Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have unrecognised files [Solved]


  • This topic is locked This topic is locked

#1
tyler4402

tyler4402

    Member

  • Member
  • PipPip
  • 63 posts
Windows7 Pro SP1 32 bit
BIOS Award F3 V600PG
500Gb HDD with Operating System
250Gb storage drive
80Gb Photo storage drive
Gigabyte H55M-D2H rev 1.4
Intel Core i3 550
Memory 4096 = 3576 Usable
Nvidia GeForce GTS 450
Controller Intel 3400 2port ATA- 3B26
Comodo Firewall
Avast - Anti virus
Hi all
I have a program in my “All Programs” menu called Program Updates and I want to remove it I could not find it in the Win7 Uninstall Programs, neither could I find it with the Auslogics Uninstall Manager, but it is in the Common Files, in a folder called “InstallShield” so I did a HJT scan and found some other files which I could not recognise which I have appended below, if anyone can tell me what they are or if it's safe to delete them I will be grateful. Regards Robert.

O3 - Toolbar: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - (no file)

O4 - HKCU\..\Run: [ISUSPM Startup] I:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3619600033-2495703809-3358291532-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3619600033-2495703809-3358291532-1003\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

Edited by tyler4402, 21 May 2012 - 08:52 AM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello tyler4402 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

We don't use HJT anymore so please do this scans for me.

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi maliprog, many thanks for your quick reply and help.

(Note the file's name and save it to your root folder, such as C:)??

I have put the first OTL file on my desktop, but I am not sure how to put, or install, the downloaded d8en089y.exe file into the root folder on my I:\ drive, all my downloads automatically go into a folder called "Downloads" and I usualy click on them and install them from there.

And although it might become clearer when I have completed the process I am not quite clear on item two, "Under the custom scan box, paste this in" ?? Does this mean I have to paste the result of the scan into the " Custom Scan Box ?"
Sorry to be a bit dim, regards Robert.

Edited by tyler4402, 22 May 2012 - 04:10 AM.

  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
As I sad in my first post If you don't understand please ask me first. You did good thing because you can harm your system if you do anything out of order.

(Note the file's name and save it to your root folder, such as C:)??

I have put the first OTL file on my desktop, but I am not sure how to put, or install, the downloaded d8en089y.exe file into the root folder on my I:\ drive, all my downloads automatically go into a folder called "Downloads" and I usualy click on them and install them from there.


You can run OTL from desktop. Also, you can copy/paste d8en089y.exe to C:\ and run it from there.

  • Right click on d8en089y.exe and select Copy.
  • Now open My Computer and navigate to C:\.
  • Right click there and select Paste option.
  • Now run d8en089y.exe

And although it might become clearer when I have completed the process I am not quite clear on item two, "Under the custom scan box, paste this in" ?? Does this mean I have to paste the result of the scan into the " Custom Scan Box ?"


It means that you must copy all below (in the box)

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Then paste it in OTL Custom Scan box. It's located at the bottom of OTL.
Then press Quick Scan.
You must Copy/Paste results here for me. I need to see scan results.
  • 0

#5
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi maliprog
Here is the OTL file, the Extras.txt is next, regards Robert

OTL logfile created on: 22/05/2012 13:49:22 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = I:\Users\Robert\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.12% Memory free
8.73 Gb Paging File | 7.41 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): i:\pagefile.sys 5362 10725 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive E: | 76.32 Gb Total Space | 48.37 Gb Free Space | 63.37% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 166.38 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive I: | 465.75 Gb Total Space | 396.31 Gb Free Space | 85.09% Space Free | Partition Type: NTFS

Computer Name: BLACKBESS | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/22 10:38:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- I:\Users\Robert\Desktop\OTL.scr
PRC - [2012/03/11 22:13:21 | 001,983,232 | ---- | M] (COMODO) -- I:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 14:48:36 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- I:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- I:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- I:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- I:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- I:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) -- I:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011/09/22 15:20:28 | 000,437,248 | ---- | M] (Realtek Semiconductor Corporation) -- I:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/04/19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- I:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- I:\Windows\explorer.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- I:\Windows\System32\taskhost.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/09/30 13:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- I:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/07/07 10:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/11 14:50:38 | 000,516,368 | ---- | M] () -- I:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/12/22 20:23:07 | 000,748,544 | ---- | M] () -- I:\Windows\System32\protector.dll
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- I:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- I:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- I:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/05/17 09:57:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- I:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/14 17:26:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/03/11 22:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- I:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- I:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- I:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/15 14:25:06 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- I:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/12/22 20:23:07 | 000,803,328 | ---- | M] (bProtector) [Disabled | Stopped] -- I:\ProgramData\bProtector\bProtect.exe -- (bProtector)
SRV - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- I:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- I:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- I:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/05/05 18:58:30 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- I:\Program Files\D-Link\DWA-140 Driver\ALPBCSVC.exe -- (ALPBCSVC)
SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- I:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Disabled | Stopped] -- I:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/09/30 13:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- I:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 13:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- I:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- I:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- I:\Users\Robert\AppData\Local\Temp\pwddqpod.sys -- (pwddqpod)
DRV - [2012/05/21 13:10:50 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/03/11 22:13:36 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- I:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 22:13:35 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- I:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/03/11 14:50:38 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- i:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/03/11 14:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- I:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 14:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- I:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 14:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- I:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 00:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 00:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- I:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- I:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/19 18:59:16 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- I:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/12/15 18:22:16 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- I:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/10/01 19:52:16 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2011/09/19 15:05:56 | 000,035,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- I:\Windows\System32\drivers\RtDashPt.sys -- (RtDashPt)
DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- I:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- I:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- I:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2010/04/27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- I:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/02/12 17:42:42 | 000,844,064 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- I:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/09/17 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- I:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.goonsearc...q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {4642AD93-C30A-4FEF-833B-F7431F3C954D}
IE - HKCU\..\SearchScopes,DefaultScope = {37C74BF5-79CE-454D-A1CD-B2BF21CBB710}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{37C74BF5-79CE-454D-A1CD-B2BF21CBB710}: "URL" = http://www.talktalk....y={searchTerms}
IE - HKCU\..\SearchScopes\{4642AD93-C30A-4FEF-833B-F7431F3C954D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: I:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: I:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: I:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: I:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: I:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: I:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)


[2012/04/13 10:52:15 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2011/10/18 19:23:35 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/08 00:02:24 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Robert\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/13 10:52:17 | 000,000,000 | ---D | M] ("English (GB) Language Pack") -- I:\USERS\ROBERT\APPDATA\ROAMING\POSTBOX\PROFILES\BKXVXGIV.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = I:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = I:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = I:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Chrome SVD extension (Enabled) = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = I:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = I:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = I:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = I:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = I:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Activation Technologies (Enabled) = I:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = i:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SpeedBit Video Downloader = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\
CHR - Extension: avast! WebRep = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: SpeedBit Search Predict = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: Gmail = I:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - I:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - I:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - I:\Program Files\SpeedBit Video Downloader\TBUB9\tbcore3.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - I:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (no name) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - I:\Program Files\SpeedBit Video Downloader\TBUB9\Grabber.dll (SpeedBit)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - I:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - I:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] I:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] I:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - Startup: I:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: computeractive.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547F408-0CEE-42E5-87F0-D38FB133271B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547F408-0CEE-42E5-87F0-D38FB133271B}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2674B42-430A-4A43-B95D-B6A5F751A3A8}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - I:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (protector.dll) - I:\Windows\System32\protector.dll ()
O20 - AppInit_DLLs: (i:\windows\system32\guard32.dll) - I:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\Windows\system32\userinit.exe) - I:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/01 21:26:54 | 000,000,000 | ---D | M] - G:\Auto data -- [ NTFS ]
O32 - AutoRun File - [2011/08/23 09:48:18 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/22 13:35:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E5C908D0-58B8-4B26-9241-F8232E155C19}
[2012/05/22 13:34:54 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D24946D8-B776-4142-AA20-F8200C457487}
[2012/05/22 10:38:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- I:\Users\Robert\Desktop\OTL.scr
[2012/05/21 23:56:31 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{38275344-EB51-48B9-95F1-4308EF29BB04}
[2012/05/21 23:56:20 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{FE1C66B0-537B-412C-8BE7-F494A4A08976}
[2012/05/21 21:01:02 | 000,000,000 | ---D | C] -- I:\New Folder
[2012/05/21 14:56:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\Documents\Pending doc's
[2012/05/21 10:08:59 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{21CEE890-05BA-4B28-A3F3-1855B421E727}
[2012/05/21 10:08:44 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1F775DC4-4458-4041-A759-640A6B80D1F1}
[2012/05/20 13:02:03 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{EB4D1158-B26E-48CC-90DE-828CF111CF29}
[2012/05/20 13:01:50 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5A5C3ED6-6811-4833-8649-00C3AF61FE07}
[2012/05/20 00:27:17 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{26D8EF3C-E91A-4590-9758-D8194924688C}
[2012/05/20 00:27:08 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{056C4185-5B2F-4DDE-83E9-019907FA476F}
[2012/05/19 11:20:08 | 000,000,000 | ---D | C] -- I:\Users\Robert\Documents\New folder
[2012/05/19 10:07:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1A08FC77-CAB6-4FFB-B7C0-37F18F35A6DD}
[2012/05/19 10:07:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{45858EB9-E2FC-4FE2-8E22-090B3E239319}
[2012/05/18 19:00:35 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{DD9E6883-5AAE-4AEF-89FE-9AFE1D0CF170}
[2012/05/18 19:00:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BF216367-8236-43C9-8823-C4D308A7BA4A}
[2012/05/18 10:21:05 | 000,000,000 | ---D | C] -- I:\Program Files\Oracle
[2012/05/17 22:04:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C74C6EA7-ACBE-42FB-AD67-BDCBC4635026}
[2012/05/17 22:03:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BAE8DDF3-9AE8-4805-B8FC-B321826B217D}
[2012/05/17 09:33:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{EC5E8C17-ECD5-4750-B0FA-8AD31F9C4F50}
[2012/05/17 09:33:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1F58AEE5-5762-4073-ABA6-54981F20F3DF}
[2012/05/16 21:32:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{57C512A9-4DE4-4016-A140-07FEAD47C5CC}
[2012/05/16 21:31:51 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BE47556B-9CEF-4934-B55B-109F6ECBD338}
[2012/05/16 09:31:26 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C1DA2010-EDCC-47E9-8B99-9699670C57BA}
[2012/05/16 09:31:15 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F553B805-66BE-49A4-9531-6F2C22F5BEF3}
[2012/05/15 15:35:54 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D23375AA-6A1F-4A2D-A805-B40242622186}
[2012/05/15 15:35:43 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{44BCA1B4-F475-4DDF-BC85-F8C0780DB300}
[2012/05/14 23:29:47 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{39589F5D-3CFF-44DC-BF4D-7341D013FE25}
[2012/05/14 23:29:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3528144E-6485-471B-ADB4-CE7F457664DB}
[2012/05/13 22:10:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0A1736D3-DCA4-4E0F-8FE1-01818310A281}
[2012/05/13 22:10:41 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E085C2F1-BE1A-46C3-9AA5-91B9BF46E2C1}
[2012/05/13 20:48:57 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2012/05/13 19:16:20 | 000,000,000 | ---D | C] -- I:\ProgramData\McAfee
[2012/05/13 09:44:11 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BE5CEADB-7B17-433D-91F6-5347770A7F93}
[2012/05/13 09:44:00 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{AF25ABB4-CE77-4DB1-AA7F-F204ED52CE62}
[2012/05/12 15:32:31 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{432F4755-EECB-4219-8823-DDF6BC8D8CDE}
[2012/05/12 15:32:20 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{23F15876-D66A-46C7-99B2-75E7BC02D35D}
[2012/05/11 14:45:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0DC05435-EE9E-47BE-8B23-71E94463106C}
[2012/05/11 14:45:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C46BF6FF-CF8C-406F-A189-C57F6BD4AE9E}
[2012/05/10 23:06:44 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/05/10 22:20:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{08F21B2A-A40E-4401-BE52-274EDFE59BF2}
[2012/05/10 22:19:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{80A5165C-D6A3-4E26-B04F-6E75C1AC0749}
[2012/05/10 10:56:38 | 000,000,000 | ---D | C] -- I:\Users\Public\Documents\COMODO
[2012/05/10 10:37:08 | 000,000,000 | ---D | C] -- I:\ProgramData\CPA_VA
[2012/05/10 10:12:08 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\Comodo
[2012/05/09 22:07:43 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{59D72107-E3C0-4103-9FAB-4A2638854E8B}
[2012/05/09 22:07:32 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E5CF08F2-0408-4C57-802A-D53FA73AC351}
[2012/05/09 10:07:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{43C055A4-0085-4C46-A5EB-FE63505D89D8}
[2012/05/09 10:06:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D5846A2F-BB12-4C72-8AD2-50B1B5649E32}
[2012/05/09 00:58:48 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{05753801-FB5C-4D13-9624-46268623FE29}
[2012/05/08 10:09:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{9F09D7E0-24DB-4621-A570-9899C28A09EE}
[2012/05/08 10:08:51 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0E5D1C94-02D8-40BE-83C4-9A003AC00278}
[2012/05/08 00:50:38 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Roaming\Google
[2012/05/08 00:47:13 | 000,000,000 | ---D | C] -- I:\ProgramData\Google
[2012/05/07 00:04:33 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BDEDCA5A-F9D0-443D-8568-4DFDE2645778}
[2012/05/07 00:04:22 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{718B7F89-66CF-47B3-84B8-DBA7E6A1F0E3}
[2012/05/06 11:06:24 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{9DA2CC67-1DD7-4D43-ABA4-826AAB6D5BBF}
[2012/05/06 11:06:14 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{CC0147E1-7A51-40AD-B7F1-11B4E44511F4}
[2012/05/05 11:30:38 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3D2C6EDC-C377-43FD-AF80-B9673EA5BD1A}
[2012/05/05 11:30:28 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{72C32E02-2F63-40AC-850C-219CE5A0D149}
[2012/05/04 09:44:10 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{FCE20D5E-CD1B-4ED9-8A44-2B03DEC46EA5}
[2012/05/04 09:43:59 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{A2B7B9C0-0042-4A5E-BEB2-7C36251BBFA7}
[2012/05/03 16:24:07 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C68D1D2F-D064-4F5E-871E-A854BA55A127}
[2012/05/03 16:23:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{798C8A85-E4C8-4D05-A801-424A168921F4}
[2012/05/03 10:13:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinpkFilter
[2012/05/02 22:27:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{87844FE5-4006-4E5C-B138-D6E086A6F349}
[2012/05/02 22:27:18 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{312D78EF-4526-450D-A519-C401DE5BC6A3}
[2012/05/02 10:26:47 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{285FC9EC-2624-4308-8A86-B6CE224A97A6}
[2012/05/02 10:26:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{CA9D2999-6C31-42C3-92E6-F497B58FD7D2}
[2012/05/01 11:42:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F7F3AE42-D526-43E0-B882-9CCF6786FDB6}
[2012/05/01 11:42:14 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{ED07AACC-E135-4898-B7D0-03A9A22F1B45}
[2012/04/30 08:53:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{B4F8AAC1-8326-4131-A921-E42BB141CB7E}
[2012/04/30 08:53:15 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5D700B43-9A1E-4EBA-9BE8-0B9794077C4D}
[2012/04/29 15:35:45 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{2E852820-AD04-49E3-952C-A26A61665B56}
[2012/04/29 15:35:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0EBE2B19-BD4A-4E75-B933-BD1E2B69EE33}
[2012/04/27 08:58:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{320B7FAF-A9B0-4BEF-A176-04F1B5B6545F}
[2012/04/27 08:58:41 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F1C73DEF-06B5-41F6-BC10-8CDFA1C46F71}
[2012/04/26 15:19:36 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/04/26 14:04:11 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{39D65FDB-35A7-4B0D-8A9A-6DF101022BB0}
[2012/04/26 14:04:01 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{73DDC856-DFAD-4843-A9BB-68C49FAE483A}
[2012/04/25 13:44:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{6C388EFD-7860-4E3A-A884-FCCB6EADEC33}
[2012/04/25 13:44:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BF3AA28B-FB6E-46B3-A3FF-5B01B9B7D94B}
[2012/04/24 21:58:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{366E122D-FAAF-431C-BEB6-7F305D209DD4}
[2012/04/24 21:58:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{7059DAAD-C32A-4976-941A-5E4789FC9F65}
[2012/04/24 09:29:05 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{8C3A8027-30BC-4801-B2AD-FD72673AFFF4}
[2012/04/24 09:28:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{948038DB-259A-4E4F-B0DE-23BE8711AF43}
[2012/04/23 12:03:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{AB215320-57B6-4378-B4CC-6E2816B4543A}
[2012/04/23 12:03:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{A7C1626B-392D-4266-903D-FCCDD348EC19}
[2012/04/22 23:25:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C6C9A368-3B2E-4F67-A03D-A7D3A512460C}
[2012/04/22 23:25:44 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{4A40CC98-3662-459E-9008-61A74DF24E46}
[2011/12/30 01:12:35 | 000,086,016 | ---- | C] (3 Techies in a Box) -- I:\Program Files\txtclean.exe

========== Files - Modified Within 30 Days ==========

[2012/05/22 13:30:00 | 000,000,830 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/22 13:03:00 | 000,000,886 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/22 10:47:05 | 000,302,592 | ---- | M] () -- I:\d8eno89y.exe
[2012/05/22 10:38:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- I:\Users\Robert\Desktop\OTL.scr
[2012/05/22 10:07:36 | 000,031,104 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 10:07:36 | 000,031,104 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 10:04:50 | 000,628,024 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/05/22 10:04:50 | 000,110,208 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/05/22 10:00:25 | 000,000,882 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/22 10:00:25 | 000,000,296 | ---- | M] () -- I:\Windows\tasks\RtlDashSrvStart.job
[2012/05/22 10:00:06 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/05/22 10:00:01 | 2811,879,424 | -HS- | M] () -- I:\hiberfil.sys
[2012/05/20 00:20:46 | 000,007,620 | ---- | M] () -- I:\Users\Robert\AppData\Local\resmon.resmoncfg
[2012/05/19 15:56:53 | 000,000,000 | ---- | M] () -- I:\Users\Robert\winpkflt_rtl
[2012/05/19 15:55:04 | 000,000,000 | ---- | M] () -- I:\Users\Robert\userinit.exe
[2012/05/14 17:57:34 | 000,009,662 | ---- | M] () -- I:\Windows\EPISME00.SWB
[2012/05/10 23:07:15 | 000,000,414 | ---- | M] () -- I:\Windows\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/05/10 19:44:40 | 000,001,421 | ---- | M] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/10 10:53:58 | 000,001,236 | ---- | M] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/05/10 09:27:49 | 000,440,872 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2012/05/03 10:16:21 | 000,001,105 | ---- | M] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/01 17:20:21 | 000,724,711 | ---- | M] () -- I:\Users\Robert\Documents\Reply from D f T.pdf
[2012/04/30 16:32:30 | 000,026,776 | ---- | M] () -- I:\Users\Robert\Documents\Australian letter to parliament.odt
[2012/04/30 09:10:34 | 000,019,862 | ---- | M] () -- I:\Users\Robert\Documents\Irish interpretation, AND_Oh, Audi partner-ph.eml
[2012/04/26 15:19:36 | 000,001,047 | ---- | M] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk

========== Files Created - No Company Name ==========

[2012/05/22 13:41:58 | 000,302,592 | ---- | C] () -- I:\d8eno89y.exe
[2012/05/19 15:56:53 | 000,000,000 | ---- | C] () -- I:\Users\Robert\winpkflt_rtl
[2012/05/19 15:54:14 | 000,000,000 | ---- | C] () -- I:\Users\Robert\userinit.exe
[2012/05/17 09:57:11 | 000,000,830 | ---- | C] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 10:54:01 | 000,000,414 | ---- | C] () -- I:\Windows\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/05/10 10:53:58 | 000,001,236 | ---- | C] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/05/08 11:46:44 | 000,001,427 | ---- | C] () -- I:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/08 11:46:44 | 000,001,421 | ---- | C] () -- I:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/01 17:53:19 | 000,724,711 | ---- | C] () -- I:\Users\Robert\Documents\Reply from D f T.pdf
[2012/04/30 16:32:28 | 000,026,776 | ---- | C] () -- I:\Users\Robert\Documents\Australian letter to parliament.odt
[2012/04/30 09:10:33 | 000,019,862 | ---- | C] () -- I:\Users\Robert\Documents\Irish interpretation, AND_Oh, Audi partner-ph.eml
[2012/04/19 15:07:19 | 000,007,620 | ---- | C] () -- I:\Users\Robert\AppData\Local\resmon.resmoncfg
[2012/01/28 18:13:28 | 000,084,444 | ---- | C] () -- I:\Windows\UNINST.EXE
[2012/01/28 18:13:28 | 000,001,198 | ---- | C] () -- I:\Windows\Onflash.ini
[2012/01/27 18:39:44 | 000,176,128 | ---- | C] () -- I:\Windows\Dit.DLL
[2012/01/27 18:39:44 | 000,000,236 | ---- | C] () -- I:\Windows\Dit.INI
[2012/01/27 18:39:43 | 000,081,920 | ---- | C] () -- I:\Windows\Dit.exe
[2012/01/27 18:39:39 | 000,061,440 | ---- | C] () -- I:\Windows\DitExp.exe
[2012/01/11 10:53:58 | 000,015,672 | ---- | C] () -- I:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/12/30 18:43:16 | 000,000,193 | ---- | C] () -- I:\Windows\System32\account.dat
[2011/12/22 20:23:07 | 000,748,544 | ---- | C] () -- I:\Windows\System32\protector.dll
[2011/11/16 14:39:38 | 000,129,024 | ---- | C] () -- I:\Windows\System32\AVERM.dll
[2011/11/16 14:39:38 | 000,028,672 | ---- | C] () -- I:\Windows\System32\AVEQT.dll
[2011/10/10 19:20:51 | 000,000,025 | ---- | C] () -- I:\Windows\CDE DX4800EFGIPSD.ini
[2011/10/10 09:53:23 | 000,089,430 | ---- | C] () -- I:\Windows\System32\EPPICPrinterDB.dat
[2011/10/10 09:53:23 | 000,026,154 | ---- | C] () -- I:\Windows\System32\EPPICPattern1.dat
[2011/10/10 09:53:23 | 000,024,903 | ---- | C] () -- I:\Windows\System32\EPPICPattern3.dat
[2011/10/10 09:53:23 | 000,021,390 | ---- | C] () -- I:\Windows\System32\EPPICPattern5.dat
[2011/10/10 09:53:23 | 000,020,148 | ---- | C] () -- I:\Windows\System32\EPPICPattern2.dat
[2011/10/10 09:53:23 | 000,011,811 | ---- | C] () -- I:\Windows\System32\EPPICPattern4.dat
[2011/10/10 09:53:23 | 000,004,943 | ---- | C] () -- I:\Windows\System32\EPPICPattern6.dat
[2011/10/10 09:53:23 | 000,001,146 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_DU.dat
[2011/10/10 09:53:23 | 000,001,139 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_PT.dat
[2011/10/10 09:53:23 | 000,001,139 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_BP.dat
[2011/10/10 09:53:23 | 000,001,136 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_ES.dat
[2011/10/10 09:53:23 | 000,001,129 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_FR.dat
[2011/10/10 09:53:23 | 000,001,129 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_CF.dat
[2011/10/10 09:53:23 | 000,001,120 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_IT.dat
[2011/10/10 09:53:23 | 000,001,107 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_GE.dat
[2011/10/10 09:53:23 | 000,001,104 | ---- | C] () -- I:\Windows\System32\EPPICPresetData_EN.dat
[2011/10/10 09:53:23 | 000,000,099 | ---- | C] () -- I:\Windows\System32\PICSDK.ini
[2011/10/05 16:26:55 | 000,001,324 | ---- | C] () -- I:\Windows\System32\.ini
[2011/10/04 11:16:25 | 001,294,449 | ---- | C] () -- I:\Windows\System32\drivers\sfi.dat
[2011/10/01 20:34:36 | 000,021,412 | ---- | C] () -- I:\Windows\System32\emptyregdb.dat
[2011/09/30 14:53:11 | 000,080,416 | ---- | C] () -- I:\Windows\System32\RtNicProp32.dll
[2011/09/29 19:56:24 | 000,024,944 | ---- | C] () -- I:\Windows\System32\drivers\GVTDrv.sys
[2011/09/29 17:33:01 | 000,208,896 | ---- | C] () -- I:\Windows\System32\CommCmd.dll
[2011/09/29 17:28:44 | 000,031,272 | ---- | C] () -- I:\Windows\System32\AppleChargerSrv.exe
[2011/09/29 17:28:44 | 000,019,496 | ---- | C] () -- I:\Windows\System32\drivers\AppleCharger.sys
[2011/09/29 17:23:36 | 000,000,010 | ---- | C] () -- I:\Windows\GSetup.ini
[2011/09/24 02:05:08 | 000,012,800 | ---- | C] () -- I:\Windows\System32\drivers\anodlwf.sys
[2011/09/24 02:05:03 | 000,013,931 | ---- | C] () -- I:\Windows\System32\RaCoInst.dat
[2011/09/10 17:16:56 | 000,000,090 | ---- | C] () -- I:\Windows\System32\ftm31.dat
[2011/09/10 14:55:12 | 000,253,008 | ---- | C] () -- I:\Windows\adirasx64.exe
[2011/09/10 14:55:10 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9P2.BIN
[2011/09/10 14:55:10 | 000,024,576 | ---- | C] () -- I:\Windows\enddisk32.exe
[2011/09/10 14:55:09 | 000,152,308 | ---- | C] () -- I:\Windows\System32\drivers\L1E4I2.BIN
[2011/09/10 14:55:09 | 000,152,306 | ---- | C] () -- I:\Windows\System32\drivers\L1E4I1.BIN
[2011/09/10 14:55:09 | 000,152,306 | ---- | C] () -- I:\Windows\System32\drivers\L1E4I0.BIN
[2011/09/10 14:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9P1.BIN
[2011/09/10 14:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9P0.BIN
[2011/09/10 14:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9I2.BIN
[2011/09/10 14:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9I1.BIN
[2011/09/10 14:55:09 | 000,152,126 | ---- | C] () -- I:\Windows\System32\drivers\L1E9I0.BIN
[2011/09/10 14:55:08 | 000,152,146 | ---- | C] () -- I:\Windows\System32\drivers\L1E4P2.BIN
[2011/09/10 14:55:08 | 000,152,145 | ---- | C] () -- I:\Windows\System32\drivers\L1E4P1.BIN
[2011/09/10 14:55:08 | 000,152,145 | ---- | C] () -- I:\Windows\System32\drivers\L1E4P0.BIN
[2011/09/10 14:55:08 | 000,152,036 | ---- | C] () -- I:\Windows\System32\drivers\L1E4D2.BIN
[2011/09/10 14:55:08 | 000,152,034 | ---- | C] () -- I:\Windows\System32\drivers\L1E4D1.BIN
[2011/09/10 14:55:08 | 000,152,034 | ---- | C] () -- I:\Windows\System32\drivers\L1E4D0.BIN
[2011/09/08 13:36:08 | 000,000,014 | ---- | C] () -- I:\Windows\adiras.ini
[2011/08/11 08:00:08 | 000,100,728 | ---- | C] () -- I:\Windows\System32\rsslink.dll
[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- I:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/04/13 10:52:09 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\10-strike
[2012/04/13 10:52:09 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\AMS Software
[2012/04/13 10:52:09 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Ashampoo
[2012/04/13 10:52:09 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Auslogics
[2012/04/13 10:52:09 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\CBS Interactive
[2012/04/13 10:52:09 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\EPSON
[2011/11/06 19:02:58 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Firetrust
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Foxit
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Foxit Software
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Foxmail
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\FreeFixer
[2011/10/05 02:01:11 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\GrabPro
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\gtk-2.0
[2011/10/23 11:39:17 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\ieSpell
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\IObit
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\KeePass
[2012/04/13 10:52:10 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\LibreOffice
[2012/04/13 10:52:12 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\MailWasherFree
[2012/04/13 10:52:12 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\MailWasherPro
[2012/04/13 10:52:15 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\OpenCandy
[2012/04/13 10:52:15 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Opera
[2012/04/30 18:46:48 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Orbit
[2012/04/13 10:52:17 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Pegasus Mail
[2011/12/23 00:25:13 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\PerformerSoft
[2012/04/13 10:52:17 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Postbox
[2012/04/13 10:52:17 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\ProgSense
[2012/04/13 10:52:17 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\QFX Software
[2012/04/13 10:52:18 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\TalkTalk
[2011/12/05 19:09:23 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\temp
[2012/04/13 10:52:18 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Thunderbird
[2012/04/13 10:52:19 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\tinySpell
[2012/04/13 10:52:19 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\TomTom
[2012/04/14 17:15:25 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\uTorrent
[2012/04/13 10:52:19 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\VSO
[2012/04/13 10:52:20 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Windows Live Writer
[2012/04/13 10:52:20 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\WinPatrol
[2012/04/13 10:52:20 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Xilisoft Corporation
[2012/04/13 10:52:20 | 000,000,000 | ---D | M] -- I:\Users\Robert\AppData\Roaming\Zoner
[2012/05/22 10:00:25 | 000,000,296 | ---- | M] () -- I:\Windows\Tasks\RtlDashSrvStart.job
[2009/07/14 05:53:46 | 000,030,896 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 778 bytes -> I:\Users\Robert\Documents\Irish interpretation, AND_Oh, Audi partner-ph.eml:OECustomProperty
@Alternate Data Stream - 734 bytes -> I:\Users\Robert\Documents\Has Europe ever had a will for war_.eml:OECustomProperty

< End of report >
  • 0

#6
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Here is the Extras.txt file

OTL Extras logfile created on: 22/05/2012 13:49:22 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = I:\Users\Robert\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 64.12% Memory free
8.73 Gb Paging File | 7.41 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): i:\pagefile.sys 5362 10725 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive E: | 76.32 Gb Total Space | 48.37 Gb Free Space | 63.37% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 166.38 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive I: | 465.75 Gb Total Space | 396.31 Gb Free Space | 85.09% Space Free | Partition Type: NTFS

Computer Name: BLACKBESS | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- I:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- I:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "I:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "I:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "I:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "I:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Orbitdownloader\orbitdm.exe" = I:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"I:\Program Files\Orbitdownloader\orbitnet.exe" = I:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4183034A-1833-4403-AC4C-6EBD77B456EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FE0FF6F7-E194-4CEF-99B2-29652630A1BA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040FBE76-774F-40A9-9158-F45ED45E5AF3}" = protocol=17 | dir=in | app=i:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{070D808F-3A93-43DB-A8DB-DCE300AC5EA4}" = protocol=17 | dir=in | app=i:\program files\microsoft lifecam\lifetray.exe |
"{42FD1312-CEDC-4158-BDEF-B4919F7FB013}" = protocol=6 | dir=in | app=i:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{592CC849-C1C4-4995-AC67-B031653B6CD5}" = protocol=6 | dir=in | app=i:\program files\microsoft lifecam\lifeenc2.exe |
"{605F096B-6973-48CB-8ADE-0BF652452DD4}" = protocol=17 | dir=in | app=i:\program files\microsoft lifecam\lifecam.exe |
"{72C4306C-E1A3-44C6-8489-3AB9031FE678}" = protocol=17 | dir=in | app=i:\program files\microsoft lifecam\lifeenc2.exe |
"{9D9183FD-7B87-4593-9CF7-920424A5D301}" = protocol=6 | dir=in | app=i:\program files\microsoft lifecam\lifecam.exe |
"{A1A49E0D-C332-4C77-9F5B-83029BDF6046}" = protocol=17 | dir=in | app=i:\program files\internet explorer\iexplore.exe |
"{BD05BE53-E573-41FF-8006-13DCEA3C1406}" = protocol=6 | dir=in | app=i:\program files\internet explorer\iexplore.exe |
"{C833B79E-91E6-40D1-93EC-34DC711EBEFB}" = protocol=6 | dir=in | app=i:\program files\microsoft lifecam\lifetray.exe |
"{DAD095B9-E860-477B-83BA-F32F3C9A89F3}" = protocol=6 | dir=in | app=i:\program files\microsoft lifecam\lifeexp.exe |
"{ED1CBC26-9790-4E50-B348-C20F6688C9DA}" = dir=in | app=i:\program files\windows live\contacts\wlcomm.exe |
"{EE049975-D9CE-49F6-9949-D3C79FD3D192}" = dir=in | app=i:\program files\skype\phone\skype.exe |
"{FF406405-E9A0-4844-AF60-6BA14925E221}" = protocol=17 | dir=in | app=i:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{082FBAA1-AF93-4E45-BF8F-1215AE0B9407}I:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=i:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{D68A0FCE-7F1A-4EBE-A44D-2E1893D26E6B}I:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=i:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{0B576672-3F9A-49CF-BE32-97D290F9CCE8}I:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=i:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{415F902A-4483-4D49-9337-1D6EB4C03DEF}I:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=i:\program files\orbitdownloader\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E8E4718-0702-4D33-B007-5E95849BAB3C}" = LibreOffice 3.5
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{4054210E-FCB5-4ACD-83ED-6BAD29F4E330}" = GN-BT06T Utility
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7604F21E-DAD2-4098-98CB-5552AABA58E9}" = LibreOffice 3.5 Help Pack (English)
"{7C92412D-E4CE-4128-8261-BC51A2423267}" = USB Reader Driver for Windows 98
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{91EA9C6F-1666-4426-9C80-85019A7A0D62}" = RtkDashClientInstaller
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"{CE6D9738-1116-4084-9606-AFE4FE6DAC8A}" = DWA-140 Driver
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Multi-Card Reader/Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alive MP3 WAV Converter_is1" = Alive MP3 WAV Converter version 3.0.2.8
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESDX4800_4200 User's Guide" = ESDX4800_4200 User's Guide
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Foxit Reader_is1" = Foxit Reader 5.1
"FreeFixer0.61" = FreeFixer
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallBrain Updater Service" = InstallBrain Updater Service
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"InstallShield_{7C92412D-E4CE-4128-8261-BC51A2423267}" = USB Reader Driver for Windows 98
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"jZip" = jZip
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Orbit_is1" = Orbit Downloader
"Rapport_msi" = Rapport
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"tinySpell_is1" = tinySpell 1.9.40
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Ultra Video Converter_is1" = Ultra Video Converter 4.6.0526
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinpkFilter Runtime Libraries" = WinpkFilter Runtime Libraries
"Xilisoft Video Converter Platinum" = Xilisoft Video Converter Platinum
"Zero Assumption Digital Image Recovery_is1" = Zero Assumption Digital Image Recovery 1.2
"ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14 FREE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/04/2012 06:31:27 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19f Faulting
process id: 0x17b8 Faulting application start time: 0x01cd1a29bcaf02a2 Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: fd2798e7-861c-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 06:55:29 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19e Faulting
process id: 0x13d4 Faulting application start time: 0x01cd1a2d1889289e Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: 589518cb-8620-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 06:55:29 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19e Faulting
process id: 0x1558 Faulting application start time: 0x01cd1a2d18883e3a Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: 58969f71-8620-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 07:29:50 | Computer Name = Blackbess | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "i:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "i:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 14/04/2012 10:20:13 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19e Faulting
process id: 0x7d0 Faulting application start time: 0x01cd1a49b2bff368 Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: f26ece19-863c-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 10:20:13 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19f Faulting
process id: 0x1754 Faulting application start time: 0x01cd1a49b2c104dc Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: f2716632-863c-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 10:21:01 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19e Faulting
process id: 0x12a0 Faulting application start time: 0x01cd1a49cf8506cf Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: 0f144b1a-863d-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 10:21:01 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19f Faulting
process id: 0x177c Faulting application start time: 0x01cd1a49cf8a0ff2 Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: 0f249f07-863d-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 10:21:46 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19e Faulting
process id: 0xc00 Faulting application start time: 0x01cd1a49e9fe25cb Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: 2a19a693-863d-11e1-b97c-1c6f654dc5f6

Error - 14/04/2012 10:21:46 | Computer Name = Blackbess | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_inetcpl.cpl, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: guard32.dll, version: 5.8.15089.2124,
time stamp: 0x4e8f3568 Exception code: 0xc00000fd Fault offset: 0x0001d19f Faulting
process id: 0x176c Faulting application start time: 0x01cd1a49ea02448b Faulting application
path: I:\Windows\system32\rundll32.exe Faulting module path: I:\Windows\system32\guard32.dll
Report
Id: 2a345ae7-863d-11e1-b97c-1c6f654dc5f6

[ System Events ]
Error - 21/05/2012 08:10:59 | Computer Name = Blackbess | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 21/05/2012 08:11:01 | Computer Name = Blackbess | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 21/05/2012 08:11:38 | Computer Name = Blackbess | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 21/05/2012 08:11:38 | Computer Name = Blackbess | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 21/05/2012 08:11:50 | Computer Name = Blackbess | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 21/05/2012 08:11:50 | Computer Name = Blackbess | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 21/05/2012 08:11:50 | Computer Name = Blackbess | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 21/05/2012 08:11:51 | Computer Name = Blackbess | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 22/05/2012 05:00:29 | Computer Name = Blackbess | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 22/05/2012 05:00:30 | Computer Name = Blackbess | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.


< End of report >
  • 0

#7
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi maliprog

Sorry there is a problem with the GMER Log scan.
After 6 hrs it was still scanning, but the log was not getting any bigger as the last file to show in the list had been there for over an hour, so I stopped the scan and I have lost the results, tomorrow I will do another scan and send it to you, my thanks for your help, regards Robert.
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi tyler4402,

OK. Leave GMER for now. Let's do these steps.

Step 1

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Open Spybot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - I:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (no name) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - No CLSID value found.
    [2012/05/22 13:35:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E5C908D0-58B8-4B26-9241-F8232E155C19}
    [2012/05/22 13:34:54 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D24946D8-B776-4142-AA20-F8200C457487}
    [2012/05/21 23:56:31 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{38275344-EB51-48B9-95F1-4308EF29BB04}
    [2012/05/21 23:56:20 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{FE1C66B0-537B-412C-8BE7-F494A4A08976}
    [2012/05/21 10:08:59 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{21CEE890-05BA-4B28-A3F3-1855B421E727}
    [2012/05/21 10:08:44 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1F775DC4-4458-4041-A759-640A6B80D1F1}
    [2012/05/20 13:02:03 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{EB4D1158-B26E-48CC-90DE-828CF111CF29}
    [2012/05/20 13:01:50 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5A5C3ED6-6811-4833-8649-00C3AF61FE07}
    [2012/05/20 00:27:17 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{26D8EF3C-E91A-4590-9758-D8194924688C}
    [2012/05/20 00:27:08 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{056C4185-5B2F-4DDE-83E9-019907FA476F}
    [2012/05/19 10:07:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1A08FC77-CAB6-4FFB-B7C0-37F18F35A6DD}
    [2012/05/19 10:07:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{45858EB9-E2FC-4FE2-8E22-090B3E239319}
    [2012/05/18 19:00:35 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{DD9E6883-5AAE-4AEF-89FE-9AFE1D0CF170}
    [2012/05/18 19:00:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BF216367-8236-43C9-8823-C4D308A7BA4A}
    [2012/05/17 22:04:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C74C6EA7-ACBE-42FB-AD67-BDCBC4635026}
    [2012/05/17 22:03:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BAE8DDF3-9AE8-4805-B8FC-B321826B217D}
    [2012/05/17 09:33:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{EC5E8C17-ECD5-4750-B0FA-8AD31F9C4F50}
    [2012/05/17 09:33:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1F58AEE5-5762-4073-ABA6-54981F20F3DF}
    [2012/05/16 21:32:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{57C512A9-4DE4-4016-A140-07FEAD47C5CC}
    [2012/05/16 21:31:51 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BE47556B-9CEF-4934-B55B-109F6ECBD338}
    [2012/05/16 09:31:26 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C1DA2010-EDCC-47E9-8B99-9699670C57BA}
    [2012/05/16 09:31:15 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F553B805-66BE-49A4-9531-6F2C22F5BEF3}
    [2012/05/15 15:35:54 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D23375AA-6A1F-4A2D-A805-B40242622186}
    [2012/05/15 15:35:43 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{44BCA1B4-F475-4DDF-BC85-F8C0780DB300}
    [2012/05/14 23:29:47 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{39589F5D-3CFF-44DC-BF4D-7341D013FE25}
    [2012/05/14 23:29:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3528144E-6485-471B-ADB4-CE7F457664DB}
    [2012/05/13 22:10:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0A1736D3-DCA4-4E0F-8FE1-01818310A281}
    [2012/05/13 22:10:41 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E085C2F1-BE1A-46C3-9AA5-91B9BF46E2C1}
    [2012/05/13 09:44:11 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BE5CEADB-7B17-433D-91F6-5347770A7F93}
    [2012/05/13 09:44:00 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{AF25ABB4-CE77-4DB1-AA7F-F204ED52CE62}
    [2012/05/12 15:32:31 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{432F4755-EECB-4219-8823-DDF6BC8D8CDE}
    [2012/05/12 15:32:20 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{23F15876-D66A-46C7-99B2-75E7BC02D35D}
    [2012/05/11 14:45:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0DC05435-EE9E-47BE-8B23-71E94463106C}
    [2012/05/11 14:45:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C46BF6FF-CF8C-406F-A189-C57F6BD4AE9E}
    [2012/05/10 22:20:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{08F21B2A-A40E-4401-BE52-274EDFE59BF2}
    [2012/05/10 22:19:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{80A5165C-D6A3-4E26-B04F-6E75C1AC0749}
    [2012/05/09 22:07:43 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{59D72107-E3C0-4103-9FAB-4A2638854E8B}
    [2012/05/09 22:07:32 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E5CF08F2-0408-4C57-802A-D53FA73AC351}
    [2012/05/09 10:07:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{43C055A4-0085-4C46-A5EB-FE63505D89D8}
    [2012/05/09 10:06:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D5846A2F-BB12-4C72-8AD2-50B1B5649E32}
    [2012/05/09 00:58:48 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{05753801-FB5C-4D13-9624-46268623FE29}
    [2012/05/08 10:09:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{9F09D7E0-24DB-4621-A570-9899C28A09EE}
    [2012/05/08 10:08:51 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0E5D1C94-02D8-40BE-83C4-9A003AC00278}
    [2012/05/07 00:04:33 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BDEDCA5A-F9D0-443D-8568-4DFDE2645778}
    [2012/05/07 00:04:22 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{718B7F89-66CF-47B3-84B8-DBA7E6A1F0E3}
    [2012/05/06 11:06:24 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{9DA2CC67-1DD7-4D43-ABA4-826AAB6D5BBF}
    [2012/05/06 11:06:14 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{CC0147E1-7A51-40AD-B7F1-11B4E44511F4}
    [2012/05/05 11:30:38 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3D2C6EDC-C377-43FD-AF80-B9673EA5BD1A}
    [2012/05/05 11:30:28 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{72C32E02-2F63-40AC-850C-219CE5A0D149}
    [2012/05/04 09:44:10 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{FCE20D5E-CD1B-4ED9-8A44-2B03DEC46EA5}
    [2012/05/04 09:43:59 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{A2B7B9C0-0042-4A5E-BEB2-7C36251BBFA7}
    [2012/05/03 16:24:07 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C68D1D2F-D064-4F5E-871E-A854BA55A127}
    [2012/05/03 16:23:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{798C8A85-E4C8-4D05-A801-424A168921F4}
    [2012/05/02 22:27:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{87844FE5-4006-4E5C-B138-D6E086A6F349}
    [2012/05/02 22:27:18 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{312D78EF-4526-450D-A519-C401DE5BC6A3}
    [2012/05/02 10:26:47 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{285FC9EC-2624-4308-8A86-B6CE224A97A6}
    [2012/05/02 10:26:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{CA9D2999-6C31-42C3-92E6-F497B58FD7D2}
    [2012/05/01 11:42:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F7F3AE42-D526-43E0-B882-9CCF6786FDB6}
    [2012/05/01 11:42:14 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{ED07AACC-E135-4898-B7D0-03A9A22F1B45}
    [2012/04/30 08:53:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{B4F8AAC1-8326-4131-A921-E42BB141CB7E}
    [2012/04/30 08:53:15 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5D700B43-9A1E-4EBA-9BE8-0B9794077C4D}
    [2012/04/29 15:35:45 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{2E852820-AD04-49E3-952C-A26A61665B56}
    [2012/04/29 15:35:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0EBE2B19-BD4A-4E75-B933-BD1E2B69EE33}
    [2012/04/27 08:58:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{320B7FAF-A9B0-4BEF-A176-04F1B5B6545F}
    [2012/04/27 08:58:41 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F1C73DEF-06B5-41F6-BC10-8CDFA1C46F71}
    [2012/04/26 14:04:11 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{39D65FDB-35A7-4B0D-8A9A-6DF101022BB0}
    [2012/04/26 14:04:01 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{73DDC856-DFAD-4843-A9BB-68C49FAE483A}
    [2012/04/25 13:44:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{6C388EFD-7860-4E3A-A884-FCCB6EADEC33}
    [2012/04/25 13:44:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BF3AA28B-FB6E-46B3-A3FF-5B01B9B7D94B}
    [2012/04/24 21:58:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{366E122D-FAAF-431C-BEB6-7F305D209DD4}
    [2012/04/24 21:58:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{7059DAAD-C32A-4976-941A-5E4789FC9F65}
    [2012/04/24 09:29:05 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{8C3A8027-30BC-4801-B2AD-FD72673AFFF4}
    [2012/04/24 09:28:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{948038DB-259A-4E4F-B0DE-23BE8711AF43}
    [2012/04/23 12:03:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{AB215320-57B6-4378-B4CC-6E2816B4543A}
    [2012/04/23 12:03:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{A7C1626B-392D-4266-903D-FCCDD348EC19}
    [2012/04/22 23:25:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C6C9A368-3B2E-4F67-A03D-A7D3A512460C}
    [2012/04/22 23:25:44 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{4A40CC98-3662-459E-9008-61A74DF24E46}


    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#9
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi maliprog
Sorry for the slow response, I have stopped SpyBot TeaTimer and Resident SD as requested, and I have run another OTL scan which gave a log File in Notepad, unfortunately although I can highlight the log and click copy, I cannot get the log to copy into the "CustomScans Fixers" box as when I oposite click in the box no menu with Paste is provided, if I click Run Fix with the logfile showing in notebook nothing happens.
And for your information when I run the OTL scan, after a few seconds it stops, if I click on the top area it says (Not Responding) but if I expand the dash board the scan restarts.
And I do however already have Malware Bytes installed on my PC which I run monthly.

Edited by tyler4402, 23 May 2012 - 04:48 PM.

  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

and I have run another OTL scan which gave a log File in Notepad, unfortunately although I can highlight the log and click copy, I cannot get the log to copy into the "CustomScans Fixers" box as when I oposite click in the box no menu with Paste is provided, if I click Run Fix with the logfile showing in notebook nothing happens.


You are doing it wrong and I'm frighten that you will damage your system. Please read my instructions carefully line by line!

You only have to copy and paste what I give you in my posts to OTL. You NEVER paste to OTL what OTL gives you in its logs after the run. Never!

Let me explain my Step 1 again.

First start OTL by double clicking on it on your desktop. Just start it and don't press any buttons jet.
Now copy everything from bellow, from Quote box:

:OTL
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - I:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (no name) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - No CLSID value found.
[2012/05/22 13:35:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E5C908D0-58B8-4B26-9241-F8232E155C19}
[2012/05/22 13:34:54 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D24946D8-B776-4142-AA20-F8200C457487}
[2012/05/21 23:56:31 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{38275344-EB51-48B9-95F1-4308EF29BB04}
[2012/05/21 23:56:20 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{FE1C66B0-537B-412C-8BE7-F494A4A08976}
[2012/05/21 10:08:59 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{21CEE890-05BA-4B28-A3F3-1855B421E727}
[2012/05/21 10:08:44 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1F775DC4-4458-4041-A759-640A6B80D1F1}
[2012/05/20 13:02:03 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{EB4D1158-B26E-48CC-90DE-828CF111CF29}
[2012/05/20 13:01:50 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5A5C3ED6-6811-4833-8649-00C3AF61FE07}
[2012/05/20 00:27:17 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{26D8EF3C-E91A-4590-9758-D8194924688C}
[2012/05/20 00:27:08 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{056C4185-5B2F-4DDE-83E9-019907FA476F}
[2012/05/19 10:07:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1A08FC77-CAB6-4FFB-B7C0-37F18F35A6DD}
[2012/05/19 10:07:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{45858EB9-E2FC-4FE2-8E22-090B3E239319}
[2012/05/18 19:00:35 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{DD9E6883-5AAE-4AEF-89FE-9AFE1D0CF170}
[2012/05/18 19:00:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BF216367-8236-43C9-8823-C4D308A7BA4A}
[2012/05/17 22:04:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C74C6EA7-ACBE-42FB-AD67-BDCBC4635026}
[2012/05/17 22:03:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BAE8DDF3-9AE8-4805-B8FC-B321826B217D}
[2012/05/17 09:33:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{EC5E8C17-ECD5-4750-B0FA-8AD31F9C4F50}
[2012/05/17 09:33:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{1F58AEE5-5762-4073-ABA6-54981F20F3DF}
[2012/05/16 21:32:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{57C512A9-4DE4-4016-A140-07FEAD47C5CC}
[2012/05/16 21:31:51 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BE47556B-9CEF-4934-B55B-109F6ECBD338}
[2012/05/16 09:31:26 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C1DA2010-EDCC-47E9-8B99-9699670C57BA}
[2012/05/16 09:31:15 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F553B805-66BE-49A4-9531-6F2C22F5BEF3}
[2012/05/15 15:35:54 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D23375AA-6A1F-4A2D-A805-B40242622186}
[2012/05/15 15:35:43 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{44BCA1B4-F475-4DDF-BC85-F8C0780DB300}
[2012/05/14 23:29:47 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{39589F5D-3CFF-44DC-BF4D-7341D013FE25}
[2012/05/14 23:29:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3528144E-6485-471B-ADB4-CE7F457664DB}
[2012/05/13 22:10:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0A1736D3-DCA4-4E0F-8FE1-01818310A281}
[2012/05/13 22:10:41 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E085C2F1-BE1A-46C3-9AA5-91B9BF46E2C1}
[2012/05/13 09:44:11 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BE5CEADB-7B17-433D-91F6-5347770A7F93}
[2012/05/13 09:44:00 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{AF25ABB4-CE77-4DB1-AA7F-F204ED52CE62}
[2012/05/12 15:32:31 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{432F4755-EECB-4219-8823-DDF6BC8D8CDE}
[2012/05/12 15:32:20 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{23F15876-D66A-46C7-99B2-75E7BC02D35D}
[2012/05/11 14:45:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0DC05435-EE9E-47BE-8B23-71E94463106C}
[2012/05/11 14:45:23 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C46BF6FF-CF8C-406F-A189-C57F6BD4AE9E}
[2012/05/10 22:20:04 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{08F21B2A-A40E-4401-BE52-274EDFE59BF2}
[2012/05/10 22:19:53 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{80A5165C-D6A3-4E26-B04F-6E75C1AC0749}
[2012/05/09 22:07:43 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{59D72107-E3C0-4103-9FAB-4A2638854E8B}
[2012/05/09 22:07:32 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{E5CF08F2-0408-4C57-802A-D53FA73AC351}
[2012/05/09 10:07:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{43C055A4-0085-4C46-A5EB-FE63505D89D8}
[2012/05/09 10:06:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{D5846A2F-BB12-4C72-8AD2-50B1B5649E32}
[2012/05/09 00:58:48 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{05753801-FB5C-4D13-9624-46268623FE29}
[2012/05/08 10:09:06 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{9F09D7E0-24DB-4621-A570-9899C28A09EE}
[2012/05/08 10:08:51 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0E5D1C94-02D8-40BE-83C4-9A003AC00278}
[2012/05/07 00:04:33 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BDEDCA5A-F9D0-443D-8568-4DFDE2645778}
[2012/05/07 00:04:22 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{718B7F89-66CF-47B3-84B8-DBA7E6A1F0E3}
[2012/05/06 11:06:24 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{9DA2CC67-1DD7-4D43-ABA4-826AAB6D5BBF}
[2012/05/06 11:06:14 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{CC0147E1-7A51-40AD-B7F1-11B4E44511F4}
[2012/05/05 11:30:38 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{3D2C6EDC-C377-43FD-AF80-B9673EA5BD1A}
[2012/05/05 11:30:28 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{72C32E02-2F63-40AC-850C-219CE5A0D149}
[2012/05/04 09:44:10 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{FCE20D5E-CD1B-4ED9-8A44-2B03DEC46EA5}
[2012/05/04 09:43:59 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{A2B7B9C0-0042-4A5E-BEB2-7C36251BBFA7}
[2012/05/03 16:24:07 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C68D1D2F-D064-4F5E-871E-A854BA55A127}
[2012/05/03 16:23:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{798C8A85-E4C8-4D05-A801-424A168921F4}
[2012/05/02 22:27:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{87844FE5-4006-4E5C-B138-D6E086A6F349}
[2012/05/02 22:27:18 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{312D78EF-4526-450D-A519-C401DE5BC6A3}
[2012/05/02 10:26:47 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{285FC9EC-2624-4308-8A86-B6CE224A97A6}
[2012/05/02 10:26:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{CA9D2999-6C31-42C3-92E6-F497B58FD7D2}
[2012/05/01 11:42:29 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F7F3AE42-D526-43E0-B882-9CCF6786FDB6}
[2012/05/01 11:42:14 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{ED07AACC-E135-4898-B7D0-03A9A22F1B45}
[2012/04/30 08:53:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{B4F8AAC1-8326-4131-A921-E42BB141CB7E}
[2012/04/30 08:53:15 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{5D700B43-9A1E-4EBA-9BE8-0B9794077C4D}
[2012/04/29 15:35:45 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{2E852820-AD04-49E3-952C-A26A61665B56}
[2012/04/29 15:35:34 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{0EBE2B19-BD4A-4E75-B933-BD1E2B69EE33}
[2012/04/27 08:58:52 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{320B7FAF-A9B0-4BEF-A176-04F1B5B6545F}
[2012/04/27 08:58:41 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{F1C73DEF-06B5-41F6-BC10-8CDFA1C46F71}
[2012/04/26 14:04:11 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{39D65FDB-35A7-4B0D-8A9A-6DF101022BB0}
[2012/04/26 14:04:01 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{73DDC856-DFAD-4843-A9BB-68C49FAE483A}
[2012/04/25 13:44:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{6C388EFD-7860-4E3A-A884-FCCB6EADEC33}
[2012/04/25 13:44:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{BF3AA28B-FB6E-46B3-A3FF-5B01B9B7D94B}
[2012/04/24 21:58:36 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{366E122D-FAAF-431C-BEB6-7F305D209DD4}
[2012/04/24 21:58:25 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{7059DAAD-C32A-4976-941A-5E4789FC9F65}
[2012/04/24 09:29:05 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{8C3A8027-30BC-4801-B2AD-FD72673AFFF4}
[2012/04/24 09:28:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{948038DB-259A-4E4F-B0DE-23BE8711AF43}
[2012/04/23 12:03:57 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{AB215320-57B6-4378-B4CC-6E2816B4543A}
[2012/04/23 12:03:46 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{A7C1626B-392D-4266-903D-FCCDD348EC19}
[2012/04/22 23:25:55 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{C6C9A368-3B2E-4F67-A03D-A7D3A512460C}
[2012/04/22 23:25:44 | 000,000,000 | ---D | C] -- I:\Users\Robert\AppData\Local\{4A40CC98-3662-459E-9008-61A74DF24E46}


:Commands
[purity]
[emptytemp]
[Reboot]


Now Paste code you copied from abow to Custom Scans/Fixes box at bottom of OTL.
Press Fix Now button and wait until you get log from OTL.
Copy and paste that log here for me. Bottom thing is that I need that log to see it. That is how it works.

If you have any questions please ask now. I'll explain it before you begin with the fix.
  • 0

Advertisements


#11
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi maliprog
Sorry to be so thick!! but if the instruction had been to paste the text below printed under quote "Into" rather than Under the Custom Scan File box, I would have twigged a bit faster, It does not help being a silver surfer, but when you speak slowly we usually get there in the end.
Many thanks for your patience, I hope the required text you need is appended below, regards Robert.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
I:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}\ not found.
I:\Users\Robert\AppData\Local\{E5C908D0-58B8-4B26-9241-F8232E155C19} folder moved successfully.
I:\Users\Robert\AppData\Local\{D24946D8-B776-4142-AA20-F8200C457487} folder moved successfully.
I:\Users\Robert\AppData\Local\{38275344-EB51-48B9-95F1-4308EF29BB04} folder moved successfully.
I:\Users\Robert\AppData\Local\{FE1C66B0-537B-412C-8BE7-F494A4A08976} folder moved successfully.
I:\Users\Robert\AppData\Local\{21CEE890-05BA-4B28-A3F3-1855B421E727} folder moved successfully.
I:\Users\Robert\AppData\Local\{1F775DC4-4458-4041-A759-640A6B80D1F1} folder moved successfully.
I:\Users\Robert\AppData\Local\{EB4D1158-B26E-48CC-90DE-828CF111CF29} folder moved successfully.
I:\Users\Robert\AppData\Local\{5A5C3ED6-6811-4833-8649-00C3AF61FE07} folder moved successfully.
I:\Users\Robert\AppData\Local\{26D8EF3C-E91A-4590-9758-D8194924688C} folder moved successfully.
I:\Users\Robert\AppData\Local\{056C4185-5B2F-4DDE-83E9-019907FA476F} folder moved successfully.
I:\Users\Robert\AppData\Local\{1A08FC77-CAB6-4FFB-B7C0-37F18F35A6DD} folder moved successfully.
I:\Users\Robert\AppData\Local\{45858EB9-E2FC-4FE2-8E22-090B3E239319} folder moved successfully.
I:\Users\Robert\AppData\Local\{DD9E6883-5AAE-4AEF-89FE-9AFE1D0CF170} folder moved successfully.
I:\Users\Robert\AppData\Local\{BF216367-8236-43C9-8823-C4D308A7BA4A} folder moved successfully.
I:\Users\Robert\AppData\Local\{C74C6EA7-ACBE-42FB-AD67-BDCBC4635026} folder moved successfully.
I:\Users\Robert\AppData\Local\{BAE8DDF3-9AE8-4805-B8FC-B321826B217D} folder moved successfully.
I:\Users\Robert\AppData\Local\{EC5E8C17-ECD5-4750-B0FA-8AD31F9C4F50} folder moved successfully.
I:\Users\Robert\AppData\Local\{1F58AEE5-5762-4073-ABA6-54981F20F3DF} folder moved successfully.
I:\Users\Robert\AppData\Local\{57C512A9-4DE4-4016-A140-07FEAD47C5CC} folder moved successfully.
I:\Users\Robert\AppData\Local\{BE47556B-9CEF-4934-B55B-109F6ECBD338} folder moved successfully.
I:\Users\Robert\AppData\Local\{C1DA2010-EDCC-47E9-8B99-9699670C57BA} folder moved successfully.
I:\Users\Robert\AppData\Local\{F553B805-66BE-49A4-9531-6F2C22F5BEF3} folder moved successfully.
I:\Users\Robert\AppData\Local\{D23375AA-6A1F-4A2D-A805-B40242622186} folder moved successfully.
I:\Users\Robert\AppData\Local\{44BCA1B4-F475-4DDF-BC85-F8C0780DB300} folder moved successfully.
I:\Users\Robert\AppData\Local\{39589F5D-3CFF-44DC-BF4D-7341D013FE25} folder moved successfully.
I:\Users\Robert\AppData\Local\{3528144E-6485-471B-ADB4-CE7F457664DB} folder moved successfully.
I:\Users\Robert\AppData\Local\{0A1736D3-DCA4-4E0F-8FE1-01818310A281} folder moved successfully.
I:\Users\Robert\AppData\Local\{E085C2F1-BE1A-46C3-9AA5-91B9BF46E2C1} folder moved successfully.
I:\Users\Robert\AppData\Local\{BE5CEADB-7B17-433D-91F6-5347770A7F93} folder moved successfully.
I:\Users\Robert\AppData\Local\{AF25ABB4-CE77-4DB1-AA7F-F204ED52CE62} folder moved successfully.
I:\Users\Robert\AppData\Local\{432F4755-EECB-4219-8823-DDF6BC8D8CDE} folder moved successfully.
I:\Users\Robert\AppData\Local\{23F15876-D66A-46C7-99B2-75E7BC02D35D} folder moved successfully.
I:\Users\Robert\AppData\Local\{0DC05435-EE9E-47BE-8B23-71E94463106C} folder moved successfully.
I:\Users\Robert\AppData\Local\{C46BF6FF-CF8C-406F-A189-C57F6BD4AE9E} folder moved successfully.
I:\Users\Robert\AppData\Local\{08F21B2A-A40E-4401-BE52-274EDFE59BF2} folder moved successfully.
I:\Users\Robert\AppData\Local\{80A5165C-D6A3-4E26-B04F-6E75C1AC0749} folder moved successfully.
I:\Users\Robert\AppData\Local\{59D72107-E3C0-4103-9FAB-4A2638854E8B} folder moved successfully.
I:\Users\Robert\AppData\Local\{E5CF08F2-0408-4C57-802A-D53FA73AC351} folder moved successfully.
I:\Users\Robert\AppData\Local\{43C055A4-0085-4C46-A5EB-FE63505D89D8} folder moved successfully.
I:\Users\Robert\AppData\Local\{D5846A2F-BB12-4C72-8AD2-50B1B5649E32} folder moved successfully.
I:\Users\Robert\AppData\Local\{05753801-FB5C-4D13-9624-46268623FE29} folder moved successfully.
I:\Users\Robert\AppData\Local\{9F09D7E0-24DB-4621-A570-9899C28A09EE} folder moved successfully.
I:\Users\Robert\AppData\Local\{0E5D1C94-02D8-40BE-83C4-9A003AC00278} folder moved successfully.
I:\Users\Robert\AppData\Local\{BDEDCA5A-F9D0-443D-8568-4DFDE2645778} folder moved successfully.
I:\Users\Robert\AppData\Local\{718B7F89-66CF-47B3-84B8-DBA7E6A1F0E3} folder moved successfully.
I:\Users\Robert\AppData\Local\{9DA2CC67-1DD7-4D43-ABA4-826AAB6D5BBF} folder moved successfully.
I:\Users\Robert\AppData\Local\{CC0147E1-7A51-40AD-B7F1-11B4E44511F4} folder moved successfully.
I:\Users\Robert\AppData\Local\{3D2C6EDC-C377-43FD-AF80-B9673EA5BD1A} folder moved successfully.
I:\Users\Robert\AppData\Local\{72C32E02-2F63-40AC-850C-219CE5A0D149} folder moved successfully.
I:\Users\Robert\AppData\Local\{FCE20D5E-CD1B-4ED9-8A44-2B03DEC46EA5} folder moved successfully.
I:\Users\Robert\AppData\Local\{A2B7B9C0-0042-4A5E-BEB2-7C36251BBFA7} folder moved successfully.
I:\Users\Robert\AppData\Local\{C68D1D2F-D064-4F5E-871E-A854BA55A127} folder moved successfully.
I:\Users\Robert\AppData\Local\{798C8A85-E4C8-4D05-A801-424A168921F4} folder moved successfully.
I:\Users\Robert\AppData\Local\{87844FE5-4006-4E5C-B138-D6E086A6F349} folder moved successfully.
I:\Users\Robert\AppData\Local\{312D78EF-4526-450D-A519-C401DE5BC6A3} folder moved successfully.
I:\Users\Robert\AppData\Local\{285FC9EC-2624-4308-8A86-B6CE224A97A6} folder moved successfully.
I:\Users\Robert\AppData\Local\{CA9D2999-6C31-42C3-92E6-F497B58FD7D2} folder moved successfully.
I:\Users\Robert\AppData\Local\{F7F3AE42-D526-43E0-B882-9CCF6786FDB6} folder moved successfully.
I:\Users\Robert\AppData\Local\{ED07AACC-E135-4898-B7D0-03A9A22F1B45} folder moved successfully.
I:\Users\Robert\AppData\Local\{B4F8AAC1-8326-4131-A921-E42BB141CB7E} folder moved successfully.
I:\Users\Robert\AppData\Local\{5D700B43-9A1E-4EBA-9BE8-0B9794077C4D} folder moved successfully.
I:\Users\Robert\AppData\Local\{2E852820-AD04-49E3-952C-A26A61665B56} folder moved successfully.
I:\Users\Robert\AppData\Local\{0EBE2B19-BD4A-4E75-B933-BD1E2B69EE33} folder moved successfully.
I:\Users\Robert\AppData\Local\{320B7FAF-A9B0-4BEF-A176-04F1B5B6545F} folder moved successfully.
I:\Users\Robert\AppData\Local\{F1C73DEF-06B5-41F6-BC10-8CDFA1C46F71} folder moved successfully.
I:\Users\Robert\AppData\Local\{39D65FDB-35A7-4B0D-8A9A-6DF101022BB0} folder moved successfully.
I:\Users\Robert\AppData\Local\{73DDC856-DFAD-4843-A9BB-68C49FAE483A} folder moved successfully.
I:\Users\Robert\AppData\Local\{6C388EFD-7860-4E3A-A884-FCCB6EADEC33} folder moved successfully.
I:\Users\Robert\AppData\Local\{BF3AA28B-FB6E-46B3-A3FF-5B01B9B7D94B} folder moved successfully.
I:\Users\Robert\AppData\Local\{366E122D-FAAF-431C-BEB6-7F305D209DD4} folder moved successfully.
I:\Users\Robert\AppData\Local\{7059DAAD-C32A-4976-941A-5E4789FC9F65} folder moved successfully.
I:\Users\Robert\AppData\Local\{8C3A8027-30BC-4801-B2AD-FD72673AFFF4} folder moved successfully.
I:\Users\Robert\AppData\Local\{948038DB-259A-4E4F-B0DE-23BE8711AF43} folder moved successfully.
I:\Users\Robert\AppData\Local\{AB215320-57B6-4378-B4CC-6E2816B4543A} folder moved successfully.
I:\Users\Robert\AppData\Local\{A7C1626B-392D-4266-903D-FCCDD348EC19} folder moved successfully.
I:\Users\Robert\AppData\Local\{C6C9A368-3B2E-4F67-A03D-A7D3A512460C} folder moved successfully.
I:\Users\Robert\AppData\Local\{4A40CC98-3662-459E-9008-61A74DF24E46} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Robert
->Temp folder emptied: 146359764 bytes
->Temporary Internet Files folder emptied: 41581564 bytes
->Java cache emptied: 1537138 bytes
->Google Chrome cache emptied: 20647981 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 6516 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31074958 bytes
RecycleBin emptied: 2685820889 bytes

Total Files Cleaned = 2,791.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05242012_100130

Edited by tyler4402, 24 May 2012 - 03:25 AM.

  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's it :thumbsup:

I just don't want to ruin your system instead fix it :lol:

OK. Update your Malwarebytes now and do Quick Scan. Post log it produce here for me so I can see it.
  • 0

#13
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi again maliprog
Thanks for your help, here is the Mal-bytes scan.
It would be nice if you can explain what the scans found and the corrections which the last scan did so that I can understand the process a bit more, and particularly (to prove or disprove to me if my feelings were correct) if there was actually anything suspicious in the few HJT files I sent to the forum for viewing, in fact baring in mind that I only have HJT to check with besides Comodo and Avast, and the monthly Mal-Bytes scan, for any pointers what to look for in the future to keep my PC running clean I will be most grateful, regards Robert.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.24.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16443
Robert :: BLACKBESS [administrator]

24/05/2012 11:53:56
mbam-log-2012-05-24 (11-53-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206327
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You were right about

O3 - Toolbar: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - (no file)

It's infection that redirect your searches to other search engines.

You were wrong about others. These are good files:

O4 - HKCU\..\Run: [ISUSPM Startup] I:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3619600033-2495703809-3358291532-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3619600033-2495703809-3358291532-1003\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

This is all system files and you need them :)

I don't recommend using HJT on your own. Please ask for expert help if you don't want to ruin your system. If you want to learn more about it then you should consider joining GeekU

Let's continue now...

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post.
  • 0

#15
tyler4402

tyler4402

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi maliprog

I have run the Kaspersky but the run time showing varied between 15 and 19 hrs., but after two hrs it stopped and the large button went Red, so I saved the file to a folder (scan 1), after that the button went to Gold and Kaspersky started scanning again, later my screen went black and a message came on

“Wndows-Bad Image” X Exception Processing Message 0x0000076 Perimeters Dx75A15874 0x75A15874 0x75A15874

After a long period the message went away and the PC rebooted to the Kaspersky dashboard which informed me that my PC had infections and "do I want the Kaspersky program", so I saved the file as number2 after I think that I clicked to remove them and I got a sort of hard sell message again of “do I want the Kaspersky program” and clicked No to the offer and the virus removal tool started scanning again, and I saved that scan as number 3

PS You might see a clone CD use this one listed, this is a program I get from my pal he adds "Use this one" after he has tested that it works, so I am not sure it is actually a nasty.

SCAN 1

Status: Deleted (events: 8)
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//data0017.res//SetupMgr.exe//data0016.res//InstallMgr.exe High
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//data0017.res//SetupMgr.exe//# High
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//#//data0016.res High
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//# High
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//data0017.res//SetupMgr.exe//data0016.res High
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//data0017.res//SetupMgr.exe High
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//data0017.res High
24/05/2012 16:57:15 Deleted Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe High

SCAN 2
Status: Detected (events: 1)
24/05/2012 15:04:02 Detected Trojan program Trojan-Downloader.Win32.VB.kzu G:\22 PC Program Downloads\Clone CD 5.3.0.1 & Clone DVD 2.9.1.0 (use this one)\CloneDVD 2.9.1.0.exe//data0017.res//SetupMgr.exe//data0016.res//InstallMgr.exe High

SCAN 3 is a long one and I am having trouble in copying it as each time I try my PC freezes or the Libre Office program I use does I'm not sure which? I will try to copy it and send it in another post. Regards Robert.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP