Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Getting high CPU usage message for vic.exe

Started by Geekimnot , Aug 30 2011 06:23 AM

  • Please log in to reply

#1
Geekimnot
Posted 30 August 2011 - 06:23 AM

Geekimnot

    Member

  • Member
  • PipPipPip
  • 280 posts
Hi again,

Another problem.

I am getting a high CPU vic.exe usage message and the computer slows down badly.

I have run the OTL program and get the following log

Can anyone advise me what to do ??

Thankd,
Ian Aitken

OTL logfile created on: 30/08/2011 12:50:05 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = L:\Latest\29 Aug
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 0.44 Gb Available Physical Memory | 15.00% Memory free
6.14 Gb Paging File | 2.52 Gb Available in Paging File | 41.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 160.73 Gb Free Space | 55.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.46 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 255.52 Gb Free Space | 85.72% Space Free | Partition Type: NTFS
Drive L: | 111.79 Gb Total Space | 35.85 Gb Free Space | 32.07% Space Free | Partition Type: NTFS

Computer Name: HIGHTORQUEUK-PC | User Name: Hightorque UK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/30 12:49:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- L:\Latest\29 Aug\OTL.com
PRC - [2011/08/27 08:10:53 | 003,140,608 | ---- | M] (Gruss Software Ltd) -- C:\Program Files\Betting Assistant\Betting Assistant.exe
PRC - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/08/19 11:53:52 | 002,686,976 | ---- | M] (1Million Ltd) -- C:\Program Files\TSM_ian\TheStakingMachine.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/03/16 16:18:28 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/03/16 16:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/26 10:00:32 | 002,836,656 | ---- | M] (SpeedBit Ltd.) -- C:\Programs\DAP\DAP.exe
PRC - [2010/08/25 14:41:52 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/08/25 14:41:52 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/03/31 12:40:14 | 000,054,608 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2010/03/31 12:36:43 | 000,033,792 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2010/02/10 14:19:09 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1255507870\ee\aolsoftware.exe
PRC - [2009/09/22 16:24:22 | 000,135,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/19 07:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/19 07:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/08/15 17:53:36 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtserv.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/05/08 06:24:04 | 004,483,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Virtual PC\Virtual PC.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2008/01/21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/07/17 16:59:16 | 000,094,208 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SmartStamp.EXE
PRC - [2006/07/17 16:58:58 | 000,053,248 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBSINGLE.EXE
PRC - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
PRC - [2005/06/02 17:03:08 | 001,957,888 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\Nero BackItUp\NBJ.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 07:25:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/11 07:22:33 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
MOD - [2011/08/11 07:22:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 07:22:25 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/11 07:21:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/11 07:20:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 07:20:06 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/11 07:19:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/11 07:19:39 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
MOD - [2011/08/11 07:18:12 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 06:52:30 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/08/11 06:50:19 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/04/20 15:03:19 | 000,053,248 | ---- | M] () -- C:\Programs\DAP\zlib.dll
MOD - [2009/10/22 21:04:27 | 000,090,112 | ---- | M] () -- C:\Program Files\AOL 9.1\components\Tier2Svc.dll
MOD - [2009/10/22 21:04:18 | 000,061,440 | ---- | M] () -- C:\Program Files\AOL 9.1\components\DataSvcs.dll
MOD - [2009/10/14 16:33:53 | 000,278,528 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBSAPPLI.DLL
MOD - [2009/10/14 16:33:53 | 000,098,304 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKACS.DLL
MOD - [2009/10/14 16:33:53 | 000,057,344 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSLOG.DLL
MOD - [2009/10/14 16:33:51 | 000,200,704 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SSSSECUR.DLL
MOD - [2009/10/14 16:33:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKWC.DLL
MOD - [2009/09/22 16:24:42 | 000,074,259 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2009/09/22 16:24:40 | 001,201,171 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2009/09/22 16:24:40 | 001,189,907 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,350,739 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,251,411 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,059,923 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvout_directx_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,047,635 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvcd_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,043,539 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,037,395 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,034,323 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,029,203 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,028,179 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,028,179 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2009/09/22 16:24:40 | 000,028,179 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtrivial_resampler_plugin.dll
MOD - [2009/09/22 16:24:38 | 002,448,403 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2009/09/22 16:24:38 | 000,725,011 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2009/09/22 16:24:38 | 000,121,363 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2009/09/22 16:24:38 | 000,032,787 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2009/09/22 16:24:38 | 000,031,763 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2009/09/22 16:24:38 | 000,031,251 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2009/09/22 16:24:38 | 000,029,715 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2009/09/22 16:24:38 | 000,028,691 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2009/09/22 16:24:36 | 009,608,211 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2009/09/22 16:24:36 | 000,217,619 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2009/09/22 16:24:36 | 000,128,531 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2009/09/22 16:24:36 | 000,096,275 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2009/09/22 16:24:36 | 000,033,299 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2009/09/22 16:24:34 | 001,753,107 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,148,499 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,134,163 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,070,675 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,051,731 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,047,123 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,046,099 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,043,539 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,035,859 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,034,835 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,034,323 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,034,323 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,031,251 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,030,739 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,030,739 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,030,227 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,030,227 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,029,715 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_ymga_mmx_plugin.dll
MOD - [2009/09/22 16:24:34 | 000,028,179 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_ymga_plugin.dll
MOD - [2009/09/22 16:24:32 | 001,755,667 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,309,267 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,283,155 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,216,595 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,195,603 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,173,587 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,053,779 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,052,755 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,045,075 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,042,003 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libconverter_float_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,034,323 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,034,323 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,030,739 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,030,739 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,029,715 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,029,203 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,029,203 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,029,203 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2009/09/22 16:24:32 | 000,028,691 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2009/09/22 16:24:30 | 005,188,627 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2009/09/22 16:24:28 | 000,075,795 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libasf_plugin.dll
MOD - [2009/09/22 16:24:28 | 000,043,539 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2009/09/22 16:24:28 | 000,041,491 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2009/09/22 16:24:26 | 000,031,251 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll
MOD - [2009/09/22 16:24:26 | 000,030,739 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2009/09/22 16:24:26 | 000,030,227 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_file_plugin.dll
MOD - [2009/09/22 16:24:24 | 002,132,499 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2009/09/22 16:24:24 | 000,114,195 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2009/09/22 16:24:24 | 000,073,747 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2009/09/22 16:24:24 | 000,064,019 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2009/09/22 16:24:24 | 000,032,787 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2009/09/22 16:24:24 | 000,031,763 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll
MOD - [2009/09/22 16:24:24 | 000,028,179 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2009/09/22 16:24:22 | 001,784,219 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\axvlc.dll
MOD - [2009/09/22 16:24:22 | 000,135,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/14 06:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/26 06:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/08/15 17:54:08 | 000,147,456 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtprpr.dll
MOD - [2008/08/15 17:54:06 | 000,143,360 | ---- | M] () -- C:\Windows\System32\dldtjswr.dll
MOD - [2008/08/15 17:53:32 | 000,811,008 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtptpc.dll
MOD - [2008/08/15 17:53:28 | 003,964,928 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtprpb.dll
MOD - [2008/08/15 17:53:26 | 000,851,968 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtprp.dll
MOD - [2008/08/15 17:53:02 | 000,148,992 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtdrui.dll
MOD - [2008/08/15 17:53:00 | 000,195,072 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtdr.dll
MOD - [2008/08/15 17:52:56 | 000,335,872 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtcomx.dll
MOD - [2008/08/15 17:52:50 | 000,077,906 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtcfg.dll
MOD - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
MOD - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
MOD - [2008/05/26 02:05:20 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.core.dll
MOD - [2008/05/26 02:05:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.common.dll
MOD - [2008/05/26 02:04:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
MOD - [2008/03/18 17:05:06 | 000,782,336 | ---- | M] () -- C:\Program Files\Dell V305\dldtdrs.dll
MOD - [2008/03/18 17:04:20 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V305\dldtscw.dll
MOD - [2008/02/19 17:25:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V305\dldtcaps.dll
MOD - [2008/02/19 17:18:58 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V305\dldtmonr.dll
MOD - [2008/01/31 04:35:02 | 000,520,192 | ---- | M] () -- C:\Windows\System32\dldtutil.dll
MOD - [2008/01/21 21:05:12 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V305\dldtcfg.dll
MOD - [2007/11/22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/11/13 14:13:10 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V305\dldtcnv4.dll
MOD - [2007/08/12 00:20:46 | 000,307,200 | ---- | M] () -- C:\Program Files\TSM_ian\ZedGraph.dll
MOD - [2007/05/29 02:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell V305\dldtdatr.dll
MOD - [2006/10/27 16:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006/07/17 16:59:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SSSESSIO.DLL
MOD - [2006/07/17 16:59:34 | 000,053,248 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SZIPPER.DLL
MOD - [2006/07/17 16:59:30 | 000,081,920 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKEB.DLL
MOD - [2006/07/17 16:59:28 | 000,065,536 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKWAB.DLL
MOD - [2006/07/17 16:59:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKEXL.DLL
MOD - [2006/07/17 16:59:26 | 000,094,208 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKOUT.DLL
MOD - [2006/07/17 16:59:24 | 000,081,920 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKACT.DLL
MOD - [2006/07/17 16:59:24 | 000,073,728 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBKCDO.DLL
MOD - [2006/07/17 16:59:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASBK.DLL
MOD - [2006/07/17 16:59:16 | 000,094,208 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SmartStamp.EXE
MOD - [2006/07/17 16:59:10 | 000,233,472 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBSSTAMP.DLL
MOD - [2006/07/17 16:58:58 | 000,053,248 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBSINGLE.EXE
MOD - [2006/07/17 16:58:38 | 000,106,496 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SWSINCON.DLL
MOD - [2006/07/17 16:58:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBACOLLE.DLL
MOD - [2006/07/17 16:57:38 | 000,376,832 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SMSGDLGS.DLL
MOD - [2006/07/17 16:57:28 | 000,229,376 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SWSREQUE.DLL
MOD - [2006/07/17 16:57:18 | 000,102,400 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSSTORE.DLL
MOD - [2006/07/17 16:56:58 | 000,049,152 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBSBROMA.dll
MOD - [2006/07/17 16:56:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SASADAPT.DLL
MOD - [2006/07/17 16:56:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSEVENT.DLL
MOD - [2006/07/17 16:56:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SWCCOMMU.DLL
MOD - [2006/07/17 16:56:32 | 000,024,576 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSERROR.DLL
MOD - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
MOD - [2006/07/17 16:44:34 | 000,049,152 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBSDIRSV.DLL
MOD - [2006/07/17 16:44:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSREG.DLL
MOD - [2006/07/17 16:43:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBSLGFMT.DLL
MOD - [2006/07/17 16:41:08 | 000,069,632 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SBAPACKE.DLL
MOD - [2006/07/17 16:40:50 | 000,016,384 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SMSG.DLL
MOD - [2004/01/09 21:02:48 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.1\zlib.dll
MOD - [2002/04/22 22:08:37 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.1\xmltok.dll
MOD - [2002/04/22 22:08:27 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.1\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/03/16 16:18:28 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/25 14:41:52 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/01/18 14:21:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/19 07:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/08/15 17:53:36 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/08/23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110828.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/21 10:00:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/08/21 10:00:36 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/16 05:51:16 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110829.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/16 05:51:16 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110829.023\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/03 08:40:01 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/07/28 08:03:09 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 08:03:09 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/23 01:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/10 08:42:16 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/12/31 16:56:38 | 000,177,748 | ---- | M] (Divio Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcam.sys -- (DCamUSBNW802)
DRV - [2009/11/16 04:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/10/21 07:38:35 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/08/26 01:08:51 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/26 18:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/19 08:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 08:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/21 03:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo....19&affID=17160
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 10:20:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/08 10:51:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/08 10:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/08/18 06:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_1_3 [2011/08/30 06:26:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Programs\DAP\DAPFireFox [2010/11/26 10:01:05 | 000,000,000 | ---D | M]

[2010/07/23 11:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hightorque UK\AppData\Roaming\Mozilla\Extensions
[2010/07/23 11:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hightorque UK\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/18 08:05:34 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2011/05/23 10:00:10 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Programs\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Programs\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (SPEEDBIT1 Class) - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files\SpeedBit Toolbar\Toolbar\tbcore3.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programs\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programs\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programs\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programs\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1255507870\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Programs\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &Clean Traces - C:\Programs\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Programs\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Programs\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 12:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tweaker
[2011/08/30 12:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker
[2011/08/25 07:42:02 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\HRB Data
[2011/08/22 08:08:25 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Staking Machine V3.0
[2011/08/21 10:00:36 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/08/19 19:33:03 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\TSMsetup_ian
[2011/08/14 11:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\TSM-BookiebankV2
[2011/08/12 07:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/09 07:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/09 07:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/08/08 15:49:18 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\Pic1.Autumn1961
[2011/08/03 07:43:30 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Staking Machine V3.0_ian
[2011/08/03 07:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\TSM_ian
[2011/08/01 18:20:13 | 000,000,000 | ---D | C] -- C:\Users\Hightorque UK\Documents\TSMsetup
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/02/25 11:38:14 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2008/02/25 11:38:12 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2008/02/25 11:38:12 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms(295).exe
[2008/02/25 11:38:10 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[2008/01/30 11:02:30 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2008/01/30 10:59:24 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2008/01/30 10:57:42 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2008/01/30 10:56:56 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2008/01/30 10:55:14 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2008/01/30 10:54:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2008/01/30 10:54:22 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2008/01/30 10:53:54 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldthcp.dll
[2008/01/30 10:53:32 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2008/01/30 10:53:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2008/01/30 10:52:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/30 13:00:07 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95D5E3F6-1BC2-48DA-87DA-387FB7EB0FB8}.job
[2011/08/30 12:59:27 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1187167D-694A-4D97-9748-C1A6B331311F}.job
[2011/08/30 12:25:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 12:25:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 12:08:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 12:06:21 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2011/08/30 12:05:47 | 000,000,912 | ---- | M] () -- C:\Users\Hightorque UK\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk
[2011/08/30 12:05:47 | 000,000,843 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
[2011/08/30 12:05:46 | 000,000,888 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\Advanced PC Tweaker.lnk
[2011/08/30 11:59:35 | 000,166,400 | ---- | M] () -- C:\Users\Hightorque UK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 06:25:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 06:25:27 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011/08/30 06:25:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 06:24:58 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/29 18:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/08/29 18:00:00 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/08/25 17:39:39 | 000,611,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/25 17:39:39 | 000,109,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 14:26:34 | 000,000,574 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\TSM_ian - Shortcut.lnk
[2011/08/22 08:08:26 | 000,000,802 | ---- | M] () -- C:\Users\Hightorque UK\Desktop\The Staking Machine V3.0.lnk
[2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/08/19 19:33:03 | 005,235,433 | ---- | M] () -- C:\Users\Hightorque UK\Documents\TSMsetup_ian.zip
[2011/08/15 18:36:26 | 000,718,595 | ---- | M] () -- C:\Users\Hightorque UK\Documents\TicketOrder106736335.pdf
[2011/08/12 08:09:38 | 000,120,024 | ---- | M] () -- C:\Users\Hightorque UK\Documents\bba.1960.jpg
[2011/08/12 07:37:58 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/08 15:49:18 | 000,500,063 | ---- | M] () -- C:\Users\Hightorque UK\Documents\Pic1.Autumn1961.zip
[2011/08/01 18:20:13 | 005,193,216 | ---- | M] () -- C:\Users\Hightorque UK\Documents\TSMsetup.zip
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/30 12:06:20 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\One-Click Tweak.job
[2011/08/30 12:05:47 | 000,000,912 | ---- | C] () -- C:\Users\Hightorque UK\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk
[2011/08/30 12:05:47 | 000,000,843 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
[2011/08/30 12:05:46 | 000,000,888 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\Advanced PC Tweaker.lnk
[2011/08/22 14:26:34 | 000,000,574 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\TSM_ian - Shortcut.lnk
[2011/08/22 08:08:26 | 000,000,802 | ---- | C] () -- C:\Users\Hightorque UK\Desktop\The Staking Machine V3.0.lnk
[2011/08/19 19:32:20 | 005,235,433 | ---- | C] () -- C:\Users\Hightorque UK\Documents\TSMsetup_ian.zip
[2011/08/15 18:36:19 | 000,718,595 | ---- | C] () -- C:\Users\Hightorque UK\Documents\TicketOrder106736335.pdf
[2011/08/12 08:09:36 | 000,120,024 | ---- | C] () -- C:\Users\Hightorque UK\Documents\bba.1960.jpg
[2011/08/12 07:37:58 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/08 15:49:13 | 000,500,063 | ---- | C] () -- C:\Users\Hightorque UK\Documents\Pic1.Autumn1961.zip
[2011/08/01 18:19:31 | 005,193,216 | ---- | C] () -- C:\Users\Hightorque UK\Documents\TSMsetup.zip
[2011/05/23 10:00:16 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/10/24 09:06:17 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/09/05 09:15:03 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/18 15:40:14 | 000,000,340 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\wklnhst.dat
[2009/12/09 12:43:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/24 12:36:52 | 000,000,063 | ---- | C] () -- C:\Windows\gmbackup.dat
[2009/10/24 09:39:59 | 000,178,688 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2009/10/22 16:21:53 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/10/20 10:45:52 | 000,013,576 | ---- | C] () -- C:\Windows\System32\syscorecfg256.dll
[2009/10/20 10:45:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 10:45:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 10:45:27 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/10/18 10:54:49 | 000,000,542 | ---- | C] () -- C:\Windows\SGREP32.INI
[2009/10/14 10:41:18 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/10/14 10:24:51 | 000,000,680 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Local\d3d9caps.dat
[2009/10/14 09:10:40 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/13 14:50:47 | 000,166,400 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 14:03:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\LGICC.DLL
[2009/10/13 14:03:55 | 000,140,800 | ---- | C] () -- C:\Windows\serifun.exe
[2009/10/13 12:05:29 | 000,000,008 | ---- | C] () -- C:\Users\Hightorque UK\AppData\Roaming\usb.dat.bin
[2009/10/13 11:40:52 | 000,000,177 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/10/13 11:40:52 | 000,000,126 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/13 11:40:48 | 000,071,680 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2009/10/13 11:40:48 | 000,040,960 | ---- | C] () -- C:\Windows\System32\sg50fl32.dll
[2009/10/13 11:40:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\sg50im32.dll
[2009/10/13 11:40:48 | 000,036,352 | ---- | C] () -- C:\Windows\System32\Sgappbar.dll
[2009/10/13 11:40:48 | 000,028,672 | ---- | C] () -- C:\Windows\System32\sg50Ut32.dll
[2009/10/13 11:40:48 | 000,028,672 | ---- | C] () -- C:\Windows\System32\sg50Sk32.dll
[2009/10/13 11:40:48 | 000,028,672 | ---- | C] () -- C:\Windows\System32\sg50Ps32.dll
[2009/10/13 11:40:48 | 000,028,672 | ---- | C] () -- C:\Windows\System32\sg50iv32.dll
[2009/10/13 11:40:48 | 000,001,970 | ---- | C] () -- C:\Windows\SAGE.INI
[2009/10/13 11:40:47 | 000,978,944 | ---- | C] () -- C:\Windows\System32\Sgrep32.dll
[2009/10/13 11:40:47 | 000,317,440 | ---- | C] () -- C:\Windows\System32\Sglist32.dll
[2009/10/13 11:40:47 | 000,296,448 | ---- | C] () -- C:\Windows\System32\Sgcdlg32.dll
[2009/10/13 11:40:47 | 000,264,704 | ---- | C] () -- C:\Windows\System32\Sglch32.dll
[2009/10/13 11:40:47 | 000,257,536 | ---- | C] () -- C:\Windows\System32\Sgtool32.dll
[2009/10/13 11:40:47 | 000,256,512 | ---- | C] () -- C:\Windows\System32\SGOPopDg.dll
[2009/10/13 11:40:47 | 000,228,864 | ---- | C] () -- C:\Windows\System32\Sgtbar32.dll
[2009/10/13 11:40:47 | 000,187,392 | ---- | C] () -- C:\Windows\System32\Sghelp32.dll
[2009/10/13 11:40:47 | 000,068,608 | ---- | C] () -- C:\Windows\System32\Sgintl32.dll
[2009/10/13 11:40:47 | 000,059,904 | ---- | C] () -- C:\Windows\System32\Sgcom32.dll
[2009/10/13 11:40:47 | 000,055,808 | ---- | C] () -- C:\Windows\System32\Sgdt32.dll
[2009/10/13 11:40:47 | 000,040,448 | ---- | C] () -- C:\Windows\System32\Sg3d32.dll
[2009/10/13 11:40:47 | 000,028,672 | ---- | C] () -- C:\Windows\System32\Sgstat32.dll
[2009/10/13 11:40:47 | 000,026,624 | ---- | C] () -- C:\Windows\System32\Sglogo32.dll
[2009/10/13 11:40:47 | 000,025,088 | ---- | C] () -- C:\Windows\System32\Repdes32.exe
[2009/10/13 11:40:47 | 000,025,088 | ---- | C] () -- C:\Windows\System32\Repdes32(old).exe
[2009/10/09 05:17:33 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009/10/09 05:17:33 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/10/09 05:17:33 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/10/09 05:17:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/09 05:09:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2009/10/09 05:09:35 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/10/09 05:09:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/10/09 05:09:35 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2009/10/09 05:09:35 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/10/09 05:09:34 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2009/10/09 05:09:34 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2009/10/09 05:09:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2009/10/09 05:09:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/11 17:42:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 15:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/06/24 10:52:54 | 000,000,490 | ---- | C] () -- C:\Windows\System32\dldtplc.ini
[2008/02/25 11:38:22 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2008/01/31 04:38:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2008/01/31 04:38:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2008/01/31 04:36:34 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2008/01/31 04:36:30 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2008/01/31 04:35:02 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2008/01/30 10:52:40 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldtinst.dll
[2008/01/29 08:29:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2008/01/21 21:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
[2006/11/02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:43 | 000,787,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,611,110 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,658 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/02 14:24:38 | 000,070,144 | R--- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2006/05/02 14:24:38 | 000,018,944 | R--- | C] () -- C:\Windows\System32\TALDM32A.dll
[2006/05/02 14:24:38 | 000,017,408 | R--- | C] () -- C:\Windows\System32\TALDM32.DLL
[2002/01/07 07:43:58 | 000,032,768 | ---- | C] () -- C:\Windows\div_iyuv.dll
[2002/01/07 07:43:52 | 000,036,864 | ---- | C] () -- C:\Windows\jpgl.dll

========== LOP Check ==========

[2011/06/26 17:38:21 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\1Million Ltd
[2010/05/08 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\8941552A24D5D328DC13B138230BD8B4
[2011/02/18 15:22:54 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\acccore
[2011/05/03 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Alibre Design
[2011/06/26 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Betting Assistant
[2010/03/01 12:20:08 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Chinaweal Longteng
[2010/02/16 15:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/31 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\CrashPlan
[2011/04/05 14:09:31 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\DraftSight
[2009/12/31 16:37:18 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\DriverCure
[2011/04/01 08:23:44 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Genie-Soft
[2011/08/12 07:34:34 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\go
[2009/10/27 12:46:31 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\GoodSync
[2011/07/18 08:21:10 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Gruss Software
[2009/11/24 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Infacta
[2010/06/21 12:56:04 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\inkscape
[2011/01/08 10:51:37 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Local
[2009/10/13 14:02:16 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Serif
[2010/06/18 15:40:16 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Template
[2010/07/23 11:19:12 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\TomTom
[2009/12/18 10:45:40 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Trusteer
[2010/11/12 09:30:17 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Uniblue
[2011/04/17 19:55:29 | 000,000,000 | ---D | M] -- C:\Users\Hightorque UK\AppData\Roaming\Windows Live Writer
[2009/12/15 16:28:37 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/02/07 09:22:44 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2011/08/30 12:06:21 | 000,000,516 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job
[2011/08/29 18:00:00 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/08/29 18:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/07/28 00:33:07 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/08/30 06:25:27 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2011/08/29 18:55:20 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/30 12:59:27 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1187167D-694A-4D97-9748-C1A6B331311F}.job
[2011/08/30 13:00:07 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{95D5E3F6-1BC2-48DA-87DA-387FB7EB0FB8}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 929 bytes -> C:\Users\Hightorque UK\Documents\Ricevutadeltuopagamentoahightorqueuk@aol_com.eml:OECustomProperty
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 31 August 2011 - 11:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls

Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the Fix MBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
Geekimnot
Posted 04 September 2011 - 03:40 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi Ron,

Thanks for the help, sorry about the delay.

Please see attached files.

Regards,

Ian

Attached Files


  • 0

#4
RKinner
Posted 04 September 2011 - 07:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Please copy and paste your logs.

Malwarebytes' Anti-Malware found something but you did not follow through:

When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

Also looking for the combofix log.

Ron
  • 0

#5
Geekimnot
Posted 06 September 2011 - 01:22 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi Ron,

Re-run Malwarebytes log.

and also Combofix log.

Regards,
Ian

ComboFix 11-08-31.05 - Hightorque UK 01/09/2011 13:00:07.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3036.1457 [GMT 1:00]
Running from: l:\latest\29 Aug\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1ABB.tmp
c:\programdata\SPL2BD2.tmp
c:\programdata\SPL4471.tmp
c:\programdata\SPLA94B.tmp
c:\programdata\SPLB037.tmp
c:\programdata\SPLB1B4.tmp
c:\programdata\SPLE1F3.tmp
c:\programdata\SPLEC81.tmp
c:\programs\SpeedBit Video Downloader\Toolbar\tbcore3.dll
c:\users\Hightorque UK\AppData\Roaming\Local
c:\users\Hightorque UK\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Hightorque UK\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\windows\system32\mfc100deu.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-01 to 2011-09-01 )))))))))))))))))))))))))))))))
.
.
2011-09-01 12:16 . 2011-09-01 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-01 12:16 . 2011-09-01 12:16 -------- d-----w- c:\users\Neville\AppData\Local\temp
2011-09-01 08:43 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 08:43 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 05:19 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A69DC7AD-BB18-4DEF-865E-7917E15B2AA0}\mpengine.dll
2011-08-30 11:05 . 2011-08-30 11:06 -------- d-----w- c:\program files\Advanced PC Tweaker
2011-08-24 06:50 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-21 09:00 . 2011-08-21 09:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-08-14 10:41 . 2011-08-21 09:05 -------- d-----w- c:\program files\TSM-BookiebankV2
2011-08-10 13:13 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 13:13 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 13:13 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 06:02 . 2011-08-09 06:02 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-03 06:43 . 2011-08-22 07:08 -------- d-----w- c:\program files\TSM_ian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 06:59 . 2009-10-19 13:32 164880 ---ha-w- c:\users\Hightorque UK\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-08-18 05:17 . 2011-06-07 06:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-10-22 17:36 . 2009-10-22 15:21 8801704 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2000-11-15 09:21 . 2009-10-24 08:39 178688 ----a-w- c:\program files\hjsplit.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 12:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\tbcore3.dll" [2010-04-20 2447360]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\tbcore3.dll" [2010-04-20 2447360]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HostManager"="c:\program files\Common Files\AOL\1255507870\ee\AOLSoftware.exe" [2010-02-10 41800]
"OLP-Tray"="c:\program files\Royal Mail\SmartStamp\BINARY\STRAY.EXE" [2006-07-17 40960]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-25 19:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 12:06 128296 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 19:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2010-08-25 13:41 1607272 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-02 13:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-02 09:20 274608 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca533d60cc32d0;Google Update Service (gupdate1ca533d60cc32d0);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [x]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2010-08-25 300656]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DCamUSBNW802;PCL-W300 Capture;c:\windows\system32\DRIVERS\pcam.sys [2009-12-31 177748]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-08-21 53816]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-23 815736]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110831.030\IDSvix86.sys [2011-08-22 368248]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 152576]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-08-15 99568]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NIS;Norton Internet Security.;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-08-19 27648]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-26 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-07 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 17:30]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 17:30]
.
2011-08-31 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2011-08-30 10:14]
.
2011-08-31 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-08-31 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2010-07-27 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-09-01 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-10-08 07:02]
.
2011-09-01 c:\windows\Tasks\User_Feed_Synchronization-{1187167D-694A-4D97-9748-C1A6B331311F}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
2011-09-01 c:\windows\Tasks\User_Feed_Synchronization-{95D5E3F6-1BC2-48DA-87DA-387FB7EB0FB8}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=c854a80f000000000000002564cbcadf&tlver=1.4.19.19&affID=17160
IE: &Clean Traces - c:\programs\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programs\DAP\dapextie.htm
IE: Download &all with DAP - c:\programs\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programs\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programs\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\programs\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO-{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - c:\programs\SpeedBit Video Downloader\Toolbar\tbcore3.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-MovieJoiner - c:\program files\Movie Joiner\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-01 13:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Completion time: 2011-09-01 13:23:38
ComboFix-quarantined-files.txt 2011-09-01 12:23
.
Pre-Run: 171,086,462,976 bytes free
Post-Run: 174,401,740,800 bytes free
.
- - End Of File - - 4F72431FB0222890A6A6E86E6807637D

Attached Files


  • 0

#6
RKinner
Posted 06 September 2011 - 03:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I would uninstall your ask toolbar. Also the Speedbit toolbar.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top. Wait 60 seconds for things to settle down then File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
Geekimnot
Posted 07 September 2011 - 04:07 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi again Ron,

I apologise for not heeding your request that I paste the logs, here are the new ones.

Regards,
Ian


PROCEXP

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.08 0 K 24 K
waol.exe 1184 3.08 199,948 K 187,824 K AOL Software AOL Inc.
procexp.exe 7040 2.31 17,524 K 27,832 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
dwm.exe 300 1.54 48,148 K 41,808 K Desktop Window Manager Microsoft Corporation
sidebar.exe 2596 < 0.01 45,236 K 20,728 K Windows Sidebar Microsoft Corporation
System 4 < 0.01 0 K 40,580 K
CrashPlanService.exe 3276 < 0.01 49,016 K 46,712 K CrashPlan backup engine which backs up your files! CrashPlan
aolsoftware.exe 2408 < 0.01 10,024 K 6,476 K AOL AOL Inc.
AOLacsd.exe 3248 < 0.01 10,584 K 4,552 K AOL Connectivity Service AOL LLC
RapportMgmtService.exe 1220 < 0.01 17,292 K 12,280 K RapportMgmtService Trusteer Ltd.
lsass.exe 752 < 0.01 6,372 K 1,820 K Local Security Authority Process Microsoft Corporation
explorer.exe 1476 < 0.01 38,000 K 50,252 K Windows Explorer Microsoft Corporation
svchost.exe 1408 < 0.01 60,796 K 64,208 K Host Process for Windows Services Microsoft Corporation
VideoAcceleratorEngine.exe 2072 < 0.01 4,232 K 8,324 K VideoAcceleratorEngine Speedbit Ltd.
csrss.exe 704 < 0.01 2,316 K 6,456 K Client Server Runtime Process Microsoft Corporation
SearchIndexer.exe 2276 < 0.01 43,220 K 36,556 K Microsoft Windows Search Indexer Microsoft Corporation
ccsvchst.exe 3412 < 0.01 49,724 K 11,904 K Symantec Service Framework Symantec Corporation
dldtcoms.exe 3328 < 0.01 15,584 K 16,756 K Printer Communication System
hamachi-2-ui.exe 2544 < 0.01 5,720 K 1,920 K Hamachi Client Application LogMeIn Inc.
shellmon.exe 2652 < 0.01 2,580 K 6,684 K waolmon AOL Inc.
csrss.exe 648 < 0.01 2,032 K 4,364 K Client Server Runtime Process Microsoft Corporation
svchost.exe 244 < 0.01 22,124 K 18,160 K Host Process for Windows Services Microsoft Corporation
VideoAcceleratorService.exe 3804 < 0.01 2,248 K 3,680 K VideoAcceleratorEngine Speedbit Ltd.
hamachi-2.exe 3372 < 0.01 6,448 K 7,464 K Hamachi Client Tunneling Engine LogMeIn Inc.
sidebar.exe 2936 < 0.01 18,124 K 8,100 K Windows Sidebar Microsoft Corporation
svchost.exe 1396 < 0.01 98,592 K 98,288 K Host Process for Windows Services Microsoft Corporation
CrashPlanTray.exe 2636 < 0.01 2,544 K 956 K Windows system tray interface to CrashPlan Code 42 Software, Inc.
dldtserv.exe 3300 < 0.01 896 K 2,836 K Service Executable
spoolsv.exe 2036 < 0.01 14,388 K 16,052 K Spooler SubSystem App Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
WUDFHost.exe 4200 2,932 K 3,940 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
WmiPrvSE.exe 5160 3,088 K 5,464 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 2776 892 K 2,416 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 4056 10,460 K 10,912 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 840 2,032 K 4,700 K Windows Logon Application Microsoft Corporation
wininit.exe 692 4,712 K 6,432 K Windows Start-Up Application Microsoft Corporation
TomTomHOMEService.exe 3760 608 K 1,808 K Windows Service for TomTom HOME TomTom
TomTomHOMERunner.exe 2604 2,676 K 1,080 K System Tray application for TomTom HOME TomTom
taskeng.exe 2080 9,500 K 4,004 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 1932 2,008 K 5,252 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1800 20,840 K 20,208 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1048 5,340 K 7,212 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1620 8,820 K 9,844 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1368 16,884 K 12,188 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1104 61,792 K 26,256 K Host Process for Windows Services Microsoft Corporation
svchost.exe 988 3,064 K 5,948 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1520 2,132 K 4,388 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3600 4,260 K 6,060 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3724 6,664 K 5,712 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4024 548 K 1,912 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3012 2,052 K 4,884 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5604 3,772 K 6,920 K Host Process for Windows Services Microsoft Corporation
STRAY.EXE 2560 1,268 K 1,024 K
smss.exe 516 288 K 684 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1572 5,924 K 4,360 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 736 5,804 K 9,060 K Services and Controller app Microsoft Corporation
SeaPort.EXE 3632 8,124 K 12,096 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
RtHDVCpl.exe 2424 9,036 K 1,588 K HD Audio Control Panel Realtek Semiconductor
msiexec.exe 2112 12,028 K 18,956 K Windows® installer Microsoft Corporation
mbamservice.exe 5528 98,320 K 48,180 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamgui.exe 2552 2,600 K 596 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lsm.exe 760 1,900 K 3,604 K Local Session Manager Service Microsoft Corporation
jusched.exe 2516 1,176 K 308 K Java™ Update Scheduler Sun Microsystems, Inc.
IAANTmon.exe 1236 3,060 K 4,924 K RAID Monitor Intel Corporation
IAAnotif.exe 2304 3,200 K 700 K Event Monitor User Notification Tool Intel Corporation
dllhost.exe 4560 1,448 K 3,444 K COM Surrogate Microsoft Corporation
dldtmsdmon.exe 2344 15,868 K 3,996 K Printer Card Transfer Monitor
dldtmon.exe 2280 6,648 K 1,100 K Printer Device Monitor
ccsvchst.exe 1608 14,580 K 10,228 K Symantec Service Framework Symantec Corporation
BingBar.exe 5056 3,696 K 9,148 K Bing Client Extensions Microsoft Corporation.
BingApp.exe 5708 2,328 K 7,156 K Bing Client Application Process Microsoft Corporation.
audiodg.exe 1492 16,620 K 14,540 K Windows Audio Device Graph Isolation Microsoft Corporation
armsvc.exe 3200 2,104 K 3,136 K Adobe Acrobat Update Service Adobe Systems Incorporated
AERTSrv.exe 3220 372 K 1,484 K Andrea filters APO access service (32-bit) Andrea Electronics Corporation





VEW

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 07/09/2011 11:00:30

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/09/2011 09:56:25
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 09:50:18
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 09:43:57
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 09:37:57
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 09:32:23
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: ccHP

Log: 'System' Date/Time: 07/09/2011 09:32:20
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 07/09/2011 09:32:20
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 07/09/2011 09:32:20
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the AOL Connectivity Service service to connect.

Log: 'System' Date/Time: 07/09/2011 09:31:56
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:49:36
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:43:38
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:37:42
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:31:43
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:25:52
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:19:38
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:14:02
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:07:35
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/09/2011 07:01:51
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/09/2011 09:34:39
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {E52D9C17-7098-4DD7-BA53-B63672CDDE69} User: HightorqueUK-PC\Hightorque UK Name: Unknown ID: Severity ID: Category ID: Path Found: driver:ATWPKT2 Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 07/09/2011 09:34:39
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {515D45B8-7FB8-4487-9800-1ADF5700EBB0} User: HightorqueUK-PC\Hightorque UK Name: Unknown ID: Severity ID: Category ID: Path Found: service:ATWPKT2 Alert Type: Unclassified software Detection Type:

SIGVERIF

None found
  • 0

#8
RKinner
Posted 07 September 2011 - 08:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Process Explorer is just showing some junk from AOL. Do you still use it?

VEW is showing that Symantec is broken. Let's replace it with Avast for now.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? Text version of the report is at:
C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt Please copy and paste it.

Now clear the event logs again:
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot. Wait a couple of minutes for it to fully load everything then run VEW again as before and post the logs.

Ron
  • 0

#9
Geekimnot
Posted 10 September 2011 - 02:34 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi Ron,

I use AOL all the time, I will uninstall and reinstall to see if it gets rid of any problems.

I ran the Avast 3 times, I could not find the log file until I watched it run, the logs went to a different file than you indicated.

Should I purchase Malwarebytes ?? it runs out in a few days.

Should I re-install Norton/Symantec ?? If not can you recommend a program to do regular backup of files ??

Please note that I can delete the "Old backup file", and do not use Clipart.

Once again many thanks for all your effort.

Best regards,
Ian

Here are the logs.

Avast:

09/08/2011 16:24
Scan of all local drives

File C:\20101704_091438_Line 50 & InvInc1\C\Model Info\P51\Setup_295.exe.nco|>20101704_091438_Line 50 & InvInc1\C\MODELI~1\P51\SETUP_~1.EXE is infected by Win32:Malware-gen, Moved to chest
File C:\Downloads\AOL fix\setupxv.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File C:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\AOL fix\setupxv.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File C:\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\AOL fix\setupxv.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File C:\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\AOLFIX~1\setupxv.exe.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File C:\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Users\Neville\AppData\Local\Adobe\Updater6\Install\reader9rdr-en_US\AdbeRdrUpd931_all_incr.msp|>PCW_CAB_RDR|>authplay.dll Error 42127 {CAB archive is corrupted.}
File C:\Users\Neville\AppData\Local\Adobe\Updater6\Install\reader9rdr-en_US\AdbeRdrUpd931_all_incr.msp|>PCW_CAB_RDR Error 42144 {OLE archive is corrupted.}
File F:\Backup\20101704_091438_Line 50 & InvInc1\C\Model Info\P51\Setup_295.exe.nco|>20101704_091438_Line 50 & InvInc1\C\MODELI~1\P51\SETUP_~1.EXE is infected by Win32:Malware-gen, Moved to chest
File F:\Backup\Downloads\AOL fix\setupxv.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File F:\Backup\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\AOL fix\setupxv.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File F:\Backup\Old Backup File\20090810_160404_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090810_160404_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\AOL fix\setupxv.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File F:\Backup\Old Backup File\20090910_160406_Daily\C\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\AOLFIX~1\setupxv.exe.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File F:\Backup\Old Backup File\Weekly Backup\20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE.nco|>20081512_145315_I an Aitken\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Downloads\AOL fix\setupxv.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\AOLFIX~1\setupxv.exe|>setup.msi|>app.cab|>F6BF21151B2E4B54F9103A83F276770DD is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\VVSNInst.exe|>VVSN.exe is infected by Win32:Whenu-I [PUP], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060]|>[Embedded_R#1baa8] is infected by Win32:Adware-gen [Adw], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe|>[Embedded_I#06060] is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\freeze_388.exe is infected by Win32:Newdotnet-B [Trj], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138]|>[Embedded_R#25aa8] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe|>[Embedded_I#08138] is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%TEMP%\NNFRZA638.exe is infected by Win32:Newdotnet [Adw], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whInstaller.exe is infected by Win32:Dialer-AEX [Trj], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whSurvey.exe is infected by Win32:Dialer-AGN [Trj], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>webhdll.dll is infected by Win32:Dialer-ACO [Trj], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%temp%\whCC-FREEZE5.exe|>whiehlpr.dll is infected by Win32:Dialer-ANJ [Trj], Moved to chest
File F:\Downloads\Clipart\clipartfree.exe.nco|>20090910_160406_Daily\C\DOWNLO~1\Clipart\CLIPAR~1.EXE|>[Embedded_R#001280]|>%cscoresys%\rkinstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
Number of searched folders: 50602
Number of tested files: 2679074
Number of infected files: 119

----------------------------------------
09/08/2011 20:02
Scan of all local drives


Scanning aborted
Number of searched folders: 35
Number of tested files: 1043
Number of infected files: 0

----------------------------------------
09/08/2011 20:07
Scan of all local drives

File C:\Users\Neville\AppData\Local\Adobe\Updater6\Install\reader9rdr-en_US\AdbeRdrUpd931_all_incr.msp|>PCW_CAB_RDR|>authplay.dll Error 42127 {CAB archive is corrupted.}
File C:\Users\Neville\AppData\Local\Adobe\Updater6\Install\reader9rdr-en_US\AdbeRdrUpd931_all_incr.msp|>PCW_CAB_RDR Error 42144 {OLE archive is corrupted.}
Number of searched folders: 50608
Number of tested files: 2674999
Number of infected files: 0





VEW

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/09/2011 15:59:34

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/09/2011 14:54:59
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/09/2011 14:54:59
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the AOL Connectivity Service service to connect.

Log: 'System' Date/Time: 09/09/2011 14:54:36
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2011 14:49:44
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2011 14:43:25
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2011 14:36:57
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2011 14:31:03
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2011 14:24:57
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2011 14:18:36
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2011 14:12:36
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-Dhcp-Client
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
RKinner
Posted 10 September 2011 - 09:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Where did Avast hide the report?

You can delete the folder

C:\Users\Neville\AppData\Local\Adobe\Updater6\Install\reader9rdr-en_US since it seems to be corrupt. We don't need a reader 9 install file anyway since the latest adobe reader is 10.

No need to buy MBAM unless you want to.

Let's wait on Symantec until we get this sorted out.

Start, Programs, Accessories then right click on Command Prompt and Run As Administrator. Type with an Enter after each line:

ipconfig /all  >  \junk.txt

notepad  \junk.txt

Copy and paste the text from notepad.

Ron
  • 0

Advertisements

#11
Geekimnot
Posted 11 September 2011 - 01:30 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi Ron,

Avast report

C/Program data/Avast Software/Avast/report/aswBoot.txt

I have deleted the Users/Neville file.

Regards,
Ian

Junk text:


Windows IP Configuration

Host Name . . . . . . . . . . . . : HightorqueUK-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cable.virginmedia.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : cable.virginmedia.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-25-64-CB-CA-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25af:ccfd:fb9c:2664%11(Preferred)
IPv4 Address. . . . . . . . . . . : 217.137.148.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Lease Obtained. . . . . . . . . . : 11 September 2011 06:52:55
Lease Expires . . . . . . . . . . : 15 September 2011 07:45:07
Default Gateway . . . . . . . . . : 217.137.148.1
DHCP Server . . . . . . . . . . . : 62.253.131.93
DHCPv6 IAID . . . . . . . . . . . : 251667812
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-60-02-46-00-25-64-CB-CA-DF
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-00-00-00-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Default Gateway . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.virginmedia.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cable.virginmedia.net
Description . . . . . . . . . . . : isatap.cable.virginmedia.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2C1BC9D2-671D-4B5E-ABE6-F7869D0225B9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Connection-specific DNS Suffix . : cable.virginmedia.net
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:d989:9409::d989:9409(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2C1BC9D2-671D-4B5E-ABE6-F7869D0225B9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
  • 0

#12
RKinner
Posted 11 September 2011 - 12:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Your ipconfig looks OK even tho your event log said it had problems getting an IP address. Are you still seeing a problem?

Ron
  • 0

#13
Geekimnot
Posted 12 September 2011 - 01:40 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi Ron,

Only one high usage flag in the last 2 days, that was for AOL.

The computer has speeded up. I will now unistall and reinstall AOL.

Thanks for your help it really was appreciated, I will send a PM if I have any further problems, but thinks look OK now.

Very best regards,

Ian
  • 0

#14
RKinner
Posted 12 September 2011 - 08:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#15
Geekimnot
Posted 13 September 2011 - 04:18 AM

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 280 posts
Hi Ron,

New Restore created.
Old restores removed
Command to uninstall combofix does not work (is not recognised as an internal or external command)
OTL done
Files hidden.
Adobe Javascript disabled
Update checker installed
Don’t use Firefox
Don’t use Limewire
How do I recognise a P2P program ?
Don’t use wireless, am on a fiber line broadband.

Best regards,
Ian
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP