm off to surf knowing I am clean :busy:
:thumbup2: :thumbup2: :thumbup2:

Rob

#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:15 AM

Posted 09 August 2011 - 02:49 PM

BIG BIG THANK YOU :thumbup2:

Thank you for your very kind words, Rob!!.. :)

-------------------

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users