Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Removed Snap.do but cant get rid of home page [Solved]


  • This topic is locked This topic is locked

#1
snuffbox54

snuffbox54

    New Member

  • Member
  • Pip
  • 4 posts
Hi, I am running Windows 7. I tried to install an esp viewer, but ended up with snap.do installing itself. I uninstalled snap.do, but it still comes up as my Chrome home page. How can I get rid of this please? OTL log below.


OTL logfile created on: 10/4/2012 10:02:58 AM - Run 2
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Sue\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 37.78% Memory free
4.00 Gb Paging File | 2.30 Gb Available in Paging File | 57.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.08 Gb Total Space | 153.90 Gb Free Space | 51.98% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 1.12 Gb Free Space | 30.16% Space Free | Partition Type: FAT32

Computer Name: SUE-PC | User Name: Sue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/04 09:54:08 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Downloads\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/18 10:04:52 | 000,434,168 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2012/03/15 18:07:54 | 020,774,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
PRC - [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 21:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 21:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/13 21:16:16 | 000,984,408 | ---- | M] (Intuit Limited.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/13 19:24:30 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/23 05:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/11/10 14:34:38 | 000,100,120 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/16 15:21:06 | 001,500,160 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2011/06/08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/03/21 13:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/03/18 23:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 15:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/02/08 16:36:06 | 000,048,128 | ---- | M] (Farmade Management Systems Ltd) -- C:\Program Files\Farmade\GateKeeper\Farmade.GateKeeper.Services.Admin.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/05/08 00:29:37 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007/07/10 21:38:50 | 001,820,160 | ---- | M] (MSGTAG) -- C:\Program Files\MSGTAG Status\MSGTAGStatus.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 10:42:57 | 012,278,808 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 10:41:39 | 000,578,072 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 10:41:38 | 000,123,416 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/07/18 07:36:25 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\4120276831607734faabb10ce9d7c9e3\log4net.ni.dll
MOD - [2012/07/18 07:36:23 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/07/18 07:36:17 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/18 07:36:16 | 000,115,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\80c2b70cb2e57cc68746204cfd1aa39c\DeskUpdateNotifier.ni.exe
MOD - [2012/07/18 07:36:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/18 07:35:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/07/18 07:35:55 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/18 07:35:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/18 10:04:54 | 000,252,408 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012/05/18 10:04:54 | 000,067,576 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2012/05/18 10:04:44 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2012/05/18 10:04:44 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2012/05/18 10:04:44 | 000,019,456 | ---- | M] () -- C:\Program Files\MyTomTom 3\DeviceDetection.dll
MOD - [2012/05/18 10:04:42 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2012/05/18 10:04:42 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 07:47:20 | 000,540,672 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\ssp7mdu.dll
MOD - [2011/04/07 16:43:24 | 008,191,488 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2011/04/07 16:43:22 | 002,296,320 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2011/03/18 17:27:43 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/22 20:13:22 | 000,022,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2011/02/22 20:12:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2011/02/22 17:39:06 | 000,276,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2011/02/22 17:07:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll


========== Services (SafeList) ==========

SRV - [2012/09/21 18:27:35 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/13 19:24:30 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/01/26 14:04:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/02/08 16:36:06 | 000,048,128 | ---- | M] (Farmade Management Systems Ltd) [Auto | Running] -- C:\Program Files\Farmade\GateKeeper\Farmade.GateKeeper.Services.Admin.exe -- (GateKeeperStandaloneAdmin)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/18 17:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/05/08 00:29:37 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012/10/04 07:50:57 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C0FD6A1-157E-46DF-9D6E-6EBEB2E5A5D9}\MpKsl43ebc216.sys -- (MpKsl43ebc216)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/01/08 11:09:14 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/07/29 01:55:38 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/04/03 09:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/29 18:20:38 | 000,020,486 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{9AAEA9E4-7EF5-40A3-9907-D0B5A4F39AF6}: "URL" = http://www.google.co...ie7&rlz=1I7FTSF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/...3&searchtype=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {9AAEA9E4-7EF5-40A3-9907-D0B5A4F39AF6}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{9AAEA9E4-7EF5-40A3-9907-D0B5A4F39AF6}: "URL" = http://www.google.co...1I7FTSF_enGB416
IE - HKCU\..\SearchScopes\{D99D6213-8D03-4948-977B-D0CD0AF86872}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F9A968E7-2AE3-448F-B1F4-5D0268DED26C}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sue\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sue\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 08:41:08 | 000,000,000 | ---D | M]

[2011/05/11 07:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions
[2011/02/19 16:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/11 07:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://feed.snap.do/...3&searchtype=hp
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snap.do/...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://feed.snap.do/...3&searchtype=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: 20-20 3D Viewer for IKEA (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Word Search Puzzle = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: Pacman = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbeeddpeopkljgfedpnbpmenmeflcep\13.2464.6907_0\
CHR - Extension: PanicButton = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.1.0_0\
CHR - Extension: Sudoku for Google Chrome\u2122 = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifaabgmcffhggbfgjknkgenljelbocin\1.5_0\
CHR - Extension: Best Free Apps = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdmklnnfaaegjkclibjdlkcimnbkmli\1.0.0.1_0\
CHR - Extension: Angry Animals = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\infdddiloihkaljpbdeinahefaaldjkf\1.0.3_0\
CHR - Extension: Brain Waves = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikojchkbhnichnjehbhbloaiapifmk\3.0_0\
CHR - Extension: Gravity Duck = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\
CHR - Extension: Penguin Slice = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\okflagoeojoippcanifjmfmiahbgjngh\2_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [MSGTAG] C:\Program Files\MSGTAG Status\MSGTAGStatus.exe (MSGTAG)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPRN.lnk = C:\Program Files\DOSPRN\DOSprn.exe (DOSPRN)
O4 - Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4241ECD4-25CF-457B-AE9A-0D16A660FB4D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2011/08/15 15:48:17 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:22 | 000,000,024 | ---- | M] () - C:\autoexec.hnl -- [ NTFS ]
O33 - MountPoints2\{c77fe451-5521-11e0-8dbd-00199993f1ce}\Shell - "" = AutoRun
O33 - MountPoints2\{c77fe451-5521-11e0-8dbd-00199993f1ce}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/04 08:50:22 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Malwarebytes
[2012/10/04 08:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 08:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/04 08:50:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/04 08:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/04 07:31:32 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{48DD823D-18A3-4AEF-8F1D-EA25F9777F2F}
[2012/10/03 19:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{07C0E652-2409-422A-AAAD-EB95B9B1F8C9}
[2012/10/03 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{63672F19-E468-482D-9822-AC0F565A395B}
[2012/10/02 19:25:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{6C25CEE5-8545-435F-8DF9-0201D37F4B46}
[2012/10/02 07:24:43 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{9B5913BA-1D61-4892-A57A-7E95451AF661}
[2012/10/01 19:15:16 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{18F4C840-2378-4AFA-B1F8-EA66B329E868}
[2012/10/01 07:15:04 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{263CA276-8A1B-4309-B1FD-08D358D8323B}
[2012/09/30 11:02:00 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{69CC11AA-19BF-45AA-91F6-15BAADC89784}
[2012/09/29 08:16:18 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D17B78DA-982C-45B8-9FCB-E7D35BCEEE09}
[2012/09/28 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D3644A6F-F0BA-43A1-B07D-AF3DC3B5579B}
[2012/09/28 07:56:58 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E0029089-9945-4615-A652-FF07F46A6873}
[2012/09/27 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{F91BEC8A-547B-4637-94F5-6A7D1A11AF6B}
[2012/09/27 07:56:20 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D036FFA2-B982-4C46-BF1F-5123193125C8}
[2012/09/26 19:16:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7B101462-A4D1-4C70-8B2C-6D47DFE36052}
[2012/09/25 21:39:09 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7DD4CB26-19F4-4C52-813D-0A578481E93C}
[2012/09/25 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{66A7718A-F82D-48B8-8E8A-5984E732A7E3}
[2012/09/24 19:42:19 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{67B206D2-843D-415A-B0DE-02C9DFB25929}
[2012/09/24 07:42:04 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{B788C2A5-E8DB-455C-B519-E111F1F38AA9}
[2012/09/23 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D0A53B29-C3BE-4A74-B5D7-6CE4762F5BAE}
[2012/09/23 03:01:11 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{19A7544D-5DCA-41F9-927C-8C6FE71183AA}
[2012/09/22 08:10:25 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7399366D-0492-4875-89CB-C5DE419ABF72}
[2012/09/21 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{0DE748B8-AEEB-4558-AFC9-419BAEB6E916}
[2012/09/21 08:00:32 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{759375ED-EC3E-4607-A2A6-E000F952336F}
[2012/09/20 20:00:07 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E9E0687B-B1C3-44F8-B9B2-66940D374B1B}
[2012/09/20 07:59:55 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{B2B3D7F0-971F-4096-A35D-0A32BB9A782E}
[2012/09/19 19:59:29 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{4E9D2369-311F-48EB-A6BF-05B821B1C0B6}
[2012/09/19 07:59:17 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7F388B9C-3B17-46A5-9DBA-CEE4F92144F6}
[2012/09/18 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{A7510386-7730-42AC-A08E-51850BE0763C}
[2012/09/18 07:58:53 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{080ED22D-8AF9-47FC-9C9C-2786E938B6EA}
[2012/09/17 19:58:28 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{4125B328-3DA0-413A-AD88-211B1581FBCD}
[2012/09/17 07:58:16 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{9C540934-309E-4FF7-8362-9FCCB7E197CE}
[2012/09/16 19:57:51 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{2CDA559A-B75E-490F-9F97-453B4A2EB247}
[2012/09/16 07:57:38 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{4C16D089-86C0-4601-B42F-AE7A559075D6}
[2012/09/15 22:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/15 22:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/15 22:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/15 19:57:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{BCFE8AB8-E919-42BF-8210-E4C3464EBDAF}
[2012/09/15 07:56:46 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{6290E53E-380F-4376-B958-FBBDB7392A1F}
[2012/09/14 19:48:20 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{1F02B34D-9415-453A-9118-995B177D52D4}
[2012/09/14 07:48:07 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{B4E81274-5C23-49CB-AAFB-539A9E12CC28}
[2012/09/13 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E43E09DC-8BFD-4846-B3AE-C1E2020B9738}
[2012/09/13 07:40:52 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{0BA0FFAF-999C-4AC3-A946-ABF066DFE4AE}
[2012/09/12 08:22:24 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{9402A303-0F14-4F0F-8337-EE296D20E5F3}
[2012/09/11 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E52038ED-46E2-48E6-8D48-2381B5098495}
[2012/09/11 08:21:35 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{614432E0-F7FE-4677-839A-E27464272A66}
[2012/09/10 20:21:10 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7B6DC44A-BCC8-4172-9759-66A014731442}
[2012/09/10 08:20:45 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{DB1A76CF-77B0-450D-94A5-0062B9846DAA}
[2012/09/09 20:20:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{2977516E-FCE5-4C30-A079-10380277D6B4}
[2012/09/09 08:20:21 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{EB4A9FDC-324B-475F-9664-10A5F917E68C}
[2012/09/08 19:42:41 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{2B5CAA7F-867D-46FB-BAF0-7EBB3D218450}
[2012/09/08 07:42:29 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{52831983-6DA3-4572-B7B5-8BA5A2927D08}
[2012/09/07 19:42:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{C61AC8FC-E3AC-47A1-8EBC-D9DF99DB2A96}
[2012/09/07 09:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/07 07:41:38 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{A424E7B3-760D-44DF-A6ED-7CD235817579}
[2012/09/06 19:41:26 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{67FC67C2-119B-445D-96AF-7EC38E6DBE51}
[2012/09/06 07:41:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{01947532-C544-4560-9016-78FFD82999BB}
[2012/09/05 19:12:43 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{75B8CD12-9E82-4F53-9216-79B67DBB1CE0}
[2012/09/05 07:12:18 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{68682495-4257-476A-A7D5-B035CC790F03}
[2012/09/04 19:11:53 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{6703DB1F-BCEC-47AE-B7D9-F1DA8C61DA8D}

========== Files - Modified Within 30 Days ==========

[2012/10/04 09:38:59 | 000,044,974 | ---- | M] () -- C:\Users\Sue\Desktop\cc_20121004_093847.reg
[2012/10/04 09:37:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1080675529-266105902-1238966371-1000UA.job
[2012/10/04 09:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/04 09:07:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 07:58:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 07:58:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 07:50:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 07:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/04 07:49:55 | 1609,371,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 19:37:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1080675529-266105902-1238966371-1000Core.job
[2012/10/01 22:11:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/01 22:11:02 | 000,718,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/01 22:11:02 | 000,146,326 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/26 18:42:02 | 000,002,441 | ---- | M] () -- C:\Users\Sue\Desktop\Google Chrome.lnk
[2012/09/17 17:12:23 | 000,015,101 | ---- | M] () -- C:\Users\Sue\Desktop\Profit_Loss DRAFT 31.3.12.pdf
[2012/09/17 17:11:58 | 000,014,201 | ---- | M] () -- C:\Users\Sue\Desktop\Balance Sheet DRAFT 31.3.12.pdf
[2012/09/15 22:05:01 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 14:09:15 | 000,003,590 | ---- | M] () -- C:\Users\Sue\Desktop\HARVEST 2012 GRAIN SALES REPORTS - Shortcut.lnk
[2012/09/07 11:14:34 | 000,052,224 | ---- | M] () -- C:\Users\Sue\Documents\Crop Budget template.xlt
[2012/09/07 11:13:22 | 000,003,406 | ---- | M] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut (2).lnk
[2012/09/07 11:11:48 | 000,003,406 | ---- | M] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/10/04 09:38:53 | 000,044,974 | ---- | C] () -- C:\Users\Sue\Desktop\cc_20121004_093847.reg
[2012/09/17 17:12:21 | 000,015,101 | ---- | C] () -- C:\Users\Sue\Desktop\Profit_Loss DRAFT 31.3.12.pdf
[2012/09/17 17:11:57 | 000,014,201 | ---- | C] () -- C:\Users\Sue\Desktop\Balance Sheet DRAFT 31.3.12.pdf
[2012/09/15 22:05:01 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/07 14:09:15 | 000,003,590 | ---- | C] () -- C:\Users\Sue\Desktop\HARVEST 2012 GRAIN SALES REPORTS - Shortcut.lnk
[2012/09/07 11:13:22 | 000,003,406 | ---- | C] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut (2).lnk
[2012/09/07 11:11:48 | 000,003,406 | ---- | C] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut.lnk
[2012/05/22 09:20:48 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/08/15 15:55:13 | 000,000,234 | R--- | C] () -- C:\Windows\HNL.INI
[2011/08/15 15:55:13 | 000,000,102 | ---- | C] () -- C:\Windows\ddrffx.ini
[2011/08/15 15:55:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\StrCat.dll
[2011/08/15 15:48:26 | 000,045,345 | ---- | C] () -- C:\Windows\wlast.exe
[2011/08/15 15:48:26 | 000,045,317 | ---- | C] () -- C:\Windows\wthis.exe
[2011/08/15 15:48:26 | 000,045,310 | ---- | C] () -- C:\Windows\wtutor.exe
[2011/07/19 11:11:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/19 10:20:31 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/07/19 10:19:22 | 000,000,063 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/07/19 10:19:01 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/07/19 10:19:01 | 000,020,486 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/07/19 10:19:01 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/07/19 10:19:01 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/06/22 07:47:58 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/04/18 08:59:59 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw30.bin
[2011/04/05 11:39:50 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/03/22 17:48:08 | 000,003,584 | ---- | C] () -- C:\Users\Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 17:22:49 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/22 16:29:23 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll
[2011/02/19 18:36:36 | 000,000,090 | ---- | C] () -- C:\Windows\System32\ftm31.dat
[2010/11/18 14:07:52 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/11/18 14:07:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/11/18 14:07:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/11/18 14:07:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/11/18 14:07:48 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/11/18 14:07:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/11/18 14:07:47 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/11/18 14:07:47 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/09 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Amazon
[2011/01/26 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\AVG10
[2011/04/11 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Bidgood Svcs
[2012/05/17 10:48:30 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Canon
[2012/10/04 07:52:12 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Dropbox
[2011/02/19 18:36:29 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Firetrust
[2011/08/31 16:39:31 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Foxit Software
[2012/05/03 08:52:56 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\GARMIN
[2012/10/04 08:26:02 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\MSGTAG
[2011/07/20 08:07:28 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Nokia
[2011/07/20 10:55:40 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\PC Suite
[2011/07/04 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Serif
[2011/04/11 08:41:54 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\shrink_pic
[2011/02/19 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Thunderbird
[2011/03/19 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\tidysongs16
[2011/05/11 07:24:22 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\TomTom
[2012/06/19 15:06:57 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\TuneUpMedia
[2011/02/22 09:58:44 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 921 bytes -> C:\Users\Sue\Documents\easyJet booking reference_ EHTQZVP.eml:OECustomProperty
@Alternate Data Stream - 869 bytes -> C:\Users\Sue\Documents\Cat Taylor Grill 2012.eml:OECustomProperty
@Alternate Data Stream - 857 bytes -> C:\Users\Sue\Documents\FW_ 100%- What can I say!.eml:OECustomProperty
@Alternate Data Stream - 1009 bytes -> C:\Users\Sue\Documents\Mailwasher pro renewal 5-10-1.eml:OECustomProperty

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :Commands
    [createrestorepoint]

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/...3&searchtype=hp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
    CHR - homepage: http://feed.snap.do/...3&searchtype=hp
    CHR - default_search_provider: search_url = http://feed.snap.do/...q={searchTerms}
    CHR - homepage: http://feed.snap.do/...3&searchtype=hp
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [reboot]

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
snuffbox54

snuffbox54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, thanks for replying.
I have run the fix and this is the log -

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sue\Downloads\cmd.bat deleted successfully.
C:\Users\Sue\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Downloads\cmd.bat deleted successfully.
C:\Users\Sue\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Downloads\cmd.bat deleted successfully.
C:\Users\Sue\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Downloads\cmd.bat deleted successfully.
C:\Users\Sue\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Downloads\cmd.bat deleted successfully.
C:\Users\Sue\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sue
->Temp folder emptied: 20454588 bytes
->Temporary Internet Files folder emptied: 12828376 bytes
->Java cache emptied: 469860 bytes
->Google Chrome cache emptied: 80322175 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57137 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17412 bytes
RecycleBin emptied: 65241 bytes

Total Files Cleaned = 109.00 mb


OTL by OldTimer - Version 3.2.70.2 log created on 10052012_154523

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Here is the Quick Scan report -

OTL logfile created on: 10/5/2012 3:51:25 PM - Run 3
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Sue\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.91% Memory free
4.00 Gb Paging File | 2.70 Gb Available in Paging File | 67.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.08 Gb Total Space | 154.55 Gb Free Space | 52.20% Space Free | Partition Type: NTFS

Computer Name: SUE-PC | User Name: Sue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/04 09:54:08 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Downloads\OTL.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/18 10:04:52 | 000,434,168 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 21:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 21:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/13 21:16:16 | 000,984,408 | ---- | M] (Intuit Limited.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/13 19:24:30 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/23 05:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/11/10 14:34:38 | 000,100,120 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/16 15:21:06 | 001,500,160 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2011/06/08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/03/21 13:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 15:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/06/07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/02/08 16:36:06 | 000,048,128 | ---- | M] (Farmade Management Systems Ltd) -- C:\Program Files\Farmade\GateKeeper\Farmade.GateKeeper.Services.Admin.exe
PRC - [2009/12/02 14:41:54 | 000,184,320 | ---- | M] () -- C:\Users\Sue\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/05/08 00:29:37 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007/07/10 21:38:50 | 001,820,160 | ---- | M] (MSGTAG) -- C:\Program Files\MSGTAG Status\MSGTAGStatus.exe
PRC - [2006/10/29 20:45:08 | 000,815,104 | ---- | M] (DOSPRN) -- C:\Program Files\DOSPRN\DOSprn.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 10:41:39 | 000,578,072 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 10:41:38 | 000,123,416 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/07/18 07:36:25 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\4120276831607734faabb10ce9d7c9e3\log4net.ni.dll
MOD - [2012/07/18 07:36:23 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/07/18 07:36:17 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/18 07:36:16 | 000,115,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\80c2b70cb2e57cc68746204cfd1aa39c\DeskUpdateNotifier.ni.exe
MOD - [2012/07/18 07:36:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/18 07:35:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/07/18 07:35:55 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/18 07:35:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/18 10:04:54 | 000,252,408 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012/05/18 10:04:54 | 000,067,576 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2012/05/18 10:04:44 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2012/05/18 10:04:44 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2012/05/18 10:04:44 | 000,019,456 | ---- | M] () -- C:\Program Files\MyTomTom 3\DeviceDetection.dll
MOD - [2012/05/18 10:04:42 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2012/05/18 10:04:42 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 07:47:20 | 000,540,672 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\ssp7mdu.dll
MOD - [2011/04/07 16:43:24 | 008,191,488 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2011/04/07 16:43:22 | 002,296,320 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2011/02/22 20:13:22 | 000,022,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2011/02/22 20:12:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2011/02/22 17:39:06 | 000,276,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2011/02/22 17:07:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2010/06/07 11:35:35 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009/12/02 14:41:54 | 000,184,320 | ---- | M] () -- C:\Users\Sue\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe


========== Services (SafeList) ==========

SRV - [2012/09/21 18:27:35 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/13 19:24:30 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/01/26 14:04:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/02/08 16:36:06 | 000,048,128 | ---- | M] (Farmade Management Systems Ltd) [Auto | Running] -- C:\Program Files\Farmade\GateKeeper\Farmade.GateKeeper.Services.Admin.exe -- (GateKeeperStandaloneAdmin)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/18 17:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/05/08 00:29:37 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012/10/05 15:48:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F08D4F41-14E1-487D-8360-02A1A99CDB79}\MpKsl3a22aa2a.sys -- (MpKsl3a22aa2a)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/01/08 11:09:14 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/07/29 01:55:38 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/04/03 09:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/29 18:20:38 | 000,020,486 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{9AAEA9E4-7EF5-40A3-9907-D0B5A4F39AF6}: "URL" = http://www.google.co...ie7&rlz=1I7FTSF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {9AAEA9E4-7EF5-40A3-9907-D0B5A4F39AF6}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{9AAEA9E4-7EF5-40A3-9907-D0B5A4F39AF6}: "URL" = http://www.google.co...1I7FTSF_enGB416
IE - HKCU\..\SearchScopes\{D99D6213-8D03-4948-977B-D0CD0AF86872}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F9A968E7-2AE3-448F-B1F4-5D0268DED26C}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sue\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sue\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 08:41:08 | 000,000,000 | ---D | M]

[2011/05/11 07:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions
[2011/02/19 16:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/11 07:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: 20-20 3D Viewer for IKEA (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Word Search Puzzle = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: Pacman = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbeeddpeopkljgfedpnbpmenmeflcep\13.2464.6907_0\
CHR - Extension: PanicButton = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.1.0_0\
CHR - Extension: Sudoku for Google Chrome\u2122 = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifaabgmcffhggbfgjknkgenljelbocin\1.5_0\
CHR - Extension: Best Free Apps = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdmklnnfaaegjkclibjdlkcimnbkmli\1.0.0.1_0\
CHR - Extension: Angry Animals = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\infdddiloihkaljpbdeinahefaaldjkf\1.0.3_0\
CHR - Extension: Brain Waves = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikojchkbhnichnjehbhbloaiapifmk\3.0_0\
CHR - Extension: Gravity Duck = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\
CHR - Extension: Penguin Slice = C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\okflagoeojoippcanifjmfmiahbgjngh\2_0\

O1 HOSTS File: ([2012/10/05 15:46:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [MSGTAG] C:\Program Files\MSGTAG Status\MSGTAGStatus.exe (MSGTAG)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SJelite3Launch] C:\Users\Sue\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPRN.lnk = C:\Program Files\DOSPRN\DOSprn.exe (DOSPRN)
O4 - Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sue\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4241ECD4-25CF-457B-AE9A-0D16A660FB4D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2011/08/15 15:48:17 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:22 | 000,000,024 | ---- | M] () - C:\autoexec.hnl -- [ NTFS ]
O33 - MountPoints2\{c77fe451-5521-11e0-8dbd-00199993f1ce}\Shell - "" = AutoRun
O33 - MountPoints2\{c77fe451-5521-11e0-8dbd-00199993f1ce}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\York
[2012/10/05 15:32:32 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\OpenOffice.org 2.4 (en-US) Installation Files
[2012/10/05 15:32:31 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Old data
[2012/10/05 15:24:01 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Family Day Pictures 2006
[2012/10/05 15:24:01 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Family Day Pictures 2005
[2012/10/05 15:24:01 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Family Day Pictures 2004
[2012/10/05 15:23:51 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\eDonkey2000 Downloads
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\CyberLink
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Cowcash UK
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Colt Telecom
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Chris Photos
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Cats Stuff
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Cargill
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\camera photos
[2012/10/05 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Bill analyser
[2012/10/05 15:12:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Transcend
[2012/10/05 14:27:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/05 07:52:12 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7E20579A-1B16-4DC0-AA32-27631FEEA742}
[2012/10/04 08:50:22 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Malwarebytes
[2012/10/04 08:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/04 07:31:32 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{48DD823D-18A3-4AEF-8F1D-EA25F9777F2F}
[2012/10/03 19:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{07C0E652-2409-422A-AAAD-EB95B9B1F8C9}
[2012/10/03 07:30:54 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{63672F19-E468-482D-9822-AC0F565A395B}
[2012/10/02 19:25:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{6C25CEE5-8545-435F-8DF9-0201D37F4B46}
[2012/10/02 07:24:43 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{9B5913BA-1D61-4892-A57A-7E95451AF661}
[2012/10/01 19:15:16 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{18F4C840-2378-4AFA-B1F8-EA66B329E868}
[2012/10/01 07:15:04 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{263CA276-8A1B-4309-B1FD-08D358D8323B}
[2012/09/30 11:02:00 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{69CC11AA-19BF-45AA-91F6-15BAADC89784}
[2012/09/29 08:16:18 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D17B78DA-982C-45B8-9FCB-E7D35BCEEE09}
[2012/09/28 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D3644A6F-F0BA-43A1-B07D-AF3DC3B5579B}
[2012/09/28 07:56:58 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E0029089-9945-4615-A652-FF07F46A6873}
[2012/09/27 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{F91BEC8A-547B-4637-94F5-6A7D1A11AF6B}
[2012/09/27 07:56:20 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D036FFA2-B982-4C46-BF1F-5123193125C8}
[2012/09/26 19:16:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7B101462-A4D1-4C70-8B2C-6D47DFE36052}
[2012/09/25 21:39:09 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7DD4CB26-19F4-4C52-813D-0A578481E93C}
[2012/09/25 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{66A7718A-F82D-48B8-8E8A-5984E732A7E3}
[2012/09/24 19:42:19 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{67B206D2-843D-415A-B0DE-02C9DFB25929}
[2012/09/24 07:42:04 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{B788C2A5-E8DB-455C-B519-E111F1F38AA9}
[2012/09/23 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{D0A53B29-C3BE-4A74-B5D7-6CE4762F5BAE}
[2012/09/23 03:01:11 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{19A7544D-5DCA-41F9-927C-8C6FE71183AA}
[2012/09/22 08:10:25 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7399366D-0492-4875-89CB-C5DE419ABF72}
[2012/09/21 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{0DE748B8-AEEB-4558-AFC9-419BAEB6E916}
[2012/09/21 08:00:32 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{759375ED-EC3E-4607-A2A6-E000F952336F}
[2012/09/20 20:00:07 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E9E0687B-B1C3-44F8-B9B2-66940D374B1B}
[2012/09/20 07:59:55 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{B2B3D7F0-971F-4096-A35D-0A32BB9A782E}
[2012/09/19 19:59:29 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{4E9D2369-311F-48EB-A6BF-05B821B1C0B6}
[2012/09/19 07:59:17 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7F388B9C-3B17-46A5-9DBA-CEE4F92144F6}
[2012/09/18 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{A7510386-7730-42AC-A08E-51850BE0763C}
[2012/09/18 07:58:53 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{080ED22D-8AF9-47FC-9C9C-2786E938B6EA}
[2012/09/17 19:58:28 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{4125B328-3DA0-413A-AD88-211B1581FBCD}
[2012/09/17 07:58:16 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{9C540934-309E-4FF7-8362-9FCCB7E197CE}
[2012/09/16 19:57:51 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{2CDA559A-B75E-490F-9F97-453B4A2EB247}
[2012/09/16 07:57:38 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{4C16D089-86C0-4601-B42F-AE7A559075D6}
[2012/09/15 22:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/15 22:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/15 22:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/15 19:57:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{BCFE8AB8-E919-42BF-8210-E4C3464EBDAF}
[2012/09/15 07:56:46 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{6290E53E-380F-4376-B958-FBBDB7392A1F}
[2012/09/14 19:48:20 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{1F02B34D-9415-453A-9118-995B177D52D4}
[2012/09/14 07:48:07 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{B4E81274-5C23-49CB-AAFB-539A9E12CC28}
[2012/09/13 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E43E09DC-8BFD-4846-B3AE-C1E2020B9738}
[2012/09/13 07:40:52 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{0BA0FFAF-999C-4AC3-A946-ABF066DFE4AE}
[2012/09/12 08:22:24 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{9402A303-0F14-4F0F-8337-EE296D20E5F3}
[2012/09/11 20:21:59 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{E52038ED-46E2-48E6-8D48-2381B5098495}
[2012/09/11 08:21:35 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{614432E0-F7FE-4677-839A-E27464272A66}
[2012/09/10 20:21:10 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{7B6DC44A-BCC8-4172-9759-66A014731442}
[2012/09/10 08:20:45 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{DB1A76CF-77B0-450D-94A5-0062B9846DAA}
[2012/09/09 20:20:33 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{2977516E-FCE5-4C30-A079-10380277D6B4}
[2012/09/09 08:20:21 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{EB4A9FDC-324B-475F-9664-10A5F917E68C}
[2012/09/08 19:42:41 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{2B5CAA7F-867D-46FB-BAF0-7EBB3D218450}
[2012/09/08 07:42:29 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{52831983-6DA3-4572-B7B5-8BA5A2927D08}
[2012/09/07 19:42:03 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{C61AC8FC-E3AC-47A1-8EBC-D9DF99DB2A96}
[2012/09/07 09:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/07 07:41:38 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{A424E7B3-760D-44DF-A6ED-7CD235817579}
[2012/09/06 19:41:26 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{67FC67C2-119B-445D-96AF-7EC38E6DBE51}
[2012/09/06 07:41:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{01947532-C544-4560-9016-78FFD82999BB}
[2012/09/05 19:12:43 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\{75B8CD12-9E82-4F53-9216-79B67DBB1CE0}

========== Files - Modified Within 30 Days ==========

[2012/10/05 15:55:25 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 15:55:25 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 15:48:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/05 15:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 15:47:53 | 1609,371,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 15:46:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/05 15:37:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1080675529-266105902-1238966371-1000UA.job
[2012/10/05 15:26:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/05 15:07:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 15:03:05 | 000,730,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/05 15:03:05 | 000,150,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/03 19:37:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1080675529-266105902-1238966371-1000Core.job
[2012/10/01 22:11:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/26 18:42:02 | 000,002,441 | ---- | M] () -- C:\Users\Sue\Desktop\Google Chrome.lnk
[2012/09/15 22:05:01 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/07 14:09:15 | 000,003,590 | ---- | M] () -- C:\Users\Sue\Desktop\HARVEST 2012 GRAIN SALES REPORTS - Shortcut.lnk
[2012/09/07 11:14:32 | 000,052,224 | ---- | M] () -- C:\Users\Sue\Documents\Crop Budget template.xlt
[2012/09/07 11:13:22 | 000,003,406 | ---- | M] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut (2).lnk
[2012/09/07 11:11:48 | 000,003,406 | ---- | M] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/09/15 22:05:01 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/07 14:09:15 | 000,003,590 | ---- | C] () -- C:\Users\Sue\Desktop\HARVEST 2012 GRAIN SALES REPORTS - Shortcut.lnk
[2012/09/07 11:13:22 | 000,003,406 | ---- | C] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut (2).lnk
[2012/09/07 11:11:48 | 000,003,406 | ---- | C] () -- C:\Users\Sue\Desktop\UOM Outtake 2012-13 - Shortcut.lnk
[2012/05/22 09:20:48 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/08/15 15:55:13 | 000,000,234 | R--- | C] () -- C:\Windows\HNL.INI
[2011/08/15 15:55:13 | 000,000,102 | ---- | C] () -- C:\Windows\ddrffx.ini
[2011/08/15 15:55:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\StrCat.dll
[2011/08/15 15:48:26 | 000,045,345 | ---- | C] () -- C:\Windows\wlast.exe
[2011/08/15 15:48:26 | 000,045,317 | ---- | C] () -- C:\Windows\wthis.exe
[2011/08/15 15:48:26 | 000,045,310 | ---- | C] () -- C:\Windows\wtutor.exe
[2011/07/19 11:11:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/19 10:20:31 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/07/19 10:19:22 | 000,000,063 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/07/19 10:19:01 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/07/19 10:19:01 | 000,020,486 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/07/19 10:19:01 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/07/19 10:19:01 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/06/22 07:47:58 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/04/18 08:59:59 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw30.bin
[2011/04/05 11:39:50 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/03/22 17:48:08 | 000,003,584 | ---- | C] () -- C:\Users\Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 17:22:49 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/22 16:29:23 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll
[2011/02/19 18:36:36 | 000,000,090 | ---- | C] () -- C:\Windows\System32\ftm31.dat
[2010/11/18 14:07:52 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/11/18 14:07:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/11/18 14:07:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/11/18 14:07:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/11/18 14:07:48 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/11/18 14:07:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/11/18 14:07:47 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/11/18 14:07:47 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/09 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Amazon
[2011/01/26 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\AVG10
[2011/04/11 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Bidgood Svcs
[2012/05/17 10:48:30 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Canon
[2012/10/05 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Dropbox
[2011/02/19 18:36:29 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Firetrust
[2011/08/31 16:39:31 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Foxit Software
[2012/05/03 08:52:56 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\GARMIN
[2012/10/05 14:16:15 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\MSGTAG
[2011/07/20 08:07:28 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Nokia
[2011/07/20 10:55:40 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\PC Suite
[2011/07/04 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Serif
[2011/04/11 08:41:54 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\shrink_pic
[2011/02/19 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Thunderbird
[2011/03/19 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\tidysongs16
[2011/05/11 07:24:22 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\TomTom
[2012/10/05 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Transcend
[2012/06/19 15:06:57 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\TuneUpMedia
[2011/02/22 09:58:44 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 921 bytes -> C:\Users\Sue\Documents\easyJet booking reference_ EHTQZVP.eml:OECustomProperty
@Alternate Data Stream - 869 bytes -> C:\Users\Sue\Documents\Cat Taylor Grill 2012.eml:OECustomProperty
@Alternate Data Stream - 857 bytes -> C:\Users\Sue\Documents\FW_ 100%- What can I say!.eml:OECustomProperty
@Alternate Data Stream - 1009 bytes -> C:\Users\Sue\Documents\Mailwasher pro renewal 5-10-1.eml:OECustomProperty

< End of report >
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click on Report sending and then the link avptool sysinfo.zip (open the file manager) to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#5
snuffbox54

snuffbox54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I ran Kaspersky VRT but it didn't find any threats. Does this mean I am safe? Hope so, as I will be away from home for a few day after Sat night and won't be back until Friday next week.
Many thanks. S
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#7
snuffbox54

snuffbox54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, many thanks for helping me out.
I already use Secunia PSI, I use Google Chrome browser, and I use CC cleaner as well. Thanks for the rest of your advice about keeping safe.
:P
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You are welcome. :)
  • 0

#9
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP