Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo/RamnitA and more! - Can't complete most scan tools - com


  • Please log in to reply

#1
spyhunter

spyhunter

    Member

  • Member
  • PipPip
  • 48 posts
Hi, I hope someone can help me here! I have my wife's friend's vista laptop here, it arrived with the lid seperate from the body due to her children! I have repaired it and when I restarted it noticed it was slow and Microsoft security essentials wanted to do a complete scan "to complete removal of threats" (2 Java CVE Exploits and RamnitA) but it wouldn't complete, the whole system seized up a short way through the scan. I tried MBAM but with the same result (even in safe mode) Following the MBAM problem solver I tried to check the disk for errors on a restart but that failed too (stopped at 13% for 6 hours!). I tried the VIPRERescue tool, doesn't run in windows session command window, it stops some way through, so I tried to start computer in safe mode with command prompt but it won't work there either. I did try the VIPRE scan in the startup 'Repair my computer' option command prompt but the rootkit engine didn't start and at the end the threats (60 or so) couldn't be removed. The SAS tool stops too :-(

OTL however did complete and the log follows. TIA


OTL logfile created on: 25/02/2012 10:19:43 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\emma minton\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.72% Memory free
4.22 Gb Paging File | 3.13 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.26 Gb Total Space | 142.56 Gb Free Space | 64.43% Space Free | Partition Type: NTFS
Drive D: | 11.62 Gb Total Space | 2.05 Gb Free Space | 17.64% Space Free | Partition Type: NTFS
Drive F: | 971.63 Mb Total Space | 698.98 Mb Free Space | 71.94% Space Free | Partition Type: FAT

Computer Name: MUMSCOMP | User Name: emma minton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 10:11:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/05 20:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/07/25 07:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/02 12:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/10/01 02:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/10/01 02:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/10/01 02:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/10/01 02:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/10/01 02:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/09/05 20:03:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/09/05 19:52:04 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 17:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (SASKUTIL)
DRV - File not found [Kernel | System | Running] -- -- (SASDIFSV)
DRV - [2012/02/24 23:46:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 15:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/09 03:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 18:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 17:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 17:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 12:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C F9 68 71 33 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FestiveBar_3g.com/Plugin: C:\Program Files\FestiveBar_3g\bar\1.bin\NP3gStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4w\bar\1.bin\NP4wStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\emma minton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\emma minton\AppData\Local\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\emma minton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\emma minton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/15 10:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\3gffxtbr@FestiveBar_3g.com: C:\Program Files\FestiveBar_3g\bar\1.bin [2012/02/24 11:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4wffxtbr@Retrogamer_4w.com: C:\Program Files\Retrogamer_4w\bar\1.bin [2012/02/24 11:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 21:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 22:41:43 | 000,000,000 | ---D | M]

[2009/09/12 11:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Extensions
[2009/09/12 11:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/02/23 23:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions
[2010/11/02 20:42:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/04 15:21:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(223)
[2012/01/26 07:23:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/27 13:11:06 | 000,000,923 | ---- | M] () -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\searchplugins\conduit.xml
[2012/02/08 21:37:00 | 000,009,946 | ---- | M] () -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\searchplugins\FestiveBar_3g.xml
[2012/02/23 23:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/26 11:38:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/02/24 11:51:04 | 000,000,000 | ---D | M] (Retrogamer) -- C:\PROGRAM FILES\RETROGAMER_4W\BAR\1.BIN
() (No name found) -- C:\USERS\EMMA MINTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\27X5LVBO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/29 18:12:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/26 11:38:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/29 18:12:48 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/29 18:12:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/29 18:12:48 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/08/29 18:12:48 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/08/29 18:12:48 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/26 17:10:06 | 000,434,607 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14959 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Retrogamer) - {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FestiveBar) - {9ae277e9-32f4-46d5-94f4-20201609d1d0} - C:\Program Files\FestiveBar_3g\bar\1.bin\3gbar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\emma minton\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\emma minton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A46FC342-1058-4DD4-B906-F435D513620B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8AC626B-DF70-47E1-B61F-3CCF8D20EBD6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/06 22:52:59 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 15:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 10:18:51 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
[2012/02/25 09:51:12 | 000,000,000 | ---D | C] -- C:\Users\emma minton\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/25 09:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/25 01:02:00 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/02/25 01:02:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2012/02/25 01:01:39 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/02/23 17:47:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/23 15:53:09 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\emma minton\Desktop\TFC.exe
[2012/02/01 19:27:13 | 000,000,000 | ---D | C] -- C:\Users\emma minton\Documents\PlaySega
[2012/02/01 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GameTap Web Player
[2012/02/01 19:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player
[2012/02/01 19:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_4w
[2012/02/01 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_4wEI

========== Files - Modified Within 30 Days ==========

[2012/02/25 10:24:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/25 10:17:26 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/25 10:17:26 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/25 10:15:13 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/25 10:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/25 10:12:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 10:12:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 10:12:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/25 10:11:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
[2012/02/25 09:09:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/25 01:04:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003UA.job
[2012/02/25 01:02:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2012/02/25 01:01:04 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002UA.job
[2012/02/25 00:58:16 | 112,013,312 | ---- | M] () -- C:\Users\emma minton\Desktop\VIPRERescue11585.exe
[2012/02/24 23:46:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/24 12:31:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/24 07:56:31 | 000,304,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/23 20:04:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003Core.job
[2012/02/23 15:53:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\TFC.exe
[2012/02/23 15:47:28 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 15:38:57 | 000,001,244 | RHS- | M] () -- C:\Users\emma minton\ntuser.pol
[2012/02/08 22:01:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002Core.job
[2012/01/28 22:10:08 | 000,005,972 | ---- | M] () -- C:\Users\emma minton\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/02/25 01:02:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2012/02/25 01:00:00 | 112,013,312 | ---- | C] () -- C:\Users\emma minton\Desktop\VIPRERescue11585.exe
[2012/02/23 15:47:28 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/01/23 21:45:49 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/23 21:45:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/04 11:07:45 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/03/16 12:06:06 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/03/15 10:30:14 | 000,166,653 | ---- | C] () -- C:\Windows\hpoins36.dat

========== LOP Check ==========

[2011/05/11 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Azureus
[2010/11/04 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\com.w3i.musicoasis
[2010/11/04 15:56:18 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Exent Technologies
[2010/03/25 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Facebook
[2010/12/05 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Fugazo
[2009/10/03 14:51:30 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\iWin
[2011/05/25 08:30:34 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\LimeWire
[2010/11/04 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\MysteryStudio
[2009/01/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Skinux
[2011/07/31 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Unity
[2012/02/08 22:01:02 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002Core.job
[2012/02/25 01:01:04 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002UA.job
[2010/11/04 15:34:40 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/02/25 09:09:22 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Edited by spyhunter, 25 February 2012 - 08:44 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Ramnit is a file infector and usually fatal. Any program that runs gets its .exe file infected. We usually just recommend wiping the drive and reinstalling the OS. However, I have seen a few cases where AVG's Rescue Disk

http://www.geekstogo...alware-related/

was able to remove it but the amount of damage depends on how long it has been active.

Ron
  • 0

#3
spyhunter

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi Ron, Thanks for the reply. I don't kniow how long this machine has been infected but I shall give the AVG disk a go and see what it finds. In fact those malware entries only appeared in Microsoft Security essentials (which was already on the machine) when I ran a Spybot scan, unfortunately all previous MSE history was deleted so I do not know what threats it had found to make it want to run a full scan in the first place.

I have been reading up a bit on Ramnit and wonder whether you think it's safe to try and save all the photos and personal stuff on the drive before wiping (if that needs doing) as I am pretty certain they won't have a backup?

I presume in this case that it's probable that the recovery partition would be infected too and so unsuitable to use for the Vista re-installation?

Thanks, Neil

Edited by spyhunter, 26 February 2012 - 06:36 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Run the AVG scan and see how it does. (You should create the AVG disk on a different uninfected computer.) Perhaps the pictures and such have not been infected. AVG should tell you and if they are clean I think it can copy them for you.

I don't think this bug gets to the recovery partition so you may be OK there.
  • 0

#5
spyhunter

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I ran the AVG disk, it found Trojan Horse Agent.BK and Trojan horse Downloader.ABRW and some 'Funweb' Installers which I removed. No sign of the Ramnit but I don't know if that's good or bad!

I have tried again with MBAM and MSE (I reinstalled both with fresh downloads) but on a full scan they still stall and the computer seizes up (even the clock stops) shortly afterwards, always in the /boot/ folder either on the file bootfix.bin, BCD.LOG or BCD.LOG2.

BCD.LOG2 was 0 bytes so I took a chance and deleted it but that hasn't changed anything. It's a bit frustrating as the machine is working a lot better (other than a Firefox addon 'Retrogamer' which I can only disable, not remove). I Tried CHKDSK again and it completed almost immediately this time, claiming the everything was fine, but I still can't run those scans! If it was one or the other not working I'd suspect a bug in the scanner, but both is a bit odd.

I'm uncertain how to proceed from here, any ideas??

Thanks, Neil



P.S. just retried VIPRERescue it stops and computer seizes @ bootfix.bin too!

Edited by spyhunter, 27 February 2012 - 07:10 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
bootfix.bin isn't really required so you can delete it.

Not sure you have it but if you do: Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Uninstall Malwarebytes' Anti-Malware if you have it.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Turn off Parental Controls:
http://windows.micro...rental-Controls

Reboot.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:Services
SASKUTIL
SASDIFSV
SBRE
SBSDWSCService
YahooAUService

:OTL
FF - HKLM\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4w\bar\1.bin\NP4wStub.dll File not found
[2012/01/26 07:23:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/27 13:11:06 | 000,000,923 | ---- | M] () -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\searchplugins\conduit.xml
[2012/02/08 21:37:00 | 000,009,946 | ---- | M] () -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\searchplugins\FestiveBar_3g.xml
[2011/05/26 11:38:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/02/24 11:51:04 | 000,000,000 | ---D | M] (Retrogamer) -- C:\PROGRAM FILES\RETROGAMER_4W\BAR\1.BIN
[2011/05/26 11:38:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Retrogamer) - {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FestiveBar) - {9ae277e9-32f4-46d5-94f4-20201609d1d0} - C:\Program Files\FestiveBar_3g\bar\1.bin\3gbar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\emma minton\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\emma minton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O32 - AutoRun File - [2005/09/11 15:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
[2012/02/25 09:51:12 | 000,000,000 | ---D | C] -- C:\Users\emma minton\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/25 09:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/25 01:02:00 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/02/25 01:02:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2012/02/25 01:01:39 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/02/01 19:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_4w
[2012/02/01 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_4wEI
[2012/02/25 01:02:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2012/02/25 01:01:04 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002UA.job
[2012/02/25 00:58:16 | 112,013,312 | ---- | M] () -- C:\Users\emma minton\Desktop\VIPRERescue11585.exe
[2012/02/08 22:01:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002Core.job
[2012/02/08 22:01:02 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002Core.job
[2012/02/25 01:01:04 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1002UA.job
[2010/11/04 15:34:40 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config SASKUTIL start= disabled /c
sc config SASDIFSV start= disabled /c
sc config SBRE start= disabled /c
sc config SBSDWSCService start= disabled /c
sc config YahooAUService start= disabled /c
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast Engine download and scan)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron

PS going off island for a week so replies may be slow.
  • 0

#7
spyhunter

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi again, Thanks for all the help!

I have completed the steps you gave me, the logs are here, however the last step with avast doesn't complete! The scan starts but shortly after stops on a runescape file, sw3d.dll. I left it for 5 hours but it did not move, I tried it again this morning with the same result and when I look the log files are blank.

All the requested logs are here:-



COMBOFIX LOG:

ComboFix 12-02-27.02 - emma minton 27/02/2012 18:21:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.944 [GMT 0:00]
Running from: c:\users\emma minton\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 18:34 . 2012-02-27 18:34 -------- d-----w- c:\users\Jack\AppData\Local\temp
2012-02-27 18:34 . 2012-02-27 18:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-27 18:34 . 2012-02-27 18:34 -------- d-----w- c:\users\emma\AppData\Local\temp
2012-02-27 18:34 . 2012-02-27 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 18:34 . 2012-02-27 18:34 -------- d-----w- c:\users\dave\AppData\Local\temp
2012-02-27 18:34 . 2012-02-27 18:34 -------- d-----w- c:\users\Amy\AppData\Local\temp
2012-02-27 18:00 . 2012-02-27 18:00 -------- d-----w- C:\_OTL
2012-02-27 15:53 . 2011-12-26 13:51 216576 ----a-w- c:\windows\system32\PuranDefrag.dll
2012-02-27 15:53 . 2011-12-26 15:33 254464 ----a-w- c:\windows\system32\PuranDC.exe
2012-02-27 15:53 . 2011-12-26 15:33 1133568 ----a-w- c:\windows\system32\PuranFD.exe
2012-02-27 15:53 . 2011-12-26 15:33 258048 ----a-w- c:\windows\system32\PuranDefragS.exe
2012-02-27 15:53 . 2011-12-26 15:33 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2012-02-27 15:53 . 2012-02-27 15:56 -------- d-----w- c:\program files\Puran Defrag
2012-02-27 10:57 . 2012-02-27 10:56 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE50C416-8F4D-4CD0-A3B9-C904CEAADC4B}\gapaengine.dll
2012-02-27 10:57 . 2012-02-07 22:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A0DD55D-CF98-4B73-8E59-0788CAA72678}\mpengine.dll
2012-02-27 10:50 . 2012-02-27 10:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-25 13:33 . 2012-02-25 13:34 -------- d-----w- c:\users\tem
2012-02-23 15:10 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-23 15:10 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-23 15:10 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-01 19:23 . 2012-02-23 23:55 -------- d-----w- c:\program files\GameTap Web Player
2012-02-01 19:23 . 2012-02-01 19:23 -------- d-----w- c:\programdata\GameTap Web Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2011-05-25 15:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2009-10-03 07:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 14:40 . 2012-02-26 16:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
c:\users\emma minton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-25 16:05]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:14]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:14]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003Core.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-08 03:14]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003UA.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-08 03:14]
.
2012-02-27 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-05-26 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/?ilc=8
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=LKxdm005YYgb&ptb=702EB4CB-07CA-43BD-B5E2-1EA66B4AAB96&ind=2011102411&ptnrS=LKxdm005YYgb&si=&n=77defccb&psa=&st=kwd&searchfor=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 18:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-27 18:42:03
ComboFix-quarantined-files.txt 2012-02-27 18:41
.
Pre-Run: 142,228,832,256 bytes free
Post-Run: 141,661,900,800 bytes free
.
- - End Of File - - AF80D2E62F96B6A21F0BEA676B1C2E65


TDSS KILLER LOG:



18:45:25.0344 2812 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
18:45:25.0438 2812 ============================================================
18:45:25.0438 2812 Current date / time: 2012/02/27 18:45:25.0438
18:45:25.0438 2812 SystemInfo:
18:45:25.0438 2812
18:45:25.0438 2812 OS Version: 6.0.6002 ServicePack: 2.0
18:45:25.0438 2812 Product type: Workstation
18:45:25.0438 2812 ComputerName: MUMSCOMP
18:45:25.0438 2812 UserName: emma minton
18:45:25.0438 2812 Windows directory: C:\Windows
18:45:25.0438 2812 System windows directory: C:\Windows
18:45:25.0438 2812 Processor architecture: Intel x86
18:45:25.0438 2812 Number of processors: 2
18:45:25.0438 2812 Page size: 0x1000
18:45:25.0438 2812 Boot type: Normal boot
18:45:25.0438 2812 ============================================================
18:45:26.0093 2812 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:45:26.0093 2812 \Device\Harddisk0\DR0:
18:45:26.0093 2812 MBR used
18:45:26.0093 2812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BA86795
18:45:26.0093 2812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BA867D4, BlocksNum 0x173DDAD
18:45:26.0140 2812 Initialize success
18:45:26.0140 2812 ============================================================
18:45:39.0899 0524 ============================================================
18:45:39.0899 0524 Scan started
18:45:39.0899 0524 Mode: Manual;
18:45:39.0899 0524 ============================================================
18:45:40.0429 0524 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:45:40.0429 0524 ACPI - ok
18:45:40.0538 0524 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:45:40.0554 0524 adp94xx - ok
18:45:40.0585 0524 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:45:40.0585 0524 adpahci - ok
18:45:40.0632 0524 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:45:40.0632 0524 adpu160m - ok
18:45:40.0679 0524 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:45:40.0679 0524 adpu320 - ok
18:45:40.0804 0524 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:45:40.0804 0524 AFD - ok
18:45:40.0882 0524 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:45:40.0882 0524 agp440 - ok
18:45:40.0944 0524 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:45:40.0944 0524 aic78xx - ok
18:45:40.0975 0524 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:45:40.0975 0524 aliide - ok
18:45:41.0022 0524 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:45:41.0022 0524 amdagp - ok
18:45:41.0069 0524 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:45:41.0069 0524 amdide - ok
18:45:41.0084 0524 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:45:41.0084 0524 AmdK7 - ok
18:45:41.0116 0524 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:45:41.0116 0524 AmdK8 - ok
18:45:41.0194 0524 ApfiltrService (b49a709f65bf3beaa2b03f8ec139d568) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:45:41.0194 0524 ApfiltrService - ok
18:45:41.0287 0524 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:45:41.0287 0524 arc - ok
18:45:41.0350 0524 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:45:41.0350 0524 arcsas - ok
18:45:41.0428 0524 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:45:41.0428 0524 AsyncMac - ok
18:45:41.0474 0524 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:45:41.0474 0524 atapi - ok
18:45:41.0584 0524 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:45:41.0584 0524 BCM43XV - ok
18:45:41.0630 0524 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:45:41.0630 0524 Beep - ok
18:45:41.0693 0524 blbdrive - ok
18:45:41.0802 0524 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:45:41.0802 0524 bowser - ok
18:45:41.0864 0524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:45:41.0864 0524 BrFiltLo - ok
18:45:41.0896 0524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:45:41.0896 0524 BrFiltUp - ok
18:45:41.0927 0524 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:45:41.0927 0524 Brserid - ok
18:45:41.0958 0524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:45:41.0958 0524 BrSerWdm - ok
18:45:41.0974 0524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:45:41.0974 0524 BrUsbMdm - ok
18:45:42.0005 0524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:45:42.0005 0524 BrUsbSer - ok
18:45:42.0083 0524 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:45:42.0083 0524 BthEnum - ok
18:45:42.0145 0524 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:45:42.0145 0524 BTHMODEM - ok
18:45:42.0192 0524 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:45:42.0192 0524 BthPan - ok
18:45:42.0301 0524 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
18:45:42.0317 0524 BTHPORT - ok
18:45:42.0395 0524 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
18:45:42.0395 0524 BTHUSB - ok
18:45:42.0488 0524 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
18:45:42.0488 0524 btwaudio - ok
18:45:42.0504 0524 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
18:45:42.0504 0524 btwavdt - ok
18:45:42.0582 0524 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
18:45:42.0582 0524 btwrchid - ok
18:45:42.0754 0524 catchme - ok
18:45:42.0832 0524 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:45:42.0832 0524 cdfs - ok
18:45:42.0894 0524 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:45:42.0910 0524 cdrom - ok
18:45:42.0956 0524 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:45:42.0956 0524 circlass - ok
18:45:43.0003 0524 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:45:43.0003 0524 CLFS - ok
18:45:43.0097 0524 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:45:43.0097 0524 CmBatt - ok
18:45:43.0128 0524 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:45:43.0128 0524 cmdide - ok
18:45:43.0206 0524 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
18:45:43.0206 0524 CnxtHdAudService - ok
18:45:43.0268 0524 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:45:43.0268 0524 Compbatt - ok
18:45:43.0300 0524 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:45:43.0300 0524 crcdisk - ok
18:45:43.0331 0524 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:45:43.0331 0524 Crusoe - ok
18:45:43.0456 0524 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:45:43.0456 0524 DfsC - ok
18:45:43.0534 0524 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:45:43.0549 0524 disk - ok
18:45:43.0643 0524 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:45:43.0658 0524 Dot4 - ok
18:45:43.0674 0524 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:45:43.0674 0524 Dot4Print - ok
18:45:43.0721 0524 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:45:43.0721 0524 dot4usb - ok
18:45:43.0783 0524 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:45:43.0783 0524 drmkaud - ok
18:45:43.0846 0524 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:45:43.0861 0524 DXGKrnl - ok
18:45:43.0924 0524 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
18:45:43.0939 0524 E100B - ok
18:45:44.0002 0524 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:45:44.0002 0524 E1G60 - ok
18:45:44.0111 0524 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:45:44.0111 0524 Ecache - ok
18:45:44.0204 0524 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:45:44.0204 0524 elxstor - ok
18:45:44.0314 0524 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:45:44.0314 0524 exfat - ok
18:45:44.0376 0524 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:45:44.0376 0524 fastfat - ok
18:45:44.0438 0524 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:45:44.0438 0524 fdc - ok
18:45:44.0532 0524 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:45:44.0532 0524 FileInfo - ok
18:45:44.0563 0524 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:45:44.0563 0524 Filetrace - ok
18:45:44.0594 0524 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:45:44.0610 0524 flpydisk - ok
18:45:44.0657 0524 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:45:44.0657 0524 FltMgr - ok
18:45:44.0766 0524 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:45:44.0766 0524 fssfltr - ok
18:45:44.0813 0524 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:45:44.0813 0524 Fs_Rec - ok
18:45:44.0844 0524 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:45:44.0860 0524 gagp30kx - ok
18:45:44.0906 0524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:45:44.0906 0524 GEARAspiWDM - ok
18:45:45.0062 0524 HdAudAddService (4487da7bd384caafa0c620b19fea540a) C:\Windows\system32\drivers\CHDART.sys
18:45:45.0062 0524 HdAudAddService - ok
18:45:45.0125 0524 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:45:45.0140 0524 HDAudBus - ok
18:45:45.0187 0524 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:45:45.0187 0524 HidBth - ok
18:45:45.0218 0524 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:45:45.0218 0524 HidIr - ok
18:45:45.0296 0524 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
18:45:45.0296 0524 HidUsb - ok
18:45:45.0328 0524 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:45:45.0328 0524 HpCISSs - ok
18:45:45.0406 0524 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:45:45.0406 0524 HpqKbFiltr - ok
18:45:45.0437 0524 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
18:45:45.0437 0524 HpqRemHid - ok
18:45:45.0484 0524 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:45:45.0484 0524 HSFHWAZL - ok
18:45:45.0562 0524 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:45:45.0577 0524 HSF_DPV - ok
18:45:45.0640 0524 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:45:45.0640 0524 HSXHWAZL - ok
18:45:45.0702 0524 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:45:45.0718 0524 HTTP - ok
18:45:45.0764 0524 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:45:45.0764 0524 i2omp - ok
18:45:45.0858 0524 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:45:45.0858 0524 i8042prt - ok
18:45:45.0998 0524 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:45:46.0030 0524 ialm - ok
18:45:46.0076 0524 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
18:45:46.0092 0524 iaStor - ok
18:45:46.0139 0524 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:45:46.0139 0524 iaStorV - ok
18:45:46.0295 0524 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:45:46.0310 0524 igfx - ok
18:45:46.0357 0524 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:45:46.0357 0524 iirsp - ok
18:45:46.0404 0524 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:45:46.0404 0524 intelide - ok
18:45:46.0466 0524 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:45:46.0466 0524 intelppm - ok
18:45:46.0544 0524 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:45:46.0544 0524 IpFilterDriver - ok
18:45:46.0560 0524 IpInIp - ok
18:45:46.0591 0524 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:45:46.0607 0524 IPMIDRV - ok
18:45:46.0638 0524 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:45:46.0654 0524 IPNAT - ok
18:45:46.0716 0524 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:45:46.0716 0524 IRENUM - ok
18:45:46.0747 0524 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:45:46.0747 0524 isapnp - ok
18:45:46.0794 0524 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:45:46.0794 0524 iScsiPrt - ok
18:45:46.0825 0524 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:45:46.0825 0524 iteatapi - ok
18:45:46.0903 0524 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:45:46.0903 0524 iteraid - ok
18:45:46.0950 0524 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:45:46.0950 0524 kbdclass - ok
18:45:46.0997 0524 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:45:46.0997 0524 kbdhid - ok
18:45:47.0059 0524 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:45:47.0059 0524 KSecDD - ok
18:45:47.0153 0524 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:45:47.0153 0524 lltdio - ok
18:45:47.0215 0524 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:45:47.0231 0524 LSI_FC - ok
18:45:47.0246 0524 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:45:47.0246 0524 LSI_SAS - ok
18:45:47.0278 0524 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:45:47.0278 0524 LSI_SCSI - ok
18:45:47.0324 0524 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:45:47.0324 0524 luafv - ok
18:45:47.0371 0524 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:45:47.0371 0524 mdmxsdk - ok
18:45:47.0434 0524 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:45:47.0434 0524 megasas - ok
18:45:47.0480 0524 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:45:47.0480 0524 Modem - ok
18:45:47.0543 0524 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:45:47.0558 0524 monitor - ok
18:45:47.0590 0524 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:45:47.0590 0524 mouclass - ok
18:45:47.0621 0524 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
18:45:47.0621 0524 mouhid - ok
18:45:47.0652 0524 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:45:47.0668 0524 MountMgr - ok
18:45:47.0746 0524 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:45:47.0746 0524 MpFilter - ok
18:45:47.0777 0524 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:45:47.0777 0524 mpio - ok
18:45:47.0824 0524 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:45:47.0824 0524 MpNWMon - ok
18:45:47.0870 0524 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:45:47.0870 0524 mpsdrv - ok
18:45:47.0902 0524 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:45:47.0902 0524 Mraid35x - ok
18:45:47.0948 0524 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:45:47.0964 0524 MRxDAV - ok
18:45:48.0011 0524 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:45:48.0011 0524 mrxsmb - ok
18:45:48.0073 0524 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:45:48.0073 0524 mrxsmb10 - ok
18:45:48.0120 0524 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:45:48.0120 0524 mrxsmb20 - ok
18:45:48.0151 0524 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:45:48.0151 0524 msahci - ok
18:45:48.0182 0524 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:45:48.0182 0524 msdsm - ok
18:45:48.0229 0524 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:45:48.0229 0524 Msfs - ok
18:45:48.0307 0524 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:45:48.0307 0524 msisadrv - ok
18:45:48.0385 0524 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:45:48.0401 0524 MSKSSRV - ok
18:45:48.0448 0524 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:45:48.0448 0524 MSPCLOCK - ok
18:45:48.0463 0524 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:45:48.0463 0524 MSPQM - ok
18:45:48.0526 0524 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:45:48.0526 0524 MsRPC - ok
18:45:48.0557 0524 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:45:48.0557 0524 mssmbios - ok
18:45:48.0572 0524 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:45:48.0572 0524 MSTEE - ok
18:45:48.0604 0524 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:45:48.0604 0524 Mup - ok
18:45:48.0682 0524 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:45:48.0697 0524 NativeWifiP - ok
18:45:48.0775 0524 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:45:48.0791 0524 NDIS - ok
18:45:48.0853 0524 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:45:48.0853 0524 NdisTapi - ok
18:45:48.0900 0524 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:45:48.0900 0524 Ndisuio - ok
18:45:48.0947 0524 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:45:48.0962 0524 NdisWan - ok
18:45:49.0009 0524 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:45:49.0009 0524 NDProxy - ok
18:45:49.0087 0524 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:45:49.0087 0524 NetBIOS - ok
18:45:49.0134 0524 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:45:49.0134 0524 netbt - ok
18:45:49.0274 0524 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:45:49.0306 0524 NETw4v32 - ok
18:45:49.0524 0524 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:45:49.0555 0524 NETw5v32 - ok
18:45:49.0618 0524 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:45:49.0618 0524 nfrd960 - ok
18:45:49.0664 0524 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:45:49.0664 0524 NisDrv - ok
18:45:49.0711 0524 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:45:49.0711 0524 Npfs - ok
18:45:49.0758 0524 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:45:49.0758 0524 nsiproxy - ok
18:45:49.0836 0524 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:45:49.0867 0524 Ntfs - ok
18:45:49.0914 0524 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:45:49.0914 0524 ntrigdigi - ok
18:45:49.0961 0524 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:45:49.0961 0524 Null - ok
18:45:49.0992 0524 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:45:49.0992 0524 nvraid - ok
18:45:50.0023 0524 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:45:50.0023 0524 nvstor - ok
18:45:50.0054 0524 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:45:50.0054 0524 nv_agp - ok
18:45:50.0070 0524 NwlnkFlt - ok
18:45:50.0101 0524 NwlnkFwd - ok
18:45:50.0179 0524 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:45:50.0179 0524 ohci1394 - ok
18:45:50.0226 0524 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:45:50.0226 0524 Parport - ok
18:45:50.0273 0524 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:45:50.0273 0524 partmgr - ok
18:45:50.0304 0524 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:45:50.0304 0524 Parvdm - ok
18:45:50.0335 0524 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:45:50.0335 0524 pci - ok
18:45:50.0366 0524 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:45:50.0366 0524 pciide - ok
18:45:50.0398 0524 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:45:50.0413 0524 pcmcia - ok
18:45:50.0491 0524 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:45:50.0538 0524 PEAUTH - ok
18:45:50.0647 0524 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:45:50.0663 0524 PptpMiniport - ok
18:45:50.0678 0524 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:45:50.0678 0524 Processor - ok
18:45:50.0756 0524 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:45:50.0756 0524 PSched - ok
18:45:50.0850 0524 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:45:50.0866 0524 ql2300 - ok
18:45:50.0897 0524 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:45:50.0897 0524 ql40xx - ok
18:45:50.0959 0524 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:45:50.0959 0524 QWAVEdrv - ok
18:45:50.0990 0524 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:45:51.0006 0524 RasAcd - ok
18:45:51.0053 0524 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:45:51.0068 0524 Rasl2tp - ok
18:45:51.0115 0524 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:45:51.0115 0524 RasPppoe - ok
18:45:51.0162 0524 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:45:51.0162 0524 RasSstp - ok
18:45:51.0209 0524 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:45:51.0209 0524 rdbss - ok
18:45:51.0240 0524 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:45:51.0256 0524 RDPCDD - ok
18:45:51.0302 0524 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:45:51.0318 0524 rdpdr - ok
18:45:51.0334 0524 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:45:51.0334 0524 RDPENCDD - ok
18:45:51.0380 0524 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:45:51.0380 0524 RDPWD - ok
18:45:51.0474 0524 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:45:51.0474 0524 RFCOMM - ok
18:45:51.0552 0524 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
18:45:51.0552 0524 rimmptsk - ok
18:45:51.0599 0524 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
18:45:51.0599 0524 rimsptsk - ok
18:45:51.0661 0524 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
18:45:51.0661 0524 RimUsb - ok
18:45:51.0708 0524 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
18:45:51.0708 0524 rismxdp - ok
18:45:51.0755 0524 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:45:51.0755 0524 rspndr - ok
18:45:51.0817 0524 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:45:51.0817 0524 sbp2port - ok
18:45:51.0895 0524 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
18:45:51.0911 0524 sdbus - ok
18:45:51.0926 0524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:45:51.0926 0524 secdrv - ok
18:45:51.0958 0524 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:45:51.0973 0524 Serenum - ok
18:45:52.0004 0524 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:45:52.0004 0524 Serial - ok
18:45:52.0036 0524 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:45:52.0036 0524 sermouse - ok
18:45:52.0082 0524 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:45:52.0082 0524 sffdisk - ok
18:45:52.0114 0524 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:45:52.0114 0524 sffp_mmc - ok
18:45:52.0145 0524 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:45:52.0145 0524 sffp_sd - ok
18:45:52.0176 0524 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:45:52.0176 0524 sfloppy - ok
18:45:52.0207 0524 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:45:52.0207 0524 sisagp - ok
18:45:52.0238 0524 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:45:52.0238 0524 SiSRaid2 - ok
18:45:52.0270 0524 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:45:52.0270 0524 SiSRaid4 - ok
18:45:52.0332 0524 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:45:52.0332 0524 Smb - ok
18:45:52.0394 0524 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:45:52.0394 0524 spldr - ok
18:45:52.0457 0524 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:45:52.0457 0524 srv - ok
18:45:52.0504 0524 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:45:52.0519 0524 srv2 - ok
18:45:52.0535 0524 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:45:52.0550 0524 srvnet - ok
18:45:52.0644 0524 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:45:52.0644 0524 swenum - ok
18:45:52.0691 0524 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:45:52.0691 0524 Symc8xx - ok
18:45:52.0738 0524 SymIM - ok
18:45:52.0753 0524 SymIMMP - ok
18:45:52.0800 0524 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:45:52.0800 0524 Sym_hi - ok
18:45:52.0816 0524 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:45:52.0816 0524 Sym_u3 - ok
18:45:52.0925 0524 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
18:45:52.0956 0524 Tcpip - ok
18:45:53.0003 0524 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
18:45:53.0018 0524 Tcpip6 - ok
18:45:53.0065 0524 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
18:45:53.0065 0524 tcpipreg - ok
18:45:53.0112 0524 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:45:53.0112 0524 TDPIPE - ok
18:45:53.0128 0524 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:45:53.0128 0524 TDTCP - ok
18:45:53.0174 0524 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:45:53.0174 0524 tdx - ok
18:45:53.0221 0524 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:45:53.0221 0524 TermDD - ok
18:45:53.0268 0524 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:45:53.0268 0524 tssecsrv - ok
18:45:53.0346 0524 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:45:53.0346 0524 tunmp - ok
18:45:53.0393 0524 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:45:53.0393 0524 tunnel - ok
18:45:53.0425 0524 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:45:53.0425 0524 uagp35 - ok
18:45:53.0487 0524 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:45:53.0487 0524 udfs - ok
18:45:53.0534 0524 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:45:53.0534 0524 uliagpkx - ok
18:45:53.0565 0524 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:45:53.0581 0524 uliahci - ok
18:45:53.0597 0524 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:45:53.0597 0524 UlSata - ok
18:45:53.0628 0524 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:45:53.0628 0524 ulsata2 - ok
18:45:53.0675 0524 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:45:53.0675 0524 umbus - ok
18:45:53.0737 0524 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:45:53.0737 0524 USBAAPL - ok
18:45:53.0799 0524 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:45:53.0799 0524 usbccgp - ok
18:45:53.0815 0524 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:45:53.0831 0524 usbcir - ok
18:45:53.0862 0524 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:45:53.0862 0524 usbehci - ok
18:45:53.0893 0524 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:45:53.0909 0524 usbhub - ok
18:45:53.0940 0524 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:45:53.0940 0524 usbohci - ok
18:45:53.0971 0524 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:45:53.0971 0524 usbprint - ok
18:45:54.0018 0524 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:45:54.0018 0524 usbscan - ok
18:45:54.0049 0524 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:45:54.0049 0524 USBSTOR - ok
18:45:54.0096 0524 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:45:54.0096 0524 usbuhci - ok
18:45:54.0189 0524 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:45:54.0189 0524 usbvideo - ok
18:45:54.0221 0524 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:45:54.0221 0524 vga - ok
18:45:54.0267 0524 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:45:54.0267 0524 VgaSave - ok
18:45:54.0299 0524 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:45:54.0299 0524 viaagp - ok
18:45:54.0314 0524 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:45:54.0314 0524 ViaC7 - ok
18:45:54.0345 0524 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:45:54.0345 0524 viaide - ok
18:45:54.0377 0524 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:45:54.0377 0524 volmgr - ok
18:45:54.0423 0524 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:45:54.0439 0524 volmgrx - ok
18:45:54.0486 0524 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:45:54.0486 0524 volsnap - ok
18:45:54.0533 0524 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:45:54.0533 0524 vsmraid - ok
18:45:54.0579 0524 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:45:54.0579 0524 WacomPen - ok
18:45:54.0611 0524 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:54.0626 0524 Wanarp - ok
18:45:54.0642 0524 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:54.0642 0524 Wanarpv6 - ok
18:45:54.0689 0524 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:45:54.0689 0524 Wd - ok
18:45:54.0735 0524 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:45:54.0767 0524 Wdf01000 - ok
18:45:54.0891 0524 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:45:54.0907 0524 winachsf - ok
18:45:55.0032 0524 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:45:55.0032 0524 WmiAcpi - ok
18:45:55.0094 0524 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:45:55.0094 0524 WpdUsb - ok
18:45:55.0141 0524 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:45:55.0141 0524 ws2ifsl - ok
18:45:55.0203 0524 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:45:55.0203 0524 WUDFRd - ok
18:45:55.0266 0524 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:45:55.0266 0524 XAudio - ok
18:45:55.0375 0524 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
18:45:55.0375 0524 yukonwlh - ok
18:45:55.0422 0524 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
18:45:55.0453 0524 \Device\Harddisk0\DR0 - ok
18:45:55.0469 0524 Boot (0x1200) (668e8cb726ee552f2a4a5131545b1275) \Device\Harddisk0\DR0\Partition0
18:45:55.0469 0524 \Device\Harddisk0\DR0\Partition0 - ok
18:45:55.0469 0524 Boot (0x1200) (4da474a2ef4922358a54d7e288f52d77) \Device\Harddisk0\DR0\Partition1
18:45:55.0469 0524 \Device\Harddisk0\DR0\Partition1 - ok
18:45:55.0484 0524 ============================================================
18:45:55.0484 0524 Scan finished
18:45:55.0484 0524 ============================================================
18:45:55.0500 4716 Detected object count: 0
18:45:55.0500 4716 Actual detected object count: 0
18:46:23.0642 4608 Deinitialize success




aswMBR LOG:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 18:53:15
-----------------------------
18:53:15.125 OS Version: Windows 6.0.6002 Service Pack 2
18:53:15.125 Number of processors: 2 586 0xF0D
18:53:15.125 ComputerName: MUMSCOMP UserName:
18:53:16.373 Initialize success
18:54:29.246 AVAST engine defs: 12022700
18:55:04.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:55:04.018 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
18:55:04.034 Disk 0 MBR read successfully
18:55:04.034 Disk 0 MBR scan
18:55:04.049 Disk 0 unknown MBR code
18:55:04.112 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226572 MB offset 63
18:55:04.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11899 MB offset 464021460
18:55:04.159 Disk 0 scanning sectors +488392065
18:55:04.252 Disk 0 scanning C:\Windows\system32\drivers
18:55:19.104 Service scanning
18:55:32.489 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:55:50.103 Modules scanning
18:55:58.183 AVAST engine scan C:\Windows
18:56:03.300 AVAST engine scan C:\Windows\system32
19:00:34.662 AVAST engine scan C:\Windows\system32\drivers
19:00:55.363 AVAST engine scan C:\Users\emma minton
19:23:40.317 AVAST engine scan C:\ProgramData
19:34:21.281 Scan finished successfully
19:52:40.139 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
19:52:40.326 The log file has been saved successfully to "F:\aswMBR.txt"




OTL.txt:



OTL logfile created on: 27/02/2012 19:53:41 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\emma minton\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.76% Memory free
4.21 Gb Paging File | 2.92 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.26 Gb Total Space | 131.42 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive D: | 11.62 Gb Total Space | 1.75 Gb Free Space | 15.05% Space Free | Partition Type: NTFS
Drive F: | 971.63 Mb Total Space | 611.31 Mb Free Space | 62.92% Space Free | Partition Type: FAT

Computer Name: MUMSCOMP | User Name: emma minton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 10:11:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/05 20:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/09/05 20:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/10/01 02:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/10/01 02:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/10/01 02:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/10/01 02:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/10/01 02:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/09/05 20:03:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/09/05 19:52:04 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 17:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 15:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/09 03:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 18:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 17:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 17:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 12:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C F9 68 71 33 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FestiveBar_3g.com/Plugin: C:\Program Files\FestiveBar_3g\bar\1.bin\NP3gStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\emma minton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\emma minton\AppData\Local\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\emma minton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\emma minton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/15 10:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\3gffxtbr@FestiveBar_3g.com: C:\Program Files\FestiveBar_3g\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4wffxtbr@Retrogamer_4w.com: C:\Program Files\Retrogamer_4w\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 16:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/09/12 11:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Extensions
[2009/09/12 11:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/02/27 18:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions
[2010/07/04 15:21:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(223)
[2012/02/27 10:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\EMMA MINTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\27X5LVBO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/16 14:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 10:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 10:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/27 18:34:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A46FC342-1058-4DD4-B906-F435D513620B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8AC626B-DF70-47E1-B61F-3CCF8D20EBD6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/06 22:52:59 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/29 16:16:02 | 000,660,344 | ---- | M] (Sysinternals - www.sysinternals.com) - F:\autoruns.exe -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 18:45:08 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\emma minton\Desktop\tdsskiller.exe
[2012/02/27 18:44:58 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\emma minton\Desktop\aswMBR.exe
[2012/02/27 18:42:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/27 18:42:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/27 18:18:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/27 18:18:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/27 18:18:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/27 18:18:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/27 18:18:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/27 18:15:11 | 004,420,957 | R--- | C] (Swearware) -- C:\Users\emma minton\Desktop\ComboFix.exe
[2012/02/27 18:00:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/27 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2012/02/27 15:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2012/02/27 10:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/26 16:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/25 10:18:51 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
[2012/02/24 07:24:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/24 07:24:52 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/24 07:24:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/24 07:24:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/24 07:24:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/24 07:24:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/23 15:53:09 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\emma minton\Desktop\TFC.exe
[2012/02/23 15:10:49 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/01 19:27:13 | 000,000,000 | ---D | C] -- C:\Users\emma minton\Documents\PlaySega
[2012/02/01 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GameTap Web Player
[2012/02/01 19:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player

========== Files - Modified Within 30 Days ==========

[2012/02/27 19:24:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/27 19:04:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003UA.job
[2012/02/27 18:54:44 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/27 18:54:44 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/27 18:42:42 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\emma minton\Desktop\aswMBR.exe
[2012/02/27 18:41:00 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\emma minton\Desktop\tdsskiller.exe
[2012/02/27 18:34:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/27 18:15:39 | 004,420,957 | R--- | M] (Swearware) -- C:\Users\emma minton\Desktop\ComboFix.exe
[2012/02/27 18:09:21 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/27 18:08:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/27 18:03:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 18:03:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 18:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 18:02:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/27 17:56:12 | 000,001,244 | RHS- | M] () -- C:\Users\emma minton\ntuser.pol
[2012/02/27 16:30:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/27 15:53:19 | 000,000,862 | ---- | M] () -- C:\Users\emma minton\Desktop\Puran Defrag.lnk
[2012/02/27 12:31:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/27 10:51:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/26 16:59:25 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/25 21:35:10 | 000,000,036 | ---- | M] () -- C:\Users\emma minton\Desktop\defrag.bat
[2012/02/25 10:11:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
[2012/02/24 07:56:31 | 000,304,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/23 20:04:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003Core.job
[2012/02/23 16:18:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 15:53:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\TFC.exe
[2012/01/31 12:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/28 22:10:08 | 000,005,972 | ---- | M] () -- C:\Users\emma minton\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/02/27 18:18:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/27 18:18:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/27 18:18:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/27 18:18:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/27 18:18:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/27 15:53:19 | 000,000,862 | ---- | C] () -- C:\Users\emma minton\Desktop\Puran Defrag.lnk
[2012/02/27 10:51:00 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/26 16:59:25 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/26 16:59:25 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/25 21:39:17 | 000,000,036 | ---- | C] () -- C:\Users\emma minton\Desktop\defrag.bat
[2011/01/23 21:45:49 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/23 21:45:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/04 11:07:45 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/03/16 12:06:06 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/03/15 10:30:14 | 000,166,653 | ---- | C] () -- C:\Windows\hpoins36.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/02/11 13:38:57 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Adobe
[2011/11/18 16:56:21 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Apple Computer
[2011/05/11 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Azureus
[2010/11/04 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\com.w3i.musicoasis
[2011/10/12 17:26:34 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\CyberLink
[2010/11/04 15:56:18 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Exent Technologies
[2010/03/25 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Facebook
[2010/12/05 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Fugazo
[2010/09/01 07:53:59 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Google
[2009/01/12 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Hewlett-Packard
[2010/03/15 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\HP
[2009/01/12 15:55:01 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Identities
[2009/10/03 14:51:30 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\iWin
[2011/05/25 08:30:34 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\LimeWire
[2009/01/12 15:57:17 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Macromedia
[2011/05/25 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Malwarebytes
[2006/11/02 12:37:34 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Media Center Programs
[2011/04/03 20:20:35 | 000,000,000 | --SD | M] -- C:\Users\emma minton\AppData\Roaming\Microsoft
[2009/01/12 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Mozilla
[2010/11/04 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\MysteryStudio
[2009/01/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Skinux
[2011/07/31 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Unity
[2010/11/04 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Yahoo!


< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/07/24 22:29:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/07/24 22:29:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/07/24 22:29:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/07/24 22:32:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/07/24 22:32:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >




Extras.txt:



OTL logfile created on: 27/02/2012 19:53:41 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\emma minton\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.76% Memory free
4.21 Gb Paging File | 2.92 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.26 Gb Total Space | 131.42 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive D: | 11.62 Gb Total Space | 1.75 Gb Free Space | 15.05% Space Free | Partition Type: NTFS
Drive F: | 971.63 Mb Total Space | 611.31 Mb Free Space | 62.92% Space Free | Partition Type: FAT

Computer Name: MUMSCOMP | User Name: emma minton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 10:11:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/05 20:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/09/05 20:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/10/01 02:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/10/01 02:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/10/01 02:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/10/01 02:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/10/01 02:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/09/05 20:03:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/09/05 19:52:04 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 17:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 15:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/09 03:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 18:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 17:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 17:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 12:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C F9 68 71 33 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FestiveBar_3g.com/Plugin: C:\Program Files\FestiveBar_3g\bar\1.bin\NP3gStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\emma minton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\emma minton\AppData\Local\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\emma minton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\emma minton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/15 10:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\3gffxtbr@FestiveBar_3g.com: C:\Program Files\FestiveBar_3g\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4wffxtbr@Retrogamer_4w.com: C:\Program Files\Retrogamer_4w\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 16:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/09/12 11:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Extensions
[2009/09/12 11:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/02/27 18:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions
[2010/07/04 15:21:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(223)
[2012/02/27 10:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\EMMA MINTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\27X5LVBO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/16 14:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 10:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 10:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/27 18:34:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A46FC342-1058-4DD4-B906-F435D513620B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8AC626B-DF70-47E1-B61F-3CCF8D20EBD6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/06 22:52:59 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/29 16:16:02 | 000,660,344 | ---- | M] (Sysinternals - www.sysinternals.com) - F:\autoruns.exe -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 18:45:08 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\emma minton\Desktop\tdsskiller.exe
[2012/02/27 18:44:58 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\emma minton\Desktop\aswMBR.exe
[2012/02/27 18:42:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/27 18:42:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/27 18:18:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/27 18:18:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/27 18:18:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/27 18:18:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/27 18:18:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/27 18:15:11 | 004,420,957 | R--- | C] (Swearware) -- C:\Users\emma minton\Desktop\ComboFix.exe
[2012/02/27 18:00:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/27 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2012/02/27 15:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2012/02/27 10:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/26 16:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/25 10:18:51 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
[2012/02/24 07:24:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/24 07:24:52 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/24 07:24:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/24 07:24:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/24 07:24:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/24 07:24:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/23 15:53:09 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\emma minton\Desktop\TFC.exe
[2012/02/23 15:10:49 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/01 19:27:13 | 000,000,000 | ---D | C] -- C:\Users\emma minton\Documents\PlaySega
[2012/02/01 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GameTap Web Player
[2012/02/01 19:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player

========== Files - Modified Within 30 Days ==========

[2012/02/27 19:24:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/27 19:04:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003UA.job
[2012/02/27 18:54:44 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/27 18:54:44 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/27 18:42:42 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\emma minton\Desktop\aswMBR.exe
[2012/02/27 18:41:00 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\emma minton\Desktop\tdsskiller.exe
[2012/02/27 18:34:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/27 18:15:39 | 004,420,957 | R--- | M] (Swearware) -- C:\Users\emma minton\Desktop\ComboFix.exe
[2012/02/27 18:09:21 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/27 18:08:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/27 18:03:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 18:03:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 18:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 18:02:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/27 17:56:12 | 000,001,244 | RHS- | M] () -- C:\Users\emma minton\ntuser.pol
[2012/02/27 16:30:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/27 15:53:19 | 000,000,862 | ---- | M] () -- C:\Users\emma minton\Desktop\Puran Defrag.lnk
[2012/02/27 12:31:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/27 10:51:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/26 16:59:25 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/25 21:35:10 | 000,000,036 | ---- | M] () -- C:\Users\emma minton\Desktop\defrag.bat
[2012/02/25 10:11:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\OTL.exe
[2012/02/24 07:56:31 | 000,304,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/23 20:04:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286062453-1921412419-991409975-1003Core.job
[2012/02/23 16:18:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 15:53:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\emma minton\Desktop\TFC.exe
[2012/01/31 12:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/28 22:10:08 | 000,005,972 | ---- | M] () -- C:\Users\emma minton\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/02/27 18:18:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/27 18:18:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/27 18:18:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/27 18:18:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/27 18:18:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/27 15:53:19 | 000,000,862 | ---- | C] () -- C:\Users\emma minton\Desktop\Puran Defrag.lnk
[2012/02/27 10:51:00 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/26 16:59:25 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/26 16:59:25 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/25 21:39:17 | 000,000,036 | ---- | C] () -- C:\Users\emma minton\Desktop\defrag.bat
[2011/01/23 21:45:49 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/23 21:45:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/04 11:07:45 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/03/16 12:06:06 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/03/15 10:30:14 | 000,166,653 | ---- | C] () -- C:\Windows\hpoins36.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/02/11 13:38:57 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Adobe
[2011/11/18 16:56:21 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Apple Computer
[2011/05/11 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Azureus
[2010/11/04 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\com.w3i.musicoasis
[2011/10/12 17:26:34 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\CyberLink
[2010/11/04 15:56:18 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Exent Technologies
[2010/03/25 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Facebook
[2010/12/05 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Fugazo
[2010/09/01 07:53:59 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Google
[2009/01/12 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Hewlett-Packard
[2010/03/15 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\HP
[2009/01/12 15:55:01 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Identities
[2009/10/03 14:51:30 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\iWin
[2011/05/25 08:30:34 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\LimeWire
[2009/01/12 15:57:17 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Macromedia
[2011/05/25 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Malwarebytes
[2006/11/02 12:37:34 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Media Center Programs
[2011/04/03 20:20:35 | 000,000,000 | --SD | M] -- C:\Users\emma minton\AppData\Roaming\Microsoft
[2009/01/12 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Mozilla
[2010/11/04 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\MysteryStudio
[2009/01/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Skinux
[2011/07/31 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Unity
[2010/11/04 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\emma minton\AppData\Roaming\Yahoo!


< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/07/24 22:29:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/07/24 22:29:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/07/24 22:29:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/07/24 22:32:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/07/24 22:32:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 14:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 14:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/25 14:03:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/25 14:03:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >




Thanks again, Neil
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Can you submit the sw3d.dll file to http://www.virustotal.com and see what they say about it?

It doesn't sound like it's a file you really need so you might try deleting it and see if the scan will continue.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#9
spyhunter

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi again,

deleted file after submitting to Virustotal, which came back clean, and next scan it stalled on another file in the same folder. ESET scanner stopped in boot folder (on bootstat.dat, as I deleted bootfix.dat i guess that's the next file in line and I think in both cases (AVAST and ESET) it must be the next, un-listed file that's causing the hang.

BitDefender quickscan completed and log is below. No ESET log because it crashed whole computer again.

Another little bit of strangeitude is that the Windows Security alert is now showing red in the taskbar but all entries in the security centre show as on and green!

Wierd!



QuickScan 32-bit v0.9.9.109
---------------------------
Scan date: Tue Feb 28 19:19:57 2012
Machine ID: 16FC309A



No infection found.
-------------------



Processes
---------
hpwuSchd Application 2704 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
Alps Pointing-device Driver 3444 C:\Program Files\Apoint2K\Apoint.exe
Alps Pointing-device Driver for Windows 4120 C:\Program Files\Apoint2K\ApntEx.exe
avast! Antivirus 2236 C:\Program Files\AVAST Software\Avast\AvastUI.exe
Bluetooth Software 4128 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
Bluetooth Software 2576 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Firefox 5324 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 5628 C:\Program Files\Mozilla Firefox\plugin-container.exe
GPCore COM object 4528 C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
HP Digital Imaging 4488 C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
HP Digital Imaging 4404 C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
HP Digital Imaging 3020 C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
HP Quick Launch Buttons 3676 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
HP QuickPlay 1636 C:\Program Files\Hp\QuickPlay\QPService.exe
HP QuickTouch On Screen Display 3788 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
HP Wireless Assistant 3644 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HP Wireless Assistant 3820 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HpqToaster Module 1276 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
Intel® Common User Interface 2672 C:\Windows\System32\hkcmd.exe
Intel® Common User Interface 3956 C:\Windows\System32\igfxpers.exe
Intel® Common User Interface 3944 C:\Windows\System32\igfxsrvc.exe
iTunes 2388 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 2904 C:\Program Files\Common Files\Java\Java Update\jusched.exe
LightScribe 3132 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
Microsoft Office OneNote 3896 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Microsoft® Windows® Operating System 3220 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 3148 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 3476 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1184 C:\Windows\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 2820 C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 2972 C:\Windows\System32\dwm.exe


Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe
Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
HP Digital Imaging C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
HP QuickPlay C:\Program Files\Hp\QuickPlay\QPService.exe
HP QuickTouch On Screen Display C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
Intel® Common User Interface C:\Windows\System32\hkcmd.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
Intel® Common User Interface C:\Windows\System32\igfxpers.exe
Intel® Common User Interface C:\Windows\system32\igfxtray.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
LightScribe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\Windows\system32\logon.scr
MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
StartMen Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
Bitdefender QuickScan C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
ExentCtl Module C:\Windows\Downloaded Program Files\ExentCtl.ocx
Facebook Plugin C:\Users\emma minton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
Facebook Video Calling Plugin C:\Users\emma minton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
Google Updater C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Java™ Platform SE 6 U25 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U25 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\Windows\System32\wshBth.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
Roblox Launcher Plugin C:\Users\emma minton\AppData\Local\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe
Unity Player C:\Users\emma minton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Windows C:\Windows\system32\wpclsp.dll
Windows Live Messenger Companion c:\program files\windows live\companion\companioncore.dll
Windows Live™ Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Missing files
-------------
File not found: mscoree.dll
--> HKLM\Software\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\InprocServer32\"(default)"


Scan
----
MD5: 69b16c7b7746ba5c642fc05b3561fc73 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: 99a7b10500920e5cc79b700927b18bc1 C:\Program Files\Apoint2K\ApntEx.exe
MD5: cebe2c3aa95ddce8bdc99114676a3fb4 C:\Program Files\Apoint2K\Apoint.DLL
MD5: a91148d8f5ab52eff43804bd60314bc2 C:\Program Files\Apoint2K\Apoint.exe
MD5: 0ec86bdafa0c6d614db8ea08a3c80cdb C:\Program Files\Apoint2K\ApResUS.dll
MD5: 4afb0f5533405bf53f26423bf8726ba9 C:\Program Files\Apoint2K\EzAuto.dll
MD5: 9312f6f1ec1d71526cc6cd285cc5bbe6 C:\Program Files\Apoint2K\EzLaunch.DLL
MD5: 77261c9c4907321f81d0d71af61db70c C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: eafa179f44b3fefa87c8eeb09efccf37 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 7035db0fc52243ac8d4743ca1bfdb05e C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: 7be84b837d749497052e8916ea9b735b C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 2e839e8c862da239009ea33e6a528b13 C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: ecbcd8d92a3842c9b82c628a6d324527 C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: 704025370802e3e756e1cbbfbb3bc1b3 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 49ac092034c72a6b60a37fd13d4d09fe C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: 90111518c52523789635e09d80c53584 C:\Program Files\AVAST Software\Avast\aswAra.dll
MD5: b6666de07a2da70a74068f92f3e717d5 C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 856109de059564b6703321e1c877d01b C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: 0bf4859c92c0b91d64c495eebc21073b C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 1c0d85f3f281140e726881117d122ba0 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: 52de9af17d6256c92f7d9a2d8f28c9b7 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: e493c1fd72156adb1d483210f890555c C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 86ed5b3c53df8cba68b739f31d0555d6 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 3ee79ff4cb576f33592c698a118cc68f C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: e704956be2ac1155a6cb3f914894e54c C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: c669efd58b958aa15a766192f928a68d C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 649ac24fd8466bb3abf136119ee72519 C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 697b69484674875d52a54c0fb2148ee4 c:\program files\avast software\avast\aswwebrepie.dll
MD5: a45aa986d9490a4e5b87563d9cd7b175 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: 2aae7e9da3f95c63c96fe3b690a68f76 C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: 6d8ec98e897b1dd1ae2806a8b14f1403 C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 07237d4fa8c19a9a6ad76ed55666d16e C:\Program Files\AVAST Software\Avast\defs\12022801\uiExt.dll
MD5: 23992856f4ad97d4141f3dce8de13ca5 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 3417e5691ac9e5b6c3176d2b66dae82d C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 13b19dd5ebeb6fddbd11dd77490a3585 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 3c62eae05b76ba809fa1de327922e846 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
MD5: 53710476495886d9961be46983a6a33f C:\Program Files\Common Files\LightScribe\LSSrvc.exe
MD5: 3c1dc306f1f20a8071c363fa4fcbe16b C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MD5: fa6c29f3668505a0c85c770951c68cf6 C:\Program Files\Common Files\LightScribe\QtCore4.dll
MD5: 90703bd8d71099e43993f3afaf2b5a10 C:\Program Files\Common Files\LightScribe\QtGui4.dll
MD5: 6bf01e200063d7274f3af06d226671f5 c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 0a70f4022ec2e14c159efc4f69aa2477 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 17e0bef5ca5c9ce52cc8082ac6ebc449 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
MD5: d2a93f854393c7d3ba09893f1ea264cd C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
MD5: 408ddd80eede47175f6844817b90213e C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 61980095ae5d02b1e9d2ed604a90c1bf c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: 358878e398ab0fb8b1ee176c2e3edf48 C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
MD5: 0d26c438e2938a3e6bdd91173bc96ff0 c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
MD5: d8774ace03b46c9b01a49818055f9ad4 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
MD5: de88d1d0609b8afb0ecc7270e0b0a798 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.DLL
MD5: aef50c71530b415afa40e1d478befccc C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
MD5: 116e4539035cd02324c893f904263bdc C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL
MD5: 2cf59b201a59d0ff5534089f76297559 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
MD5: b23e277835e7a259c3a5ba0ed2a86d8a C:\Program Files\Hewlett-Packard\HP QuickTouch\HPShared.dll
MD5: cb4ee42ee2d33a58efd48c276b683663 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MD5: b8af02700299cd308046bb9339165813 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
MD5: 3b161e0c1d8f3253640d57b45fac96da C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
MD5: 04c1dcbb226c6ae647b794833ce3ceb6 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
MD5: 617dc2877015270914ca3c03873560d5 C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
MD5: 93dc4243c30bc3f3c6057c6ccc5a8334 C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
MD5: b7d89232258cbf0f1462a186b78ef6bf C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
MD5: ae1c83e19285f018274780792e2aac15 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
MD5: f9e38115baebaf9b639f9d0644dd6a22 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
MD5: 9843f58df3e2908d1fed4df4b8747e51 C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
MD5: f9e8df39f8ade21a8d13433b1cbdd0ad C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
MD5: 0a3c6aa4a9fc38c20ba4eac2c3351c05 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 7e53957e73bfb209d49932a9ddebede4 C:\Program Files\Hp\Digital Imaging\bin\hpqddcmn.dll
MD5: f3f72a2a86c22610bca5439fa789dd52 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: 03211597018f96769f7f731039f692e1 C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll
MD5: b0a41262968dd6fce3933527892d4a24 C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
MD5: 3c69ce161c7007e9ad53a325492d446a C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
MD5: 4ad76dbbe1f1361ebaec935d9d3f6a79 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
MD5: 55cf0a197dc8972ac829b30acae00e5e C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
MD5: 9e438543222120696c04a39bfac56fb6 C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
MD5: d0d99257dddcddbe998af7ca14e85bd0 C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
MD5: 9f6258f4166ab24b4b681eb1ed44534c C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
MD5: 0ee03d901b5dcd3941686b95fcc98c89 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
MD5: 640fa356e88422165d95c1f94e943745 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
MD5: dd1173e82083162858d1d4eaf43ec69b C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
MD5: 794918ba6d0eeb27c9132f5b90a39c0c C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.rsc
MD5: c0e1d09c01019f27f2b06bba152cdb07 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
MD5: b4febbac47297242f04ef7f14fe6df99 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
MD5: f0842cf3c0b33c07b2ca1692900f21b4 C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
MD5: 469cbb61665548a945280599e745bd09 c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
MD5: 21293443961a4e2597453ee7a9347f22 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
MD5: 60e4789587d1aa7d916f8226253d1a15 C:\Program Files\Hp\QuickPlay\helper.dll
MD5: ec7896843a833eb36d0e8328d2eaef1b C:\Program Files\HP\QuickPlay\Kernel\common\CLRCEngine3.dll
MD5: d0ce99c25c1906fde28a3ca97252b608 C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
MD5: 51679289864824268df1152512c89b60 C:\Program Files\HP\QuickPlay\Kernel\TV\CLAuMixer.dll
MD5: e989bf4409bbbbc9bd566960951c8285 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MD5: c0085ddf8b63322fd1b79d4f93722975 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MD5: 81e302df742b1b70ac9502cdc0f0fa2e C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapX.dll
MD5: 430795ad9da2430bd32388da4e5a1037 C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MD5: 7c81e807d3ab8ae2540089a04034ccf5 C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MD5: 44beb3da9d6d8a2f672cb0f35e5a4534 C:\Program Files\HP\QuickPlay\Kernel\TV\PCMRRec4.dll
MD5: 599ff0b96561ca4f0899fe7f1c4cce9a C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
MD5: 8ff5cad74c3c5e692e1610e861609a3b C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Hp\QuickPlay\MFC71.DLL
MD5: cf41c54529021d0e393bd149fee4f03e C:\Program Files\Hp\QuickPlay\QPService.exe
MD5: fbc211a75fe4c2deaa10b130728d376d C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 49918803b661367023bf325cf602afdc C:\Program Files\iPod\bin\iPodService.exe
MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files\iTunes\iTunesHelper.dll
MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files\iTunes\iTunesHelper.exe
MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: ec48890b04d283371dc2cadac40ad5b5 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: ed5394c852ae873d5a67e14e8049881d C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: 8af8fea948b0c49d2597abbacb0ca8e3 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 5ac757ae411cbc603c33c85f81f8657d C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 398e71ede86231363cb9f8015bc084bb C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 0e99a9ad298ffd26e5175ff878fd1ee6 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 1a6eb3dcdf9ca245a72256c201bc634a C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: 215b04a884d317d4178cea98d72fc1c6 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: c87056e9c1275f677b22709062045d1d C:\Program Files\Mozilla Firefox\mozutils.dll
MD5: e5660e4ff41b78a4ef124cad74ef8235 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: dd423b329545f2a418d8f21dd6eacefb C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 6d562d2205ff1fe01ba98895365dac65 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 4b794824f6dad4cdf778c4859659efcc C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: a5a6d3c5f09ac5aaa27257145d65c5aa C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 8405298d1fc081eded576e5235b5eb86 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 9370c8b9f4a0ac3d29286a9001585b07 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 196f6e8fbc7043a867c8f428e40530e8 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 8758a45cbd80fbd634b7effae79eb993 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: d420fe6e813343b1f9cea3435ed81f84 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 358288745995fbf7708499d08eac747e C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: d45aec71a660954540621a1625ea89a9 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: ef15a64d4a5bf58f82c8c3863e1f9d25 C:\Program Files\Mozilla Firefox\xul.dll
MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files\QuickTime\QTTask.exe
MD5: 47cc862566cfff7caf1e03f673a7a2fb C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
MD5: cb599f25ca9be3cd8dc2f9cee8109b4d C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MD5: 54b2b810ddbf02ba122de4214ac074db C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
MD5: 7c6f44557a55ce933d7063162fe92fb2 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
MD5: 47bdbce3e2d819b17ab9fa4539b9df71 c:\program files\windows live\companion\companioncore.dll
MD5: 4ce9dac1518ff7e77bd213e6394b9d77 C:\Program Files\Windows Live\Family Safety\fsssvc.exe
MD5: 6067acef367e79914af628fa1e9b5330 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 8d4e4133cca8c4ba150a9c25bda83390 C:\Program Files\Yahoo!\Shared\npYState.dll
MD5: 84a393c2742c2d143e8b70b28b452e64 C:\Users\emma minton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
MD5: 4e7a8716dd60bd3c147b0d788489eff9 C:\Users\emma minton\AppData\Local\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll
MD5: 87a356753b2208461da361b13e7e909c C:\Users\emma minton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: d94c362e750f8c283bf52537d3df28b5 C:\Users\emma minton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
MD5: 0fdd622d4284fe7a102417be9963cac0 C:\Users\emma minton\AppData\Roaming\Mozilla\Firefox\Profiles\27x5lvbo.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 5fc1bb4249d11957616ab7d1591c93cc C:\Windows\Downloaded Program Files\ExentCtl.ocx
MD5: 6f678556a6fce04fc94f3435f6313705 C:\Windows\Downloaded Program Files\unagiuninst.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 2134e14dfb56952f548487898ae63a89 C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 0b49ff808172a3ab8ba80d827ac9f35b C:\Windows\system32\BtAudioHelper.dll
MD5: 442b653adf02769bd7d211a4cb67b344 C:\Windows\system32\btmmhook.dll
MD5: 22d73ae947f6ec8c9d848d625c833ab7 C:\Windows\system32\btncopy.dll
MD5: 82221567cd4a23f5eacc26f1dcc58817 C:\Windows\system32\btosif.dll
MD5: f04f9b642a32348539a3984d38c0f770 C:\Windows\system32\btosif_notes.dll
MD5: 2651d139239828ca273cd125fa32cebb C:\Windows\system32\btosif_ol.dll
MD5: 38b70489d2d1f3f671bbca33cd06cf6c C:\Windows\system32\btosif_olx.dll
MD5: 8bd0cad7a3b0b780a1b96d50933c1cae C:\Windows\system32\btrez.dll
MD5: 35c000b7c0767ba610cc5946bc472e17 C:\Windows\system32\btwapi.dll
MD5: 28e9f45cbe0ba19f9e422f09337f69e1 C:\Windows\system32\btwhidcs.DLL
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 57d762f6f5974af0da2be88a3349baaa C:\Windows\System32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys
MD5: b49a709f65bf3beaa2b03f8ec139d568 C:\Windows\system32\DRIVERS\Apfiltr.sys
MD5: 0787b434e9098840966c23bb1c77df49 C:\Windows\system32\drivers\aswMonFlt.sys
MD5: cf6a67c90951e3e763d2135dede44b85 C:\Windows\system32\DRIVERS\bcmwl6.sys
MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys
MD5: 611ff3f2f095c8d4a6d4cfd9dcc09793 C:\Windows\System32\Drivers\BTHport.sys
MD5: d330803eab2a15caec7f011f1d4cb30e C:\Windows\System32\Drivers\BTHUSB.sys
MD5: 99aeea7cefdfc6e4151a8f620d682088 C:\Windows\system32\drivers\btwaudio.sys
MD5: 195872e48a7fb01f8bc9b800f70f4054 C:\Windows\system32\drivers\btwavdt.sys
MD5: 0724e7d6c9b6a289eddda33fa8176e80 C:\Windows\system32\DRIVERS\btwrchid.sys
MD5: 4487da7bd384caafa0c620b19fea540a C:\Windows\system32\drivers\CHDART.sys
MD5: b6e7991e3d6146c04c85cd31af22a381 C:\Windows\system32\drivers\CHDRT32.sys
MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys
MD5: 4f59c172c094e1a1d46463a8dc061cbd C:\Windows\system32\DRIVERS\Dot4.sys
MD5: 80bf3ba09f6f2523c8f6b7cc6dbf7bd5 C:\Windows\system32\DRIVERS\Dot4Prt.sys
MD5: c55004ca6b419b6695970dfe849b122f C:\Windows\system32\DRIVERS\dot4usb.sys
MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys
MD5: c0b00e55cf82d122d25983c7a6a53dea C:\Windows\system32\DRIVERS\e100b325.sys
MD5: d909075fa72c090f27aa926c32cb4612 C:\Windows\system32\DRIVERS\fssfltr.sys
MD5: 3c64042b95e583b366ba4e5d2450235e C:\Windows\system32\drivers\hidusb.sys
MD5: 35956140e686d53bf676cf0c778880fc C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
MD5: 115c0933b3ed51dfbec4449348c8065b C:\Windows\system32\DRIVERS\HpqRemHid.sys
MD5: 0acd399f5db3df1b58903cf4949ab5a8 C:\Windows\system32\DRIVERS\HSX_CNXT.sys
MD5: cc267848cb3508e72762be65734e764d C:\Windows\system32\DRIVERS\HSX_DPV.sys
MD5: a2882945cc4b6e3e4e9e825590438888 C:\Windows\system32\DRIVERS\HSXHWAZL.sys
MD5: 2358c53f30cb9dcd1d3843c4e2f299b2 C:\Windows\system32\DRIVERS\iaStor.sys
MD5: 9378d57e2b96c0a185d844770ad49948 C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: 2b2f1638466e8cb091400c9019cc730e C:\Windows\System32\Drivers\ksecdd.sys
MD5: a3a6dff7e9e757db3df51a833bc28885 C:\Windows\system32\drivers\mouhid.sys
MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: 6522dd40a5f67ced020bd81b856613fb C:\Windows\system32\DRIVERS\NETw4v32.sys
MD5: 3b1901e401473e03eb8c874271e50c26 C:\Windows\system32\drivers\pciide.sys
MD5: c35ca13d3627ebd9dd12a23ce781bc3d C:\Windows\system32\DRIVERS\rimmptsk.sys
MD5: c398bca91216755b098679a8da8a2300 C:\Windows\system32\DRIVERS\rimsptsk.sys
MD5: f17713d108aca124a139fde877eef68a C:\Windows\System32\Drivers\RimUsb.sys
MD5: 2a2554cb24506e0a0508fc395c4a1b42 C:\Windows\system32\DRIVERS\rixdptsk.sys
MD5: 103b79418da647736ee95645f305f68a C:\Windows\system32\drivers\sffdisk.sys
MD5: 9cfa05fcfcb7124e69cfc812b72f9614 C:\Windows\system32\drivers\sffp_sd.sys
MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys
MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys
MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 16731b631f28f63cd9f4cb60940e7ddd C:\Windows\System32\drivers\tcpip.sys
MD5: 3fc13f09af9be487c7b4fac4070a036c C:\Windows\System32\drivers\tcpipreg.sys
MD5: 83cafcb53201bbac04d822f32438e244 C:\Windows\System32\Drivers\usbaapl.sys
MD5: cd5f291a1161f15896d1a4d63daff5df C:\Windows\system32\DRIVERS\xaudio.exe
MD5: dab33cfa9dd24251aaa389ff36b64d4b C:\Windows\system32\DRIVERS\xaudio.sys
MD5: 04e268adfc81964c49dc0c082d520f7e C:\Windows\system32\DRIVERS\yk60x86.sys
MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\dwrite.dll
MD5: abaeaee763e287bdd39094c4165e1f3f C:\Windows\system32\fdproxy.dll
MD5: 8ce364388c8eca59b14b539179276d44 C:\Windows\system32\FntCache.dll
MD5: 03f2078a0af7e12fd294d36541a57eca C:\Windows\System32\hccutils.DLL
MD5: 5f529fbb095cbc9f14bb1e97a7a6b547 C:\Windows\System32\hkcmd.exe
MD5: 510c138564486ff926a3f773205c63d1 C:\Windows\system32\HPZinw12.dll
MD5: 37e5e8ffbad35605daeec3224ea0e465 C:\Windows\system32\HPZipm12.dll
MD5: b1c979c02fe013b2b9c0717c26ae1485 C:\Windows\system32\hpzipr12.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\ieframe.dll
MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\system32\iertutil.dll
MD5: 784485b6bf7f0156d3cf64e8a91d1ce6 C:\Windows\system32\igdumd32.dll
MD5: 6b01dad4cb6b2bb507a268dd0dfef04f C:\Windows\system32\igfxdev.dll
MD5: d8a33af26e4143f7a892009890bb6f64 C:\Windows\System32\igfxpers.exe
MD5: d0e997dd37fdf2b7951c96c71b99f14c C:\Windows\system32\igfxrENU.lrc
MD5: 65c4ecda9f77735b26d3459df535db81 C:\Windows\system32\igfxsrvc.dll
MD5: 734006a2db2404138f2c1a2cb86d32ef C:\Windows\System32\igfxsrvc.exe
MD5: 412c0e1b515ab44f45037cd495d6a1be C:\Windows\system32\igfxTMM.dll
MD5: 7f7b42b1ba42242116f5b277a063fe2e C:\Windows\system32\igfxtray.exe
MD5: 665790240511df6bc40a30e01731f49f C:\Windows\system32\irprops.cpl
MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll
MD5: b17d18fd6594aaa25cbc95e799b1bf40 C:\Windows\system32\logon.scr
MD5: a3e186b4b935905b829219502557314e C:\Windows\system32\lsass.exe
MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: ef24642d5fb52a1eef56de9e47cbb993 C:\Windows\system32\MFC42.DLL
MD5: 1b593fbb763150bd225df266c69a9329 C:\Windows\system32\MFC42u.DLL
MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll
MD5: 2310a32bb0164552a311bfa02102a3d6 C:\Windows\system32\MSVCP60.dll
MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\system32\msvcrt.dll
MD5: dda770bbd7c2ed024d6f50e279d90e5b C:\Windows\system32\ntdll.dll
MD5: 862363973dcbcc31dd161ef41a69153c C:\Windows\system32\ODBC32.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll
MD5: 4a1feebf039b283258b0e479fa135dba C:\Windows\System32\osbaseln.dll
MD5: 286d2142fd5561b940113d01ba8ecbf1 C:\Windows\system32\PuranDefragS.exe
MD5: 1a58069db21d05eb2ab58ee5753ebe8d C:\Windows\system32\schedsvc.dll
MD5: d602fedbd9155fc2ded6863fb60c950f C:\Windows\system32\Secur32.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\system32\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe
MD5: 1bf5eebfd518dd7298434d8c862f825d C:\Windows\System32\srvsvc.dll
MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll
MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe
MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll
MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\system32\urlmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll
MD5: a2a198df7e5b3daaa0f2ab378e2adb11 C:\Windows\system32\VXDIF.DLL
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\System32\winhttp.dll
MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\system32\WININET.dll
MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV
MD5: dd1d685d387a8ac666ba3b7539c774e8 C:\Windows\system32\wpclsp.dll
MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\XmlLite.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 1.17 KB recvd
Scanned 787 files and modules - 61 seconds

==============================================================================
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Right click on C:\windows and select Properties (then Advanced). Is the "Compress Contents to Save Space box checked." If so uncheck it and Apply. Repeat for C:\

Find the folder where Avast is having problems and right click on it and select properties (then Advanced) Is the "Compress Contents to Save Space box checked." If so uncheck it and Apply.

Ron
  • 0

Advertisements


#11
spyhunter

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
None of the folders were compressed so I have deleted the runescape folder and run the avast scan again. This time it stops whilst checking the recycle folders at the start of the scan.

I was slightly suspicious at how fast the second Chkdsk scan had decided the disk was ok, so I tried to rerun it and it still doesnt complete.

Neil
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Empty the Recycle bin. See if Avast will run.
  • 0

#13
spyhunter

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Emptied all users Recycle folders, it stalled on BCD.LOG1 instead. Deleted that, emptied recycle bin and now it stalls on a recycle bin again. Reran it without deleting anything and it stalled on BCD.LOG instead.

Also, when I first started on this computer I couldn't get hold of her to ask her husband's password for the only available Admin account at the time, so I had to elevate her rights. When I did I noticed that this computer has a hidden Administrator user, though the one time I tried to log into it it came up as locked. Should I try to get into it and empty that as well?

Neil

Edited by spyhunter, 29 February 2012 - 05:02 AM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Can you open bcd.log in notepad and copy and paste the text?

The hidden administrator account is normal. You should be able to access it in Safe Mode.

http://www.vistax64....r-account.html. If you don't know the password then change it using Control Panel, User Accounts.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

Under Options, select Verify Image Signatures then look in the Company Name column. Each valid file should say (Verified) and there should be very few without (Verified). Assuming it worked which files are not verified?

Ron
  • 0

#15
spyhunter

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
BCD.LOG is in use, I can't copy or open it. Will try to get at it with another computer and post it soon.
Hidden admin has no docs in the recycle folder and process explorer seems to run fine it just doesn't show 'verified' against any processes when verify signatures is selected.

Neil

Edited by spyhunter, 29 February 2012 - 05:08 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP