OTL logfile created on: 18/8/12 15:08:41 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jolemac\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: d/M/yy 1013.68 Mb Total Physical Memory | 84.34 Mb Available Physical Memory | 8.32% Memory free 2.24 Gb Paging File | 0.79 Gb Available in Paging File | 35.11% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51.01 Gb Total Space | 13.24 Gb Free Space | 25.96% Space Free | Partition Type: NTFS Drive D: | 51.01 Gb Total Space | 31.04 Gb Free Space | 60.85% Space Free | Partition Type: NTFS Computer Name: JOLEMAC-PC | User Name: Jolemac | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/08/18 07:48:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jolemac\Downloads\OTL (1).exe PRC - [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2012/07/29 20:52:20 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2012/07/15 10:32:46 | 000,230,240 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008/01/19 08:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007/07/12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/06/28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007/06/13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007/06/13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007/04/23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/08/14 05:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll MOD - [2012/08/14 05:30:58 | 012,235,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll MOD - [2012/08/14 05:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll MOD - [2012/08/14 05:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avutil-51.dll MOD - [2012/08/14 05:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avformat-54.dll MOD - [2012/08/14 05:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll MOD - [2012/07/31 18:59:17 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012/08/14 21:38:49 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2012/07/15 10:32:46 | 000,230,240 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS) SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007/07/12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007/06/28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007/06/13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007/06/13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007/04/23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5233CEC1-AD15-4151-B279-F3BBB4179DD1}\MpKsl8801e1bf.sys -- (MpKsl8801e1bf) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Jolemac\AppData\Local\Temp\axlirfow.sys -- (axlirfow) DRV - [2012/08/17 22:48:50 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120817.034\NAVEX15.SYS -- (NAVEX15) DRV - [2012/08/17 22:48:49 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120817.034\NAVENG.SYS -- (NAVENG) DRV - [2012/08/17 22:18:07 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/08/17 06:13:58 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120817.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/08/08 18:56:14 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020) DRV - [2012/08/03 01:44:00 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120803.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/07/31 18:59:17 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso) DRV - [2012/07/29 20:52:38 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2012/07/29 20:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2012/07/29 20:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2012/07/03 17:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/07/03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/07/03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/07/03 17:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/07/03 17:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012/07/03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/08/08 16:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS) DRV - [2011/08/02 19:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys -- (SRTSP) DRV - [2011/08/02 19:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys -- (SRTSPX) DRV - [2011/07/28 20:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys -- (SymEFA) DRV - [2011/07/25 19:18:40 | 000,344,184 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\symtdiv.sys -- (SYMTDIv) DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys -- (SymDS) DRV - [2011/07/25 19:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys -- (SymIRON) DRV - [2007/07/27 09:25:46 | 000,974,248 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2007/05/02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007/03/02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006/11/29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/11/02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{11111111-22222-3333-4444-5555555}: "URL" = http://www.talktalk.co.uk/search/results.html?query={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{DBB19E91-F4F0-4659-BA4A-4F2C0A25C024}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{F2BD910E-A3FA-4EC1-87F1-377159C5575F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=QK&apn_dtid=YYYYYYYYGB&apn_uid=D05FAED6-8657-4E8A-A879-D0417D56095D&apn_sauid=8ACBAF1D-94D2-4EC5-BC34-DDEC896ED5DA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/16 21:49:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/08/17 22:24:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/08/18 06:55:09 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: avast! WebRep = C:\Users\Jolemac\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032421FE-0C06-4153-95B0-173E7C4A69BD}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032421FE-0C06-4153-95B0-173E7C4A69BD}: NameServer = 8.8.8.8,8.8.8.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51AAAB4A-E300-44E2-9C3F-A57F40413355}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A429402B-03DB-4CEE-A797-E29AFF18F735}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDD5A48A-5FA0-4CD7-86AB-655250868450}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDFFA2BE-DEF6-4FF0-BF0D-34D99B518C87}: DhcpNameServer = 192.168.1.1 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{969f3130-ce5e-11e1-aeb6-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{969f3130-ce5e-11e1-aeb6-000000000000}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/08/17 22:18:12 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012/08/17 22:10:56 | 000,897,656 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys [2012/08/17 22:10:56 | 000,344,184 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\symtdiv.sys [2012/08/17 22:10:56 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys [2012/08/17 22:10:56 | 000,314,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys [2012/08/17 22:10:56 | 000,031,864 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys [2012/08/17 22:10:55 | 000,566,904 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys [2012/08/17 22:10:55 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys [2012/08/17 22:10:54 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys [2012/08/17 22:06:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1301000.01C [2012/08/17 22:06:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2012/08/17 22:05:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012/08/17 22:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2012/08/17 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2012/08/16 21:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2012/08/16 21:33:55 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\Desktop\Adobe Acrobat X [2012/08/16 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Local\Akamai [2012/08/16 19:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012/08/16 19:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012/08/16 19:28:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012/08/15 22:57:29 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Roaming\Malwarebytes [2012/08/15 22:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/15 22:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/15 22:57:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/08/15 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/08/11 09:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/08/11 09:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/08/09 21:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/08/09 20:46:29 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Local\Google [2012/08/09 20:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/08/09 20:46:04 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012/08/09 20:46:04 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012/08/09 20:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012/08/09 20:45:57 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012/08/09 20:45:56 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012/08/09 20:45:55 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012/08/09 20:45:50 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012/08/09 20:42:50 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012/08/09 20:42:46 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012/08/09 20:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/08/09 20:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/08/05 18:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FilesOpened [2012/08/05 18:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RegWork [2012/08/05 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/08/05 18:02:46 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesOpened [2012/08/05 18:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FilesOpened [2012/08/05 18:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Files Opened [2012/08/05 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BackUpDutyLite [2012/08/05 18:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\BackUpDutyLite [2012/08/05 18:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork [2012/08/05 13:37:09 | 000,000,000 | ---D | C] -- C:\ConvertTemp [2012/08/05 13:36:48 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\Documents\My Art [2012/08/05 13:30:09 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Roaming\Samsung [2012/08/05 13:02:24 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys [2012/08/05 13:02:24 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys [2012/08/05 13:02:24 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys [2012/08/05 13:02:24 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys [2012/08/05 13:02:23 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys [2012/08/05 13:02:23 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys [2012/08/05 13:02:23 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys [2012/08/05 12:35:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2012/08/05 12:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung PC Studio 3 [2012/08/05 12:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2012/08/04 00:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\NTI-Shadow [2012/08/03 23:51:27 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Local\ElevatedDiagnostics [2012/07/31 18:58:17 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\AppData\Local\Trusteer [2012/07/31 18:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport [2012/07/31 18:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer [2012/07/31 18:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer [2012/07/29 20:52:38 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2012/07/26 23:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy [2012/07/23 22:15:27 | 000,000,000 | ---D | C] -- C:\Users\Jolemac\Documents\CyberLink [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/08/18 15:25:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/18 14:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/18 14:43:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/18 14:29:38 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/18 14:29:37 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/18 07:15:58 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301000.01C\VT20120731.039 [2012/08/18 06:50:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/18 06:49:09 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 22:23:37 | 002,012,682 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Cat.DB [2012/08/17 22:18:07 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012/08/17 22:18:07 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012/08/17 22:18:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012/08/17 22:14:50 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/08/17 21:45:49 | 000,371,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/08/16 21:50:32 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012/08/16 20:52:16 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/08/15 22:57:17 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/15 20:01:58 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/11 10:23:27 | 000,003,584 | ---- | M] () -- C:\Users\Jolemac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/11 09:52:58 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/08/09 23:00:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Regwork.job [2012/08/09 21:27:54 | 000,001,959 | ---- | M] () -- C:\Users\Jolemac\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/08/09 20:46:08 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/08/09 20:45:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt [2012/08/08 23:18:03 | 000,000,174 | ---- | M] () -- C:\Users\Jolemac\Desktop\Geeks to Go! – Free help from tech experts.url [2012/08/05 22:55:18 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\BackupDutyLite.job [2012/08/05 14:15:22 | 000,000,004 | ---- | M] () -- C:\Users\Jolemac\Documents\_UnqiueId.dat [2012/08/05 14:01:31 | 000,135,168 | ---- | M] () -- C:\Users\Jolemac\Documents\Store(b8991e3ea4c453f4ec9e8e7126874a14e9effa07).hds [2012/08/05 14:01:30 | 000,000,000 | ---- | M] () -- C:\Users\Jolemac\Documents\Metadata.xml [2012/08/05 13:24:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2012/08/05 13:23:29 | 000,001,933 | ---- | M] () -- C:\Users\Jolemac\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk [2012/08/05 12:31:05 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk [2012/07/29 20:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2012/07/25 22:38:57 | 000,000,179 | ---- | M] () -- C:\Users\Jolemac\Desktop\YouTube home.url [2012/07/23 23:14:52 | 000,000,115 | ---- | M] () -- C:\Users\Jolemac\Desktop\Welcome to IKEA United Kingdom.url [2012/07/23 22:12:29 | 000,000,178 | ---- | M] () -- C:\Users\Jolemac\Desktop\YouTube mp3.url [2012/07/23 21:50:39 | 000,000,128 | ---- | M] () -- C:\Users\Jolemac\Desktop\WLoH.url [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/08/18 07:18:09 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\VT20120731.039 [2012/08/17 22:21:22 | 002,012,682 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Cat.DB [2012/08/17 22:18:12 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012/08/17 22:18:12 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012/08/17 22:14:50 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/08/17 22:08:57 | 000,003,433 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.inf [2012/08/17 22:08:57 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.inf [2012/08/17 22:08:57 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNetV.inf [2012/08/17 22:08:57 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNet.inf [2012/08/17 22:08:57 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.inf [2012/08/17 22:08:57 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.inf [2012/08/17 22:08:57 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.inf [2012/08/17 22:08:57 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Iron.inf [2012/08/17 22:07:08 | 000,002,801 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymVTcer.dat [2012/08/17 22:06:59 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\symnetv.cat [2012/08/17 22:06:59 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNet.cat [2012/08/17 22:06:57 | 000,007,498 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.cat [2012/08/17 22:06:57 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.cat [2012/08/17 22:06:56 | 000,007,496 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.cat [2012/08/17 22:06:56 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.cat [2012/08/17 22:06:56 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\iron.cat [2012/08/17 22:06:55 | 000,007,510 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.cat [2012/08/17 22:06:55 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\isolate.ini [2012/08/16 21:50:32 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012/08/16 21:50:30 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2012/08/16 21:50:30 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2012/08/15 22:57:17 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/11 10:23:20 | 000,003,584 | ---- | C] () -- C:\Users\Jolemac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/11 09:52:58 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/08/09 21:00:44 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/09 21:00:44 | 000,001,959 | ---- | C] () -- C:\Users\Jolemac\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/08/09 20:47:01 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/09 20:46:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/09 20:46:08 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/08/09 20:45:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\config.nt [2012/08/08 23:18:02 | 000,000,174 | ---- | C] () -- C:\Users\Jolemac\Desktop\Geeks to Go! – Free help from tech experts.url [2012/08/05 22:54:10 | 000,371,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012/08/05 18:03:47 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\Regwork.job [2012/08/05 18:02:35 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\BackupDutyLite.job [2012/08/05 14:15:22 | 000,000,004 | ---- | C] () -- C:\Users\Jolemac\Documents\_UnqiueId.dat [2012/08/05 14:01:30 | 000,135,168 | ---- | C] () -- C:\Users\Jolemac\Documents\Store(b8991e3ea4c453f4ec9e8e7126874a14e9effa07).hds [2012/08/05 14:01:30 | 000,000,000 | ---- | C] () -- C:\Users\Jolemac\Documents\Metadata.xml [2012/08/05 13:24:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012/08/05 13:23:29 | 000,001,933 | ---- | C] () -- C:\Users\Jolemac\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk [2012/08/05 12:32:33 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2012/08/05 12:31:05 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk [2012/07/23 23:14:52 | 000,000,115 | ---- | C] () -- C:\Users\Jolemac\Desktop\Welcome to IKEA United Kingdom.url [2012/07/23 21:50:39 | 000,000,128 | ---- | C] () -- C:\Users\Jolemac\Desktop\WLoH.url [2012/06/01 22:02:55 | 000,008,627 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012/05/19 19:40:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012/05/19 19:40:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012/05/19 19:13:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012/05/11 21:45:15 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini [color=#E56717]========== LOP Check ==========[/color] [2012/08/05 13:30:09 | 000,000,000 | ---D | M] -- C:\Users\Jolemac\AppData\Roaming\Samsung [2006/06/01 19:52:30 | 000,000,000 | ---D | M] -- C:\Users\Jolemac\AppData\Roaming\TalkTalk [2012/08/05 22:55:18 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\BackupDutyLite.job [2012/08/09 23:00:01 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Regwork.job [2012/08/17 23:37:28 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2009/07/15 17:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2012/05/12 00:50:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2012/05/12 00:50:01 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2012/05/12 00:50:00 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2012/05/12 09:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2012/05/12 09:47:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2012/05/12 00:50:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] < End of report >