Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

email sending rouge [Closed]


  • This topic is locked This topic is locked

#31
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Will do. Everything was quiet. Also I was typing an email and the action circle started for no reason, blocking me from typing into a reply to the Federation of Small business a business club in the UK, then the whole thing dissapeared including the original email which I could not find anywhere not in deleted nor in drafts etc. just gone completely.
  • 0

Advertisements


#32
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
How do I zip and attach a file please?
  • 0

#33
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
upload it here and send me the link - http://www.2shared.com/



gringo
  • 0

#34
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OTL logfile created on: 16/11/2012 21:05:14 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allen\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 51.88% Memory free
5.93 Gb Paging File | 4.28 Gb Available in Paging File | 72.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.17 Gb Total Space | 92.38 Gb Free Space | 41.58% Space Free | Partition Type: NTFS
Drive D: | 10.71 Gb Total Space | 0.30 Gb Free Space | 2.77% Space Free | Partition Type: NTFS

Computer Name: MAW | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - [2012/11/05 19:44:00 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/10/29 18:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/29 14:51:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/07 10:07:12 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/07 10:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/08/20 17:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/03 15:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/08/01 15:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/08/01 15:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011/04/15 00:00:32 | 000,487,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/23 13:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/23 13:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/12/18 09:23:08 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK03N\STK03NM.exe
PRC - [2009/03/11 10:42:08 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/25 20:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 20:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 21:54:52 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/15 21:50:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/15 21:49:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 21:49:29 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/15 21:49:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 21:48:53 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 21:48:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/15 21:48:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/15 21:48:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 21:48:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 21:48:22 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 21:47:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/09/12 09:01:19 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/08/03 15:07:06 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/08/03 15:06:50 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/08/03 15:06:50 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/08/03 15:06:48 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/08/03 15:06:46 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/08/03 15:06:44 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/08/03 15:06:44 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/08/03 15:06:42 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/08/03 15:06:42 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/08/03 15:06:42 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/08/03 15:06:40 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/08/03 15:06:40 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/08/03 15:06:36 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/08/03 15:06:32 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/08/03 15:06:32 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/08/03 15:06:30 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/08/03 15:06:02 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/08/03 15:05:24 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/07/02 10:29:08 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/07/02 10:29:08 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/07/02 10:28:20 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/12/25 20:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/10/09 03:14:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/29 14:51:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/09/07 10:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/08/01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/25 08:16:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/22 12:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/06 11:39:03 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/03/23 13:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2009/12/16 19:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Disabled | Stopped] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/23 05:35:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 00:11:40 | 000,365,952 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G50YXJ4A\SASKUTIL.SYS -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Allen\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/05 20:17:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/10/23 15:04:37 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/12 09:01:18 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/09/07 10:07:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/09/07 10:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/09/07 10:07:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/06/27 14:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/03/23 13:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/02 02:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/04/07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/10/23 09:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/09/04 17:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005/12/12 15:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2002/10/15 21:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2FCDEA68-C93D-4574-8D4E-F82D4047CF26}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKLM\..\SearchScopes\{3261F093-8E2E-45AE-BD1B-3E7692EE7ECD}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{904AAD76-8328-4371-A595-70E6B3306F9F}: "URL" = http://uk.kelkoopart...tnerId=96913936

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\..\SearchScopes,DefaultScope = {B19576D9-043A-47F3-8FC0-5FF6496E3A73}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{B19576D9-043A-47F3-8FC0-5FF6496E3A73}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/04/24 01:25:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/24 01:25:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

O1 HOSTS File: ([2012/11/12 13:05:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files\SPEEDbit Video Downloader\TBU4E\tbcore3.dll ()
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SPEEDbit Video Downloader\TBU4E\Grabber.dll (SpeedBit)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SPEEDbit Video Downloader\TBU4E\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SPEEDbit Video Downloader\TBU4E\tbcore3.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk = C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect119.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68CB3DB8-82A9-45DF-8C40-AA343013625E}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3AE0439-2B72-4037-AE39-EBD4D9DCA0F3}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 180 Days ==========

[2012/11/15 21:22:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/15 21:06:36 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/15 21:06:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/11/15 21:03:38 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/11/15 21:03:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/11/15 21:03:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/11/15 21:02:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/15 21:02:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/15 21:02:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/15 21:02:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/15 21:02:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/15 21:02:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/15 21:02:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/15 21:02:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/15 08:07:48 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012/11/15 08:07:48 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/11/15 08:07:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/15 08:07:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/15 08:07:36 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/15 08:07:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012/11/15 08:07:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/11/12 13:10:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/12 13:10:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/05 20:17:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/02 23:05:51 | 000,000,000 | ---D | C] -- C:\Users\Allen\Desktop\RK_Quarantine
[2012/10/29 18:14:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2012/10/24 16:09:24 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/24 16:09:24 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/23 21:29:12 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\LavasoftStatistics
[2012/10/23 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Ad-Aware Antivirus
[2012/10/17 10:18:56 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Google
[2012/10/17 10:18:54 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\ImageZoom.org
[2012/10/17 10:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\ImageZoom.org
[2012/10/10 07:05:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 07:04:38 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/10/10 07:04:37 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/10/10 07:04:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 07:04:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 07:04:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 07:04:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 07:04:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 07:04:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 07:04:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 07:04:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 07:04:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 07:04:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 07:03:26 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/10 07:03:25 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/02 15:10:29 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Nokia
[2012/10/02 14:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/09/30 11:03:31 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Windows Live Writer
[2012/09/30 11:03:31 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Windows Live Writer
[2012/09/26 14:35:39 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\FreeFileViewer
[2012/09/26 12:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/09/26 12:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2012/09/26 12:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2012/09/26 06:44:11 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/25 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\SUPERSystemInspector
[2012/09/20 13:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/14 13:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/14 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/14 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/14 13:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/12 08:58:57 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Trusteer
[2012/09/12 08:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2012/09/12 08:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2012/09/12 08:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2012/09/12 07:02:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 07:02:57 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 07:02:57 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 07:02:56 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/07 18:42:29 | 000,000,000 | ---D | C] -- C:\Windows\en-gb
[2012/09/07 18:41:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/09/07 18:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/09/07 18:31:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012/09/07 18:31:54 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012/09/07 18:31:54 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012/09/07 18:31:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012/09/07 18:30:28 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012/09/07 10:07:30 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/09/06 13:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012/09/06 13:15:53 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012/09/06 13:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/09/06 13:09:41 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\CyberLink
[2012/09/06 13:09:40 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\PowerCinema
[2012/08/31 10:13:00 | 000,108,544 | ---- | C] (Syntek Ltd.) -- C:\Windows\System32\drivers\STK03NW2.sys
[2012/08/31 10:13:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STK03NP.ax
[2012/08/31 10:13:00 | 000,040,872 | ---- | C] (Syntek Ltd.) -- C:\Windows\System32\drivers\STK03NW1.sys
[2012/08/31 10:12:59 | 000,000,000 | ---D | C] -- C:\Windows\STK03N
[2012/08/26 15:31:50 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Skype
[2012/08/26 15:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/26 15:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/26 15:31:27 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/08/15 12:20:22 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/15 12:19:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/11 21:37:41 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/02 15:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
[2012/08/02 15:20:26 | 000,378,880 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpbrprtmon.dll
[2012/08/02 15:20:26 | 000,288,256 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpbprtmon.dll
[2012/08/02 15:20:26 | 000,152,576 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpbprtmonui.dll
[2012/08/02 15:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/08/02 15:16:49 | 000,000,000 | ---D | C] -- C:\HP_ePrint_Mobile
[2012/08/02 15:12:53 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppccompio.dll
[2012/08/02 15:12:52 | 000,299,008 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpcpn130.dll
[2012/08/02 15:12:52 | 000,189,952 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmml130.dll
[2012/08/02 15:12:52 | 000,151,040 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpm081.dll
[2012/08/02 15:12:52 | 000,128,512 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmtp130.dll
[2012/08/02 15:12:52 | 000,128,000 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmja130.dll
[2012/08/02 15:12:52 | 000,097,280 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpcjpm.dll
[2012/08/02 15:12:52 | 000,087,552 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpmlm121.dll
[2012/08/02 15:12:52 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\fxcompchannel.dll
[2012/08/02 15:12:52 | 000,056,320 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpw081.dll
[2012/08/02 15:12:52 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnque.dll
[2012/08/02 15:12:52 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnndps.dll
[2012/08/02 15:12:04 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2012/07/28 01:54:00 | 000,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012/07/26 18:08:06 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2012/07/26 18:08:06 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2012/07/26 18:08:06 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2012/07/26 18:08:06 | 000,153,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll
[2012/07/26 18:08:06 | 000,115,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll
[2012/07/21 14:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/21 14:21:43 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/19 13:12:15 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Windows Live
[2012/07/19 13:11:17 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{9673D40B-1000-4251-A502-BCF9FD59EDC7}
[2012/07/11 12:25:00 | 000,000,000 | R--D | C] -- C:\Users\Allen\Saved Games
[2012/07/11 09:52:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/11 07:10:12 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 07:09:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 07:09:39 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/06 02:01:03 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/07/05 12:15:34 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\NokiaAccount
[2012/07/05 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\PC Suite
[2012/07/01 16:35:31 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\PeerNetworking
[2012/06/25 12:40:23 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Nokia
[2012/06/22 12:44:26 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/06/21 10:04:50 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Hewlett-Packard
[2012/06/21 03:46:57 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 03:46:57 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 03:46:32 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 03:46:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 03:46:32 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 03:46:01 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 03:46:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 12:01:57 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Malwarebytes
[2012/06/18 12:01:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/18 12:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/18 12:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/17 21:01:06 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\NCH Software
[2012/06/16 18:33:44 | 000,000,000 | ---D | C] -- C:\Users\Allen\Documents\CyberLink
[2012/06/16 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Allen\Documents\ShadowEditFiles
[2012/06/15 14:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/15 14:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/14 06:01:48 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 06:01:48 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 06:01:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/08 10:56:27 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\CyberLink
[2012/06/06 19:59:42 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2012/05/31 12:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/31 08:46:07 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Virgin Media
[2012/05/31 08:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Virgin Media
[2012/05/31 08:20:15 | 000,000,000 | ---D | C] -- C:\Temp
[2012/05/24 13:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/05/20 23:29:32 | 000,106,400 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\HPUnifiedIODotNET.dll
[2012/05/20 23:29:18 | 000,189,856 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpbuiofax32.dll
[2012/05/20 23:29:12 | 000,430,496 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpbuiodm32.dll
[2012/05/20 23:29:06 | 000,934,304 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpbuio32.dll

========== Files - Modified Within 180 Days ==========

[2012/11/16 20:20:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 20:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 13:21:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/11/16 13:20:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/16 09:07:55 | 000,001,107 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/11/16 07:38:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/16 03:42:59 | 000,001,722 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
[2012/11/15 21:54:26 | 000,019,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 21:54:26 | 000,019,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 21:46:42 | 002,319,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 21:44:54 | 2390,114,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/15 21:27:31 | 000,621,422 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/15 21:27:31 | 000,108,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/15 12:50:31 | 000,086,897 | ---- | M] () -- C:\Users\Allen\Desktop\GAZ.jpg
[2012/11/15 12:37:09 | 000,245,874 | ---- | M] () -- C:\Users\Allen\Desktop\Plain White All 3 are wash and wear polyester cotton.jpg
[2012/11/15 12:35:47 | 000,621,337 | ---- | M] () -- C:\Users\Allen\Desktop\Woven Check.jpg
[2012/11/15 12:34:40 | 000,589,356 | ---- | M] () -- C:\Users\Allen\Desktop\Printed Check.jpg
[2012/11/15 10:17:40 | 001,023,488 | ---- | M] () -- C:\Users\Allen\Documents\SNU Leaflet 3.pub
[2012/11/14 17:28:05 | 000,041,474 | ---- | M] () -- C:\Users\Allen\Desktop\Curtains.jpg
[2012/11/13 15:35:33 | 000,033,280 | ---- | M] () -- C:\Users\Allen\Documents\Chefs wear Special.pub
[2012/11/13 14:15:48 | 000,013,966 | ---- | M] () -- C:\Users\Allen\Desktop\Outlook - Shortcut.lnk
[2012/11/12 13:05:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/09 21:24:26 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAllen.job
[2012/11/09 14:07:19 | 000,137,762 | ---- | M] () -- C:\Users\Allen\Desktop\ROBIN SUIT AND TIE.jpg
[2012/11/08 11:37:12 | 000,002,546 | ---- | M] () -- C:\Users\Allen\Documents\Helen Morcambe HH035a.lnk
[2012/11/08 11:15:22 | 009,857,536 | ---- | M] () -- C:\Users\Allen\Documents\Community textiles 2013.pub
[2012/11/08 11:14:57 | 009,857,536 | ---- | M] () -- C:\Users\Allen\Documents\Community textiles 2013 for Laser Printer.pub
[2012/11/08 05:22:18 | 000,110,684 | ---- | M] () -- C:\Users\Allen\Desktop\Moses.jpg
[2012/11/07 21:48:43 | 000,035,799 | ---- | M] () -- C:\Users\Allen\Desktop\BRUSH HEAD.jpg
[2012/11/07 21:40:26 | 000,034,549 | ---- | M] () -- C:\Users\Allen\Desktop\1 MONTH OLD SON.jpg
[2012/11/07 11:56:00 | 000,050,856 | ---- | M] () -- C:\Users\Allen\Documents\BSAC Membership confirmation
[2012/11/05 20:17:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/05 12:46:26 | 000,021,070 | ---- | M] () -- C:\Users\Allen\Desktop\comfortfit logo.png
[2012/11/03 22:47:27 | 000,001,266 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/03 11:31:30 | 000,001,096 | ---- | M] () -- C:\Users\Allen\Desktop\ComboFix - Shortcut.lnk
[2012/11/02 22:49:40 | 000,540,977 | ---- | M] () -- C:\Users\Allen\Desktop\adwcleaner from Geeks to go.exe
[2012/10/30 18:16:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/29 18:14:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2012/10/22 20:44:46 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 17:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/10/17 11:08:01 | 000,175,232 | ---- | M] () -- C:\Program Files\12res.dll
[2012/10/17 11:00:48 | 000,002,461 | ---- | M] () -- C:\Users\Allen\Desktop\My Movie.wlmp
[2012/10/09 17:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012/10/09 17:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/10/09 03:14:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 03:14:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/08 07:56:24 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/08 07:47:44 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/08 07:46:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/08 07:45:17 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/08 07:44:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/08 07:42:31 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/08 07:40:56 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/08 07:37:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/04 10:36:32 | 000,000,115 | ---- | M] () -- C:\Windows\wininit.ini
[2012/10/03 17:09:58 | 000,003,584 | ---- | M] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/03 16:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012/10/03 16:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/10/03 16:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/10/02 19:17:28 | 624,928,941 | ---- | M] () -- C:\Users\Allen\Desktop\Manvers Borough Bridge and Harlington.mp4
[2012/10/01 11:10:02 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/10/01 11:10:02 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/26 13:46:07 | 008,801,792 | ---- | M] () -- C:\Users\Allen\Documents\Community textiles 2012.pub
[2012/09/26 12:21:40 | 000,001,065 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2012/09/26 08:00:09 | 000,000,970 | ---- | M] () -- C:\Users\Allen\Desktop\outcmd.dat - Shortcut.lnk
[2012/09/25 22:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/09/25 20:08:25 | 000,001,306 | ---- | M] () -- C:\Users\Allen\Desktop\CSR00095708 - Shortcut.lnk
[2012/09/24 22:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/24 22:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/20 13:50:20 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/09/17 09:00:24 | 000,481,792 | ---- | M] () -- C:\Users\Allen\Desktop\BCU Front page.pub
[2012/09/14 18:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/14 13:51:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/13 15:35:18 | 000,045,568 | ---- | M] () -- C:\Users\Allen\Documents\COLLEDGE ROD NO PARKING.pub
[2012/09/13 13:28:52 | 000,079,872 | ---- | M] () -- C:\Users\Allen\Documents\Colledge road Parking Permit.pub
[2012/09/13 11:44:09 | 007,245,824 | ---- | M] () -- C:\Users\Allen\Documents\SNU Leaflet 2.pub
[2012/09/07 21:47:38 | 137,305,554 | ---- | M] () -- C:\Users\Allen\Documents\Dan.mp4
[2012/09/07 10:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/09/06 13:18:12 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/08/31 10:12:59 | 000,001,556 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK03N PNP Monitor.lnk
[2012/08/30 17:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/30 17:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/08/25 08:14:10 | 000,891,135 | ---- | M] () -- C:\Users\Allen\Desktop\VOLUNTEER FORM 2.jpg
[2012/08/25 08:12:31 | 000,736,675 | ---- | M] () -- C:\Users\Allen\Desktop\VOLUNTEER FORM.jpg
[2012/08/22 17:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/22 17:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/08/21 20:12:27 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/08/21 12:01:22 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/08/20 17:40:31 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/08/20 17:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/08/20 17:32:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/08/20 17:32:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/08/20 17:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/08/20 17:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/08/20 17:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/08/20 17:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/08/20 17:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/08/20 17:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/08/20 17:32:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/08/20 15:33:28 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/08/20 15:33:28 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/08/20 15:33:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/08/20 15:33:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/08/17 20:25:03 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/17 14:32:40 | 000,049,664 | ---- | M] () -- C:\Users\Allen\Documents\Trailor Cover.pub
[2012/08/13 21:57:25 | 007,203,328 | ---- | M] () -- C:\Users\Allen\Documents\SNU Leaflet.pub
[2012/08/03 17:40:05 | 000,113,336 | ---- | M] () -- C:\Users\Allen\Desktop\Vertical Canoe.jpg
[2012/08/03 11:46:00 | 113,573,407 | ---- | M] () -- C:\Users\Allen\Desktop\2012-08-03-021.mp4
[2012/08/02 16:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/08/02 15:43:34 | 000,339,142 | ---- | M] () -- C:\Users\Allen\Desktop\HP Printer Instructions.pdf
[2012/08/02 15:13:24 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2012/08/02 06:38:44 | 000,020,537 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2012/07/28 01:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012/07/27 09:10:07 | 000,378,985 | ---- | M] () -- C:\Users\Allen\Desktop\David letter from bank bounced cheque.jpg
[2012/07/26 18:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2012/07/26 18:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2012/07/26 18:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2012/07/26 18:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll
[2012/07/26 18:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll
[2012/07/26 16:04:12 | 000,041,602 | ---- | M] () -- C:\Users\Allen\Documents\Chefs Trousers.jpg
[2012/07/26 16:04:12 | 000,041,602 | ---- | M] () -- C:\Users\Allen\Desktop\Chefs Trousers.jpg
[2012/07/26 14:42:48 | 000,033,800 | ---- | M] () -- C:\Users\Allen\Desktop\Over trousers.jpg
[2012/07/26 03:39:21 | 000,047,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/07/26 03:26:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
[2012/07/26 03:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/07/26 03:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/07/26 03:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/07/26 02:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/07/15 21:09:26 | 000,057,856 | ---- | M] () -- C:\Users\Allen\Desktop\Anthony Mark, Weebly misses you!.msg
[2012/07/06 15:27:22 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/07/04 21:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/07/04 19:45:31 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/07/04 15:26:14 | 000,053,295 | ---- | M] () -- C:\Users\Allen\Desktop\Over Trouser Web.jpg
[2012/07/04 14:53:49 | 000,073,072 | ---- | M] () -- C:\Users\Allen\Documents\POS Rack.jpg
[2012/06/27 14:18:52 | 000,019,072 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012/06/25 14:07:29 | 000,001,280 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/25 12:53:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2012/06/22 12:39:12 | 000,026,906 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/06/22 12:37:33 | 000,158,585 | ---- | M] () -- C:\Users\Allen\Desktop\My Contacts.csv
[2012/06/21 10:20:10 | 000,024,826 | ---- | M] () -- C:\Users\Allen\Desktop\WEB Site Bespoke Soft Furnishings - Mexborough.htm
[2012/06/07 15:05:45 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/06 19:59:42 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2012/06/06 05:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/06/02 22:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 22:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 22:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 22:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 22:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 14:57:50 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/06/02 14:34:21 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/06/02 14:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 14:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/02 04:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/06/01 20:15:10 | 000,378,880 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\hpbrprtmon.dll
[2012/06/01 20:15:10 | 000,288,256 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\hpbprtmon.dll
[2012/06/01 20:10:46 | 000,152,576 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\hpbprtmonui.dll
[2012/05/31 12:48:14 | 000,442,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120531-134910.backup
[2012/05/31 12:47:41 | 000,442,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120531-134814.backup
[2012/05/31 12:47:06 | 000,442,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120531-134741.backup
[2012/05/31 11:25:14 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/05/25 13:04:03 | 000,142,690 | ---- | M] () -- C:\Users\Allen\Documents\Andy.jpg
[2012/05/24 08:04:27 | 000,004,096 | ---- | M] () -- C:\Users\Allen\AppData\Local\keyfile3.drm
[2012/05/20 23:29:32 | 000,106,400 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\HPUnifiedIODotNET.dll
[2012/05/20 23:29:18 | 000,189,856 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\hpbuiofax32.dll
[2012/05/20 23:29:12 | 000,430,496 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\hpbuiodm32.dll
[2012/05/20 23:29:06 | 000,934,304 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\hpbuio32.dll

========== Files Created - No Company Name ==========

[2012/11/15 21:06:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 21:03:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/15 12:50:28 | 000,086,897 | ---- | C] () -- C:\Users\Allen\Desktop\GAZ.jpg
[2012/11/15 12:37:05 | 000,245,874 | ---- | C] () -- C:\Users\Allen\Desktop\Plain White All 3 are wash and wear polyester cotton.jpg
[2012/11/15 12:35:42 | 000,621,337 | ---- | C] () -- C:\Users\Allen\Desktop\Woven Check.jpg
[2012/11/15 12:34:26 | 000,589,356 | ---- | C] () -- C:\Users\Allen\Desktop\Printed Check.jpg
[2012/11/15 09:36:04 | 001,023,488 | ---- | C] () -- C:\Users\Allen\Documents\SNU Leaflet 3.pub
[2012/11/14 17:28:05 | 000,041,474 | ---- | C] () -- C:\Users\Allen\Desktop\Curtains.jpg
[2012/11/13 15:35:33 | 000,033,280 | ---- | C] () -- C:\Users\Allen\Documents\Chefs wear Special.pub
[2012/11/13 14:15:48 | 000,013,966 | ---- | C] () -- C:\Users\Allen\Desktop\Outlook - Shortcut.lnk
[2012/11/09 14:07:15 | 000,137,762 | ---- | C] () -- C:\Users\Allen\Desktop\ROBIN SUIT AND TIE.jpg
[2012/11/08 11:37:12 | 000,002,546 | ---- | C] () -- C:\Users\Allen\Documents\Helen Morcambe HH035a.lnk
[2012/11/07 21:49:40 | 000,035,799 | ---- | C] () -- C:\Users\Allen\Desktop\BRUSH HEAD.jpg
[2012/11/07 21:41:58 | 000,034,549 | ---- | C] () -- C:\Users\Allen\Desktop\1 MONTH OLD SON.jpg
[2012/11/07 21:30:35 | 000,110,684 | ---- | C] () -- C:\Users\Allen\Desktop\Moses.jpg
[2012/11/07 11:56:00 | 000,050,856 | ---- | C] () -- C:\Users\Allen\Documents\BSAC Membership confirmation
[2012/11/05 12:46:26 | 000,021,070 | ---- | C] () -- C:\Users\Allen\Desktop\comfortfit logo.png
[2012/11/03 11:31:30 | 000,001,096 | ---- | C] () -- C:\Users\Allen\Desktop\ComboFix - Shortcut.lnk
[2012/11/02 22:49:40 | 000,540,977 | ---- | C] () -- C:\Users\Allen\Desktop\adwcleaner from Geeks to go.exe
[2012/10/29 14:24:19 | 009,857,536 | ---- | C] () -- C:\Users\Allen\Documents\Community textiles 2013 for Laser Printer.pub
[2012/10/25 15:07:35 | 009,857,536 | ---- | C] () -- C:\Users\Allen\Documents\Community textiles 2013.pub
[2012/10/17 11:12:50 | 000,175,232 | ---- | C] () -- C:\Program Files\12res.dll
[2012/10/04 10:36:32 | 000,000,115 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/03 17:09:58 | 000,003,584 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/02 18:46:31 | 624,928,941 | ---- | C] () -- C:\Users\Allen\Desktop\Manvers Borough Bridge and Harlington.mp4
[2012/09/30 10:57:10 | 137,305,554 | ---- | C] () -- C:\Users\Allen\Documents\Dan.mp4
[2012/09/26 12:21:59 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/09/26 12:21:40 | 000,001,065 | ---- | C] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2012/09/26 08:00:09 | 000,000,970 | ---- | C] () -- C:\Users\Allen\Desktop\outcmd.dat - Shortcut.lnk
[2012/09/25 20:08:25 | 000,001,306 | ---- | C] () -- C:\Users\Allen\Desktop\CSR00095708 - Shortcut.lnk
[2012/09/25 16:09:23 | 000,041,163 | ---- | C] () -- C:\Users\Allen\Documents\Tony.jpg
[2012/09/25 16:09:04 | 006,059,164 | ---- | C] () -- C:\Users\Allen\Documents\Robin 31 03 2012_5187.tiff
[2012/09/23 21:05:23 | 000,746,786 | ---- | C] () -- C:\Users\Allen\Documents\Alex.jpg
[2012/09/23 21:04:51 | 000,072,701 | ---- | C] () -- C:\Users\Allen\Documents\Tony UKIP.jpg
[2012/09/20 13:50:20 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/09/17 08:46:38 | 000,481,792 | ---- | C] () -- C:\Users\Allen\Desktop\BCU Front page.pub
[2012/09/14 13:51:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/13 13:07:56 | 000,045,568 | ---- | C] () -- C:\Users\Allen\Documents\COLLEDGE ROD NO PARKING.pub
[2012/09/13 13:00:48 | 000,079,872 | ---- | C] () -- C:\Users\Allen\Documents\Colledge road Parking Permit.pub
[2012/09/11 13:54:29 | 000,041,602 | ---- | C] () -- C:\Users\Allen\Documents\Chefs Trousers.jpg
[2012/09/11 13:25:24 | 000,142,690 | ---- | C] () -- C:\Users\Allen\Documents\Andy.jpg
[2012/09/09 20:01:57 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForAllen.job
[2012/09/07 22:01:26 | 000,002,461 | ---- | C] () -- C:\Users\Allen\Desktop\My Movie.wlmp
[2012/09/07 18:41:12 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/09/07 18:40:39 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/09/07 18:37:43 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/09/07 15:57:38 | 000,746,774 | ---- | C] () -- C:\Users\Allen\Documents\Desk Top.jpg
[2012/09/06 14:27:31 | 113,573,407 | ---- | C] () -- C:\Users\Allen\Desktop\2012-08-03-021.mp4
[2012/09/06 13:18:12 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/08/31 10:12:59 | 000,001,556 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK03N PNP Monitor.lnk
[2012/08/28 14:25:51 | 007,245,824 | ---- | C] () -- C:\Users\Allen\Documents\SNU Leaflet 2.pub
[2012/08/25 08:14:05 | 000,891,135 | ---- | C] () -- C:\Users\Allen\Desktop\VOLUNTEER FORM 2.jpg
[2012/08/25 08:12:27 | 000,736,675 | ---- | C] () -- C:\Users\Allen\Desktop\VOLUNTEER FORM.jpg
[2012/08/24 18:15:44 | 000,073,072 | ---- | C] () -- C:\Users\Allen\Documents\POS Rack.jpg
[2012/08/17 20:25:03 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/17 14:32:40 | 000,049,664 | ---- | C] () -- C:\Users\Allen\Documents\Trailor Cover.pub
[2012/08/13 10:19:12 | 007,203,328 | ---- | C] () -- C:\Users\Allen\Documents\SNU Leaflet.pub
[2012/08/03 17:40:02 | 000,113,336 | ---- | C] () -- C:\Users\Allen\Desktop\Vertical Canoe.jpg
[2012/08/02 15:43:34 | 000,339,142 | ---- | C] () -- C:\Users\Allen\Desktop\HP Printer Instructions.pdf
[2012/08/02 15:34:39 | 000,001,722 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
[2012/08/02 15:13:24 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/07/27 09:10:02 | 000,378,985 | ---- | C] () -- C:\Users\Allen\Desktop\David letter from bank bounced cheque.jpg
[2012/07/26 16:04:10 | 000,041,602 | ---- | C] () -- C:\Users\Allen\Desktop\Chefs Trousers.jpg
[2012/07/26 14:42:40 | 000,033,800 | ---- | C] () -- C:\Users\Allen\Desktop\Over trousers.jpg
[2012/07/15 21:09:26 | 000,057,856 | ---- | C] () -- C:\Users\Allen\Desktop\Anthony Mark, Weebly misses you!.msg
[2012/07/06 15:27:22 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/07/02 08:04:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 16:35:53 | 000,020,537 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2012/06/25 14:07:29 | 000,001,280 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/25 12:53:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2012/06/22 12:39:12 | 000,026,906 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/06/22 12:37:28 | 000,158,585 | ---- | C] () -- C:\Users\Allen\Desktop\My Contacts.csv
[2012/06/21 10:20:10 | 000,024,826 | ---- | C] () -- C:\Users\Allen\Desktop\WEB Site Bespoke Soft Furnishings - Mexborough.htm
[2012/06/21 07:43:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/15 14:20:40 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/31 12:42:29 | 000,001,266 | ---- | C] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/28 09:09:23 | 000,053,295 | ---- | C] () -- C:\Users\Allen\Desktop\Over Trouser Web.jpg
[2012/05/24 08:04:27 | 000,004,096 | ---- | C] () -- C:\Users\Allen\AppData\Local\keyfile3.drm
[2012/05/19 11:58:17 | 000,000,000 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\wklnhst.dat
[2012/05/07 09:33:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/05/07 09:33:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/05/07 09:33:25 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/05/07 09:33:25 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/05/07 09:33:25 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/05/07 09:33:25 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/05/07 09:33:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/05/07 09:33:25 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/05/07 09:33:25 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/05/07 09:33:25 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/05/07 09:33:25 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/05/07 09:33:25 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/05/07 09:33:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/04 17:03:44 | 000,001,523 | ---- | C] () -- C:\Users\Allen\Shared By Me.search-ms
[2012/05/04 17:03:44 | 000,000,930 | ---- | C] () -- C:\Users\Allen\Recently Changed.search-ms
[2012/05/04 17:03:44 | 000,000,754 | ---- | C] () -- C:\Users\Allen\Recent Pictures and Videos.search-ms
[2012/05/04 17:03:44 | 000,000,719 | ---- | C] () -- C:\Users\Allen\Recent Music.search-ms
[2012/05/04 17:03:43 | 000,001,185 | ---- | C] () -- C:\Users\Allen\Microsoft Office Outlook.searchconnector-ms
[2012/05/04 17:03:43 | 000,000,735 | ---- | C] () -- C:\Users\Allen\Recent E-mail.search-ms
[2012/05/04 17:03:43 | 000,000,723 | ---- | C] () -- C:\Users\Allen\Recent Documents.search-ms
[2012/04/25 10:20:32 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2012/04/25 10:20:32 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2012/04/25 10:20:32 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2012/04/25 10:02:41 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/04/25 10:02:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/04/25 10:02:40 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/04/25 09:44:22 | 000,000,027 | ---- | C] () -- C:\Windows\CDE RX620EI.ini
[2012/04/24 02:42:28 | 000,022,508 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/04/24 01:03:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/22 09:51:14 | 000,000,320 | ---- | C] () -- C:\Windows\reimage.ini
[2011/09/16 08:02:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/16 08:02:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/16 08:02:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/16 08:02:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/07/25 07:58:40 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/03/25 19:16:20 | 000,000,092 | ---- | C] () -- C:\Windows\SAGE.INI
[2011/01/03 16:58:40 | 000,072,704 | ---- | C] () -- C:\Windows\System32\XMain32A.dll
[2011/01/03 16:58:39 | 000,397,312 | ---- | C] () -- C:\Windows\System32\Snbd6w95.dll
[2011/01/03 16:58:24 | 000,000,309 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/11 21:28:59 | 000,000,174 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/12/11 21:26:25 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 836 bytes -> C:\Users\Allen\Documents\Re_ PRIVATE and PERSONAL.eml:OECustomProperty
@Alternate Data Stream - 836 bytes -> C:\Users\Allen\Documents\Re_ PRIVATE and PERSONAL 2.eml:OECustomProperty
@Alternate Data Stream - 2812 bytes -> C:\Users\Allen\Documents\Up date.eml:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\čś:@špctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Š÷:@Xpctlsp.log
@Alternate Data Stream - 1088 bytes -> C:\Users\Allen\Documents\SCOUTS.eml:OECustomProperty

< End of report >
  • 0

#35
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
    @Alternate Data Stream - 836 bytes -> C:\Users\Allen\Documents\Re_ PRIVATE and PERSONAL.eml:OECustomProperty
    @Alternate Data Stream - 836 bytes -> C:\Users\Allen\Documents\Re_ PRIVATE and PERSONAL 2.eml:OECustomProperty
    @Alternate Data Stream - 2812 bytes -> C:\Users\Allen\Documents\Up date.eml:OECustomProperty
    @Alternate Data Stream - 142 bytes -> C:\Windows\System32\čś:@špctlsp.log
    @Alternate Data Stream - 142 bytes -> C:\Windows\System32\Š÷:@Xpctlsp.log
    @Alternate Data Stream - 1088 bytes -> C:\Users\Allen\Documents\SCOUTS.eml:OECustomProperty  
    [2012/11/16 09:07:55 | 000,001,107 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/10/17 11:08:01 | 000,175,232 | ---- | M] () -- C:\Program Files\12res.dll
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#36
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#37
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {FD0EBBED-0C42-4D0F-82DA-44399B5C420A}
C:\Windows\Downloaded Program Files\tb_download.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
ADS C:\Users\Allen\Documents\Re_ PRIVATE and PERSONAL.eml:OECustomProperty deleted successfully.
ADS C:\Users\Allen\Documents\Re_ PRIVATE and PERSONAL 2.eml:OECustomProperty deleted successfully.
ADS C:\Users\Allen\Documents\Up date.eml:OECustomProperty deleted successfully.
ADS C:\Windows\System32\čś:@špctlsp.log deleted successfully.
ADS C:\Windows\System32\Š÷:@Xpctlsp.log deleted successfully.
ADS C:\Users\Allen\Documents\SCOUTS.eml:OECustomProperty deleted successfully.
C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk moved successfully.
C:\Program Files\12res.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Allen\Desktop\cmd.bat deleted successfully.
C:\Users\Allen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Allen
->Java cache emptied: 594968 bytes

User: Default

User: Default User

User: Public

User: Tony
->Java cache emptied: 5325979 bytes

User: Trousers
->Java cache emptied: 30351818 bytes

Total Java Files Cleaned = 35.00 mb


[EMPTYFLASH]

User: All Users

User: Allen
->Flash cache emptied: 59417 bytes

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tony
->Flash cache emptied: 57039 bytes

User: Trousers
->Flash cache emptied: 470 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11192012_085710
  • 0

#38
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#39
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 9.20
Accounts
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.5.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Client Settings Tool
Connect
D3DX10
Data Access Objects (DAO) 3.5
Driver Manager
EPSON Copy Utility 3
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
EPSON PhotoQuicker3.5
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESPRX620 Series Reference Guide
ESU for Microsoft Vista
Express Burn Disc Burning Software
Free File Viewer 2012
Free YouTube Downloader 3.5.126
Generations® Starter Kit 8.0
Google Update Helper
HiJackThis
HP Common Access Service Library
HP Customer Experience Enhancements
HP ePrint
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Postscript Converter
HP Print View Software
HP Product Detection
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Unified IO
HP Update
HP User Guides 0126
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
ImageZoom.org
iTunes
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 7
JavaFX 2.1.1
JMicron JMB38X Flash Media Controller Driver
Junk Mail filter update
kuler
LabelPrint
LightScribe Applications
LightScribe System Software
LightScribe Template Designs - Nature Pack 1
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C Runtime
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Microsoft Works 6-9 Converter
Microsoft_VC100_CRT_SP1_x86
Movie Maker
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT110
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
muvee Reveal
My HP Games
MyHeritage Family Tree Builder
NCH Tone Generator
Nokia Connectivity Cable Driver
Nokia Suite
Norton Internet Security
OBD II Scan Tool
OGA Notifier 2.0.0048.0
PC Connectivity Solution
PDF Settings CS4
Photo Common
Photo Gallery
Photoshop Camera Raw
PL-2303 USB-to-Serial
Power2Go
PowerDirector
PreReq
ProtectSmart Hard Drive Protection
QuickTime
Rapport
Realtek 8169 8168 8101E 8102E Ethernet Driver
Sage 50 Accounts 2011
Sage Report Designer Service Pack
ScanToWeb
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skins
Skype Click to Call
Skype™ 5.10
Sony USB Driver
SpeedBit Video Downloader
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
STK03N
Suite Shared Configuration CS4
SUPERAntiSpyware
SupportSoft Assisted Service
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.0.1
WavePad Sound Editor
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
WinRAR 4.11 (32-bit)
Yahoo! Detect
  • 0

#40
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
extra combofix report The link will not connect had a look on combofix but cannot find an exact match Gringo.
  • 0

Advertisements


#41
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.2
Java™ 6 Update 7
JavaFX 2.1.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#42
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#43
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I am receiving duplicate emails all the time the check box in my email accounts is not checked so I should not be getting duplicate emails every time, also there is 2 Microsoft isualc + + in programms and features ? Will complete what you have asked soo, I am on with it.
  • 0

#44
uktrousers

uktrousers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello there,

I still have ; 1 of Java 7 update as well as Java 9 update + 2 **Protect Smart Hard Drive, should I romove these too or one of the **PSHD

Tony, By the way thanks for all your time your spending, Gringo :) It is appreciated.
  • 0

#45
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
the Java 7u9 is fine and as far as the others I would leave them alone



gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP