Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unable to update antivirus/malwarebytes


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
The stealth process is gone. Perhaps it was the CripKey License and Network X license software. Go back into Autoruns and check everything else (that you were able to uncheck) and then reboot. Run a quickscan and see if the PRC - File not found -- line comes back. If not I think we have solved that problem.

As for IE, I would go into Tools, Internet Options, Advanced and find the RESET button at the bottom and hit it then restart IE and see if it looks better.

Ron
  • 0

Advertisements


#17
Clifford385

Clifford385

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Brilliant news and it hasnt come back :-)

Thanks for the info on resetting IE

I was unable to replace the tick in Drivers for Rapport E164 It says access denied again.

OTL scan

OTL logfile created on: 26/11/2011 19:38:02 - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\C J Derricutt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.61% Memory free
8.00 Gb Paging File | 6.58 Gb Available in Paging File | 82.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.94 Gb Total Space | 269.67 Gb Free Space | 59.93% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: C J Derricutt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/24 11:56:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\C J Derricutt\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/05 17:04:58 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/07 15:16:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/07 15:16:33 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 13:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/03/16 15:08:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/04 15:23:02 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService.exe)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/14 01:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2008/05/07 23:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 12:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 12:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/16 15:08:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/07 22:30:02 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/07 21:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/09/06 21:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 21:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 21:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 21:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 21:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 21:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 13:56:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/08/09 21:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/17 17:12:26 | 000,028,664 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2006/10/31 15:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2005/12/14 01:53:42 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV - [2011/11/07 21:32:12 | 000,396,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2010/10/03 23:54:04 | 000,012,544 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys -- (RapportIaso)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.inbox.com...d=80150&lng=en"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/07 15:16:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 20:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/07 15:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 21:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\files32\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin

[2010/03/20 20:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C J Derricutt\AppData\Roaming\Mozilla\Extensions
[2011/11/26 17:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C J Derricutt\AppData\Roaming\Mozilla\Firefox\Profiles\2kh2y52t.default\extensions
[2011/11/26 17:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/09 21:31:43 | 000,000,000 | ---D | M] (Ten PDF Creator Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]
[2010/04/07 15:16:33 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\C J DERRICUTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2KH2Y52T.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2010/06/21 22:55:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/07 22:30:02 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_IEGetPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: avast! WebRep = C:\Users\C J Derricutt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\C J Derricutt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\

O1 HOSTS File: ([2011/11/24 11:37:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ten PDF Creator Toolbar) - {C77F8051-03F7-432D-AE30-5B1D19927086} - C:\Program Files (x86)\PDFCreator\Toolbar\MaxPDFCreatorToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ten PDF Creator Toolbar) - {C77F8051-03F7-432D-AE30-5B1D19927086} - C:\Program Files (x86)\PDFCreator\Toolbar\MaxPDFCreatorToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\C J Derricutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1837C8BF-E17A-46B4-88B9-4133141CD98C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 17:18:20 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\autoruns.exe
[2011/11/26 17:17:28 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\procexp.exe
[2011/11/26 17:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/25 21:48:14 | 000,063,760 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/11/25 20:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/25 20:35:46 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/25 20:35:46 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/25 20:35:41 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/25 20:35:39 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/25 20:35:37 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/25 20:35:36 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/25 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\AppData\Local\Trusteer
[2011/11/25 20:35:23 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/25 20:35:23 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/25 17:46:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/24 11:56:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\C J Derricutt\Desktop\OTL.exe
[2011/11/24 11:49:04 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\C J Derricutt\Desktop\aswMBR.exe
[2011/11/24 11:43:51 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\C J Derricutt\Desktop\tdsskiller.exe
[2011/11/24 11:39:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/24 11:31:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/24 11:31:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/24 11:31:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/24 11:31:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/24 11:31:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/24 11:30:02 | 004,306,022 | R--- | C] (Swearware) -- C:\Users\C J Derricutt\Desktop\ComboFix.exe
[2011/11/17 19:35:37 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\AppData\Local\{572ED499-497E-4A97-B15F-893F0509673D}
[2011/11/17 19:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/16 13:03:35 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/16 13:03:35 | 000,027,472 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2011/11/16 13:03:27 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/16 12:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/16 12:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/15 18:54:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2011/11/15 18:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2011/11/15 18:54:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2011/11/15 18:54:27 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/11/09 16:29:52 | 000,000,000 | ---D | C] -- C:\eee3a4bd0deca3b1f135aad24cce71
[2011/11/05 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\AppData\Local\{F8AA4F3E-3466-4CE5-A92D-03EFB4C4FE51}

========== Files - Modified Within 30 Days ==========

[2011/11/26 19:37:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 19:37:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 19:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 19:36:52 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 19:07:32 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 19:07:32 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 19:07:09 | 000,781,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/26 19:07:09 | 000,668,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/26 19:07:09 | 000,123,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/26 18:48:43 | 000,309,869 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\Add on screen.jpg
[2011/11/26 17:33:13 | 000,154,645 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.zip
[2011/11/26 17:32:35 | 003,481,600 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.arn
[2011/11/26 17:18:20 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\autoruns.exe
[2011/11/26 17:17:39 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\procexp.exe
[2011/11/25 20:35:49 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/25 20:35:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/25 20:30:28 | 061,657,064 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\setup_av_free_cnet.exe
[2011/11/25 19:29:22 | 000,302,592 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\m62htr3w.exe
[2011/11/25 19:29:22 | 000,302,592 | ---- | M] () -- C:\m62htr3w.exe
[2011/11/24 11:56:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\C J Derricutt\Desktop\OTL.exe
[2011/11/24 11:51:20 | 000,000,512 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\MBR.dat
[2011/11/24 11:49:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\C J Derricutt\Desktop\aswMBR.exe
[2011/11/24 11:43:51 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\C J Derricutt\Desktop\tdsskiller.exe
[2011/11/24 11:37:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/24 11:30:02 | 004,306,022 | R--- | M] (Swearware) -- C:\Users\C J Derricutt\Desktop\ComboFix.exe
[2011/11/17 18:58:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/16 13:02:50 | 105,848,832 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\VIPRERescue11052.exe
[2011/11/11 11:19:04 | 000,130,449 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\SPFLecturers201109.pdf
[2011/11/09 20:18:28 | 003,225,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 23:28:38 | 000,003,290 | ---- | M] () -- C:\Users\C J Derricutt\AppData\Roaming\wklnhst.dat
[2011/11/07 21:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/11/07 20:38:01 | 000,741,476 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/06 21:56:29 | 796,811,336 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/29 18:54:25 | 000,035,328 | ---- | M] () -- C:\Users\C J Derricutt\Documents\FCC 70th AGM 27.11.2011

========== Files Created - No Company Name ==========

[2049/12/31 15:00:00 | 000,085,837 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\Appendix 3 Club Constitution 2009.pdf
[2011/11/26 18:48:43 | 000,309,869 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\Add on screen.jpg
[2011/11/26 17:33:13 | 000,154,645 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.zip
[2011/11/26 17:32:35 | 003,481,600 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.arn
[2011/11/25 20:35:49 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/25 20:28:46 | 061,657,064 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\setup_av_free_cnet.exe
[2011/11/25 19:42:35 | 000,302,592 | ---- | C] () -- C:\m62htr3w.exe
[2011/11/25 19:29:22 | 000,302,592 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\m62htr3w.exe
[2011/11/24 11:51:20 | 000,000,512 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\MBR.dat
[2011/11/24 11:31:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 11:31:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 11:31:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 11:31:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 11:31:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 12:59:25 | 105,848,832 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\VIPRERescue11052.exe
[2011/11/11 11:19:04 | 000,130,449 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\SPFLecturers201109.pdf
[2011/11/07 20:38:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/07 20:38:01 | 000,741,476 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/29 18:54:23 | 000,035,328 | ---- | C] () -- C:\Users\C J Derricutt\Documents\FCC 70th AGM 27.11.2011
[2011/08/28 14:53:34 | 000,000,049 | ---- | C] () -- C:\Windows\CoolRead.ini
[2011/08/28 14:32:10 | 000,044,218 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Local\RAContactHistory.xml
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/12 20:53:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\Pianos and Keyboards
[2010/05/28 21:45:36 | 000,000,000 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\Phaser
[2010/05/28 21:45:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flowers
[2010/05/28 21:29:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/05/28 21:12:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grand Piano
[2010/05/28 21:12:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/05/28 21:09:25 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
[2010/03/16 14:52:36 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/16 10:26:39 | 000,000,592 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/03/09 21:28:26 | 000,000,123 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/03/09 21:28:23 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/03/09 21:28:23 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/03/09 21:28:23 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/02/17 21:13:44 | 000,003,584 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 14:44:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/02/09 21:23:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/06 19:38:51 | 000,000,268 | RH-- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\Galactic Static
[2010/01/06 19:36:32 | 000,000,268 | RH-- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\Fruit
[2010/01/05 17:47:30 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2009/09/07 18:34:35 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/09/07 18:34:35 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/09/07 18:34:35 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/09/07 18:34:35 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/09/07 18:34:35 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/09/07 18:34:35 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/09/07 18:34:35 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/09/07 18:34:35 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/09/07 18:34:35 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/09/07 18:34:35 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2009/09/07 18:34:35 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/09/07 18:34:35 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/09/07 18:34:35 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/09/07 18:34:35 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/09/07 18:34:35 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/09/07 18:34:35 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2009/09/07 18:34:35 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2009/09/07 18:34:35 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/09/07 18:34:35 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/09/07 18:32:28 | 000,000,041 | ---- | C] () -- C:\Windows\CDER1900DEFGIPS.ini
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/06 15:10:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/26 13:47:45 | 000,000,025 | ---- | C] () -- C:\Windows\efdcet.dat
[2009/05/26 13:46:52 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/05/16 20:05:31 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/03/13 19:33:47 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/01/16 11:15:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\PixText.dll
[2009/01/11 19:51:45 | 000,003,290 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\wklnhst.dat
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

========== LOP Check ==========

[2010/02/09 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Auslogics
[2011/02/23 19:00:12 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Babylon
[2010/02/09 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\BullGuard
[2010/09/26 07:05:28 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\com.adobe.ExMan
[2010/02/09 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/22 18:18:41 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\DriverCure
[2010/09/18 15:17:01 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\EPSON
[2010/02/09 21:40:07 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\ErrorExpert
[2011/07/27 06:30:21 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\IObit
[2010/05/28 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Nikon
[2010/02/09 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\OpenOffice.org
[2011/10/07 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\PC Cleaners
[2011/08/28 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\PeerNetworking
[2010/11/14 07:32:24 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Sammsoft
[2011/05/25 13:48:00 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Softland
[2010/02/09 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Template
[2010/02/09 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Ten PDF Reader
[2010/02/17 14:30:30 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Trusteer
[2010/04/06 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Uniblue
[2010/02/09 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Western Digital
[2009/09/08 20:14:39 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Windows Live Writer
[2011/11/08 23:10:14 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I think we should remove the License stuff so let's do this:


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\Windows\SysNative\Ckldrv.sys
C:\Windows\SysNative\Crypserv.exe

Driver::
NetworkX
Crypkey License

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

The Rapport stuff may need to be reinstalled tho you might try it in safe mode.

Ron
  • 0

#19
Clifford385

Clifford385

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

I ran combofix with the script, it appeared to delete the files, then the programme ran until windows rebooted.

I tried Internet explorer and got a window saying - An illegal operation attempted on a registry key that has been marked for deletion.

I tried Firefox and Google chrome, same message.
I also get the same message when trying to open a saved txt on desktop.

I am using Cliffords wifes laptop to contact you.



ComboFix 11-11-23.03 - C J Derricutt 28/11/2011 15:36:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2960 [GMT 0:00]
Running from: c:\users\C J Derricutt\Desktop\ComboFix.exe
Command switches used :: c:\users\C J Derricutt\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\Ckldrv.sys"
"c:\windows\system32\Crypserv.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETWORKX
-------\Service_Crypkey License
-------\Service_NetworkX
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 15:44 . 2011-11-28 15:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-28 15:44 . 2011-11-28 15:44 -------- d-----w- c:\users\Eileen\AppData\Local\temp
2011-11-28 15:44 . 2011-11-28 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 18:55 . 2011-11-26 18:55 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2011-11-26 17:09 . 2011-11-26 17:09 -------- d-----w- C:\_OTL
2011-11-25 21:48 . 2011-11-07 21:28 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-11-25 20:35 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-25 20:35 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-25 20:35 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-25 20:35 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-25 20:35 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 20:35 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-25 20:35 . 2011-11-25 20:35 -------- d-----w- c:\users\C J Derricutt\AppData\Local\Trusteer
2011-11-25 20:35 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-25 20:35 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-25 20:17 . 2011-11-25 20:17 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2011-11-25 19:42 . 2011-11-25 19:29 302592 ----a-w- C:\m62htr3w.exe
2011-11-23 13:28 . 2011-10-18 01:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9D8AF16-49AB-46F3-86B9-859C754430CF}\mpengine.dll
2011-11-17 19:32 . 2011-11-17 19:32 -------- d-----w- c:\program files (x86)\ESET
2011-11-16 13:03 . 2010-11-09 13:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 13:03 . 2010-11-09 13:56 27472 ----a-w- c:\windows\system32\sbbd.exe
2011-11-16 13:03 . 2011-11-16 23:43 -------- d-----w- C:\VIPRERESCUE
2011-11-16 12:53 . 2011-11-16 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 12:43 . 2011-11-17 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-15 18:55 . 2011-11-28 15:45 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2011-11-15 18:54 . 2011-11-15 18:54 -------- d-----w- c:\windows\SysWow64\BestPractices
2011-11-15 18:54 . 2011-11-15 18:54 -------- d-----w- c:\windows\system32\msmq
2011-11-15 18:54 . 2011-11-15 18:54 -------- d-----w- c:\windows\system32\BestPractices
2011-11-15 18:54 . 2011-11-15 18:54 -------- d-----w- C:\inetpub
2011-11-09 16:29 . 2011-11-09 16:31 -------- d-----w- C:\eee3a4bd0deca3b1f135aad24cce71
2011-11-09 16:05 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:05 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:05 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:05 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 19:19 . 2011-06-11 14:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 13:23 . 2011-10-07 13:24 5356304 ----a-w- c:\windows\uninst.exe
2011-10-01 13:59 . 2011-10-01 13:59 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 21:45 . 2011-05-31 22:56 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-01 05:24 . 2011-10-14 09:30 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-14 09:30 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-14 09:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-14 09:30 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-14 09:30 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-14 09:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 17:00 . 2010-02-14 14:22 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_11.37.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-24 11:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-28 15:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-24 11:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 15:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 15:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-24 11:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-10 06:04 . 2011-11-26 20:02 70974 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-26 20:02 54194 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 22:43 . 2011-11-26 20:02 23344 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2291017314-1884417629-3059010333-1000_UserData.bin
- 2010-02-09 21:25 . 2011-11-24 11:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-09 21:25 . 2011-11-26 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-09 21:25 . 2011-11-24 11:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-26 17:17 . 2011-11-26 22:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-26 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-24 11:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-25 17:52 . 2011-11-25 17:52 25088 c:\windows\Installer\723da.msi
+ 2011-11-28 15:45 . 2011-11-28 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-24 11:03 . 2011-11-24 11:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-28 15:45 . 2011-11-28 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-24 11:03 . 2011-11-24 11:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-02-17 14:30 . 2010-04-02 20:33 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2010-02-17 14:30 . 2011-11-26 18:55 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
- 2010-02-17 14:30 . 2010-04-02 20:33 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
+ 2010-02-17 14:30 . 2011-11-26 18:55 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
+ 2010-02-17 14:30 . 2011-11-26 18:55 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
- 2010-02-17 14:30 . 2010-04-02 20:33 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2010-02-10 22:34 . 2011-11-28 15:31 300440 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-11-26 20:05 668194 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-24 11:08 668194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-26 20:05 123548 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-24 11:08 123548 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-23 19:58 443580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-28 15:44 443580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-03-12 15:27 . 2011-11-28 15:44 5471196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2291017314-1884417629-3059010333-1000-8192.dat
+ 2010-10-23 15:20 . 2011-11-26 19:59 3166144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2291017314-1884417629-3059010333-1000-12288.dat
+ 2010-10-02 20:54 . 2011-11-28 15:44 46715121 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2291017314-1884417629-3059010333-1000-4096.dat
+ 2011-11-26 18:52 . 2011-11-26 18:52 26059264 c:\windows\Installer\f3e9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-07 202256]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\C J Derricutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-4 2104320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-16 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 RapportIaso;RapportIaso;c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys [2010-10-03 12544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys [2011-11-07 396944]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-09-04 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgTdiA
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 14:04]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 14:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"combofix"="c:\combofix\CF19093.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\C J Derricutt\AppData\Roaming\Mozilla\Firefox\Profiles\2kh2y52t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80150&lng=en
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2291017314-1884417629-3059010333-1000\¬ î**]
"MachineID"=hex:e3,43,3e,7b,48,32,4e,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2011-11-28 15:54:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 15:54
ComboFix2.txt 2011-11-24 11:39
.
Pre-Run: 292,646,916,096 bytes free
Post-Run: 292,477,317,120 bytes free
.
- - End Of File - - BB1569CA1138298A3E52864406D25BDD
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
The "illegal operation attempted on a registry key" error should go away after a reboot
  • 0

#21
Clifford385

Clifford385

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes we are back thank you :-)
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
So do we still see PRC - File not found -- in an OTL Quickscan log?
  • 0

#23
Clifford385

Clifford385

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No its not there :-)
I have to go back home but will be back tomorrow.

OTL logfile created on: 28/11/2011 18:06:29 - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\C J Derricutt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.08% Memory free
8.00 Gb Paging File | 6.57 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.94 Gb Total Space | 271.78 Gb Free Space | 60.40% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: C J Derricutt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/24 11:56:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\C J Derricutt\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/07 15:16:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/25 20:35:30 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/05 16:44:30 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/07 15:16:33 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 13:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/03/16 15:08:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/04 15:23:02 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService.exe)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/14 01:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 12:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 12:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/16 15:08:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/07 22:30:02 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/07 21:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/09/06 21:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 21:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 21:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 21:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 21:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 21:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 13:56:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/08/09 21:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/10/31 15:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2005/12/14 01:53:42 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV - [2011/11/07 21:32:12 | 000,396,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2010/10/03 23:54:04 | 000,012,544 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys -- (RapportIaso)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 03 88 1B EE AD CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/?p=us"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/07 15:16:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 20:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/07 15:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 21:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\files32\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin

[2010/03/20 20:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C J Derricutt\AppData\Roaming\Mozilla\Extensions
[2011/11/28 17:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C J Derricutt\AppData\Roaming\Mozilla\Firefox\Profiles\2kh2y52t.default\extensions
[2011/11/26 17:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/09 21:31:43 | 000,000,000 | ---D | M] (Ten PDF Creator Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/11/25 20:35:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/04/07 15:16:33 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/06/21 22:55:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/07 22:30:02 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_IEGetPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: avast! WebRep = C:\Users\C J Derricutt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\C J Derricutt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\

O1 HOSTS File: ([2011/11/28 15:46:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ten PDF Creator Toolbar) - {C77F8051-03F7-432D-AE30-5B1D19927086} - C:\Program Files (x86)\PDFCreator\Toolbar\MaxPDFCreatorToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ten PDF Creator Toolbar) - {C77F8051-03F7-432D-AE30-5B1D19927086} - C:\Program Files (x86)\PDFCreator\Toolbar\MaxPDFCreatorToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\C J Derricutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1837C8BF-E17A-46B4-88B9-4133141CD98C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 17:48:10 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\Desktop\FCC Docs
[2011/11/28 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\Desktop\CJD Folder
[2011/11/28 17:43:21 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\Desktop\Major events
[2011/11/28 16:36:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/28 15:44:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/26 17:18:20 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\autoruns.exe
[2011/11/26 17:17:28 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\procexp.exe
[2011/11/26 17:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/25 21:48:14 | 000,063,760 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/11/25 20:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/25 20:35:46 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/25 20:35:46 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/25 20:35:41 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/25 20:35:39 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/25 20:35:37 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/25 20:35:36 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/25 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\AppData\Local\Trusteer
[2011/11/25 20:35:23 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/25 20:35:23 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/24 11:56:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\C J Derricutt\Desktop\OTL.exe
[2011/11/24 11:49:04 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\C J Derricutt\Desktop\aswMBR.exe
[2011/11/24 11:43:51 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\C J Derricutt\Desktop\tdsskiller.exe
[2011/11/24 11:31:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/24 11:31:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/24 11:31:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/24 11:31:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/24 11:31:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/24 11:30:02 | 004,306,022 | R--- | C] (Swearware) -- C:\Users\C J Derricutt\Desktop\ComboFix.exe
[2011/11/17 19:35:37 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\AppData\Local\{572ED499-497E-4A97-B15F-893F0509673D}
[2011/11/17 19:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/16 13:03:35 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/16 13:03:35 | 000,027,472 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2011/11/16 13:03:27 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/16 12:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/16 12:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/15 18:54:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2011/11/15 18:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2011/11/15 18:54:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2011/11/15 18:54:27 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/11/09 16:29:52 | 000,000,000 | ---D | C] -- C:\eee3a4bd0deca3b1f135aad24cce71
[2011/11/05 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\C J Derricutt\AppData\Local\{F8AA4F3E-3466-4CE5-A92D-03EFB4C4FE51}

========== Files - Modified Within 30 Days ==========

[2011/11/28 17:57:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/28 17:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 16:58:57 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 16:58:57 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 16:56:48 | 000,781,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/28 16:56:48 | 000,668,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/28 16:56:48 | 000,123,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/28 16:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 16:51:33 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 15:46:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/26 17:33:13 | 000,154,645 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.zip
[2011/11/26 17:32:35 | 003,481,600 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.arn
[2011/11/26 17:18:20 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\autoruns.exe
[2011/11/26 17:17:39 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\C J Derricutt\Desktop\procexp.exe
[2011/11/25 20:35:49 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/25 20:35:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/25 19:29:22 | 000,302,592 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\m62htr3w.exe
[2011/11/25 19:29:22 | 000,302,592 | ---- | M] () -- C:\m62htr3w.exe
[2011/11/24 11:56:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\C J Derricutt\Desktop\OTL.exe
[2011/11/24 11:51:20 | 000,000,512 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\MBR.dat
[2011/11/24 11:49:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\C J Derricutt\Desktop\aswMBR.exe
[2011/11/24 11:43:51 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\C J Derricutt\Desktop\tdsskiller.exe
[2011/11/24 11:30:02 | 004,306,022 | R--- | M] (Swearware) -- C:\Users\C J Derricutt\Desktop\ComboFix.exe
[2011/11/17 18:58:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/16 13:02:50 | 105,848,832 | ---- | M] () -- C:\Users\C J Derricutt\Desktop\VIPRERescue11052.exe
[2011/11/09 20:18:28 | 003,225,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 23:28:38 | 000,003,290 | ---- | M] () -- C:\Users\C J Derricutt\AppData\Roaming\wklnhst.dat
[2011/11/07 21:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/11/07 20:38:01 | 000,741,476 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/06 21:56:29 | 796,811,336 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/29 18:54:25 | 000,035,328 | ---- | M] () -- C:\Users\C J Derricutt\Documents\FCC 70th AGM 27.11.2011

========== Files Created - No Company Name ==========

[2011/11/26 17:33:13 | 000,154,645 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.zip
[2011/11/26 17:32:35 | 003,481,600 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\AutoRuns.arn
[2011/11/25 20:35:49 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/25 19:42:35 | 000,302,592 | ---- | C] () -- C:\m62htr3w.exe
[2011/11/25 19:29:22 | 000,302,592 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\m62htr3w.exe
[2011/11/24 11:51:20 | 000,000,512 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\MBR.dat
[2011/11/24 11:31:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 11:31:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 11:31:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 11:31:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 11:31:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 12:59:25 | 105,848,832 | ---- | C] () -- C:\Users\C J Derricutt\Desktop\VIPRERescue11052.exe
[2011/11/07 20:38:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/07 20:38:01 | 000,741,476 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/29 18:54:23 | 000,035,328 | ---- | C] () -- C:\Users\C J Derricutt\Documents\FCC 70th AGM 27.11.2011
[2011/08/28 14:53:34 | 000,000,049 | ---- | C] () -- C:\Windows\CoolRead.ini
[2011/08/28 14:32:10 | 000,044,218 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Local\RAContactHistory.xml
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/12 20:53:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\Pianos and Keyboards
[2010/05/28 21:45:36 | 000,000,000 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\Phaser
[2010/05/28 21:45:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flowers
[2010/05/28 21:29:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/05/28 21:12:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grand Piano
[2010/05/28 21:12:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/05/28 21:09:25 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
[2010/03/16 14:52:36 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/16 10:26:39 | 000,000,592 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/03/09 21:28:26 | 000,000,123 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/03/09 21:28:23 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/03/09 21:28:23 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/03/09 21:28:23 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/02/17 21:13:44 | 000,003,584 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 14:44:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/02/09 21:23:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/06 19:38:51 | 000,000,268 | RH-- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\Galactic Static
[2010/01/06 19:36:32 | 000,000,268 | RH-- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\Fruit
[2010/01/05 17:47:30 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2009/09/07 18:34:35 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/09/07 18:34:35 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/09/07 18:34:35 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/09/07 18:34:35 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/09/07 18:34:35 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/09/07 18:34:35 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/09/07 18:34:35 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/09/07 18:34:35 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/09/07 18:34:35 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/09/07 18:34:35 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2009/09/07 18:34:35 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/09/07 18:34:35 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/09/07 18:34:35 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/09/07 18:34:35 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/09/07 18:34:35 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/09/07 18:34:35 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2009/09/07 18:34:35 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2009/09/07 18:34:35 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/09/07 18:34:35 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/09/07 18:32:28 | 000,000,041 | ---- | C] () -- C:\Windows\CDER1900DEFGIPS.ini
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/06 15:10:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/26 13:47:45 | 000,000,025 | ---- | C] () -- C:\Windows\efdcet.dat
[2009/05/26 13:46:52 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/05/16 20:05:31 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/03/13 19:33:47 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/01/16 11:15:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\PixText.dll
[2009/01/11 19:51:45 | 000,003,290 | ---- | C] () -- C:\Users\C J Derricutt\AppData\Roaming\wklnhst.dat
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

========== LOP Check ==========

[2010/02/09 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Auslogics
[2011/02/23 19:00:12 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Babylon
[2010/02/09 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\BullGuard
[2010/09/26 07:05:28 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\com.adobe.ExMan
[2010/02/09 21:40:06 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/22 18:18:41 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\DriverCure
[2010/09/18 15:17:01 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\EPSON
[2010/02/09 21:40:07 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\ErrorExpert
[2011/07/27 06:30:21 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\IObit
[2010/05/28 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Nikon
[2010/02/09 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\OpenOffice.org
[2011/10/07 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\PC Cleaners
[2011/08/28 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\PeerNetworking
[2010/11/14 07:32:24 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Sammsoft
[2011/05/25 13:48:00 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Softland
[2010/02/09 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Template
[2010/02/09 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Ten PDF Reader
[2010/02/17 14:30:30 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Trusteer
[2010/04/06 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Uniblue
[2010/02/09 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Western Digital
[2009/09/08 20:14:39 | 000,000,000 | ---D | M] -- C:\Users\C J Derricutt\AppData\Roaming\Windows Live Writer
[2011/11/08 23:10:14 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#24
Clifford385

Clifford385

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

The computer seems to be running ok,also the Avast Anti Virus is now updating by itself.
Is there anything else you want us to do.
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

Advertisements


#26
Clifford385

Clifford385

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you Ron for all your help. Im sorry there has been a delay, I wasnt able to get to Cliffords house last week.

We have done everything you asked and appreciate all the time you have given to help.
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
No problem. I have so many of these threads going I can't keep track anyway. Glad I could help.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP