Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot download/run anything 'XXX contains a virus' Please hel


  • This topic is locked This topic is locked

#1
cherrypie556

cherrypie556

    New Member

  • Member
  • Pip
  • 9 posts
Hi I am brand new to this site and a total novice with anything computer related. I am guessing one of my children have downloaded something they shouldn't have and now I can not download anything. I am using Windows Vista on IE and Mcafee security. I cannot run anything new either, so I am unable to run OTL as my computer says 'It contains a virus' I do have access to my laptop. Please can anyone offer any help

Many thanks
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello cherrypie556 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We will try to do first scan in Safe mode with networking. Please restart in safe mode with networking:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi thanks for your response. I restarted the P.C in safe mode with networking and attempted to install OTE but it still won't allow me to run/install anything. Same error message comes up 'it has a virus'

What now?

Victoria
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's use your notebook to download tools. Try to run all this steps in Safe mode with networking.

Step 1

We will need clean PC and USB memory to download and transfer tools to infected PC. First we need to disinfect your USB memory so you can transfer files and not get infected.

Do this on the clean computer:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 2

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 3

Try to run OTL scan now as I described before. and post logs for me.
  • 0

#5
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Im confused. I downloaded and installed the flash cleaner onto my notebook but it will not open at all. so I have just formatted my USB instead. The 'Killer' app, are you wanting me to install onto my infected P.C (as it won't as error 'of it contains a virus and has been deleted' pops up not enabling me to download or run anything!)or onto my notebook? (which I have done sucessfully) What am I putting on my USB??

Thanks
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Can you download TheKiller and OTL on clean PC on your USB. Then transfer these two tools on infected PC. First try to run TheKiller, it will try to disable infected processes, and after that try to run OTL scan as I described in my first post.

If you fail then please can you tell me what version of Windows is on infected PC (XP, 7 or 8) and is it 32 bit or 64 bit version? You can see that if you right click on My Computer and select Properties.

Let me know results.
  • 0

#7
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I can run both from USB however OTL is asking for a disc in the drive I assume to save the log files?

Edited- I have managaed to do it and added them below. I just realised I didn't do it whilst in safe mode though! Does that make a diff?

Thanks

Edited by cherrypie556, 25 May 2013 - 04:52 AM.

  • 0

#8
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 25/05/2013 11:16:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.20% Memory free
4.94 Gb Paging File | 3.65 Gb Available in Paging File | 73.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.57 Gb Total Space | 22.24 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive D: | 7.51 Gb Total Space | 0.71 Gb Free Space | 9.42% Space Free | Partition Type: NTFS
Drive G: | 1.89 Gb Total Space | 1.89 Gb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: DANNYBOY-PC | User Name: dannyboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/25 11:11:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013/05/25 11:10:14 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- G:\explorer.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 14:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/29 18:19:04 | 000,234,496 | ---- | M] () -- C:\Program Files\Total Video Converter\TVCShellExt.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/05/23 14:00:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/22 14:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 22:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/02/20 17:58:50 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2007/06/15 04:31:36 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/09/12 00:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/12 00:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 23:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 23:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 18:32:28 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 07:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 17:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HTCAND32)
DRV - [2012/09/20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/08/02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/05 22:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/12/25 15:24:59 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2007/07/10 01:35:38 | 002,769,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{BB3C68D1-FB84-4CC3-8631-7C9ED7E9326C}: "URL" = http://uk.search.yah...&type=ie7chrome
IE - HKLM\..\SearchScopes\{BB7854E1-56FE-4B1A-B856-75E279F5974C}: "URL" = http://uk.kelkoopart...tnerId=96913936

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
IE - HKCU\..\SearchScopes\{39B14892-AF88-4BEE-9F86-E1EB93BE69CD}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GPTB_en-GB
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://ws.infospace....w={searchTerms}
IE - HKCU\..\SearchScopes\{A8621024-6622-4C00-AEFB-FB9986A24D1F}: "URL" = http://search.myhpf....k={searchTerms}
IE - HKCU\..\SearchScopes\{BB3C68D1-FB84-4CC3-8631-7C9ED7E9326C}: "URL" = http://uk.search.yah...&type=ie7chrome
IE - HKCU\..\SearchScopes\{BB7854E1-56FE-4B1A-B856-75E279F5974C}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{E996C893-A041-4030-B7B1-A71F5ADE60B7}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\dannyboy\AppData\Local\Roblox\Versions\version-18c3ec3fed324b69\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/05/12 12:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/29 16:13:50 | 000,000,000 | ---D | M]

[2012/10/25 20:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dannyboy\AppData\Roaming\Mozilla\Firefox\extensions
[2012/10/25 20:13:57 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\dannyboy\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2010/05/09 18:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106225714.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\dannyboy\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\dannyboy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Tyufez] C:\Users\dannyboy\AppData\Roaming\Meyrp\watym.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103471 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E)" -"http://www.ancienteg.../act_main.html" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Farm%20Frenzy%202/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03799564-58F0-4378-BAD3-C74D6FA24C39}: DhcpNameServer = 82.132.254.2 82.132.254.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0471B105-212B-46A4-A0ED-F4E8972963E8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/27 19:33:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d8f9659-6b19-11de-b9be-001d60731b56}\Shell - "" = AutoRun
O33 - MountPoints2\{3d8f9659-6b19-11de-b9be-001d60731b56}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\{53baeb13-76c1-11df-8ab9-001d60731b56}\Shell\AutoRun\command - "" = F:\penDrive.exe
O33 - MountPoints2\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/25 11:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/05/24 17:15:02 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{26417D3E-EF72-4036-8BDB-CA96824306BF}
[2013/05/23 13:50:02 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Roaming\Uqatap
[2013/05/23 13:50:02 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Roaming\Meyrp
[2013/05/23 13:50:02 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Roaming\Cuvy
[2013/05/18 17:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/18 17:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/18 17:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/18 17:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/18 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/05/12 12:21:28 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Roaming\Skype
[2013/05/12 12:20:43 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/05/12 12:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/12 12:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/05/12 08:16:45 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{098BCAC0-A444-4670-9B5E-7D02E2B120D8}
[2013/05/11 20:16:04 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{8ED3B9B1-7871-43B3-AB1E-D2B57F031C58}
[2013/05/11 08:42:09 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{C2D34448-E661-468D-9625-E686DDE70FB3}
[2013/05/10 20:41:29 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{396BF4AD-B969-439F-BCAE-FEC9AE2DB05E}
[2013/05/10 08:40:55 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{9E8EE4E5-4B60-4504-BA97-A25AE115FD9D}
[2013/05/09 20:40:20 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{D0489794-E88D-483A-BEB4-D30B32D4832B}
[2013/05/09 08:39:46 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{F070F329-84A2-4ED5-87C2-06BB97611BBF}
[2013/05/08 20:39:08 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{C9C9953B-5EA5-423C-B070-9C2074D987A7}
[2013/05/08 08:38:30 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{B7988E78-6690-497F-900E-4A46DCA41ABA}
[2013/05/07 20:37:54 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{1D535740-926C-456D-BDAB-89849CF71331}
[2013/05/07 08:37:21 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{7A655C28-952E-4BE5-A0CF-B2FE29D6567F}
[2013/05/06 20:36:44 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{D0E87E80-69D8-4038-8CD2-76BA2C2AAD1B}
[2013/05/06 08:36:10 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{4FC5770D-206D-4B91-B6DB-99CACE6C903C}
[2013/05/05 20:35:35 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{31E84360-0571-43B0-9962-6B43B41EA41F}
[2013/05/05 08:35:01 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{90D3851E-C340-473F-9E1C-F70F00D201E7}
[2013/05/04 20:34:28 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{EB38AD92-A465-4944-A510-A7D3A4668F3E}
[2013/05/04 08:33:55 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{CD7486D1-F265-415E-B4ED-B0D7FD587C7D}
[2013/05/03 20:33:19 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{8085B048-45D9-41DA-BCBE-A911F1AC3E8C}
[2013/05/03 08:32:47 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{6E3186FC-7C9E-4C94-8EBF-E154370FA2D8}
[2013/05/02 20:32:15 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{B4BA527E-7B56-4B49-ADB1-A071E3A77D3E}
[2013/05/02 08:31:40 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{6F020992-66B9-4348-B0F5-74FA5FA707C8}
[2013/05/01 20:31:05 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{44361E58-590B-4F30-A8A6-0CB64BDE94F0}
[2013/05/01 08:30:32 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{2587C02D-B7FE-4C0F-B764-DA9A1DA13430}
[2013/04/30 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{5C079854-CDC8-44DE-AD98-A397C9393ACB}
[2013/04/30 08:29:27 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{73F77F68-02BB-469A-AEC8-BD3880F463ED}
[2013/04/29 20:28:53 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{CB2CEA53-0FEE-4995-8B22-711777D4A5C8}
[2013/04/29 08:28:21 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{E274C3F8-5AF2-4D1D-9275-3A4DF8CC4B6F}
[2013/04/28 20:27:48 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{9E5966CA-D2C4-48D1-9735-F6C93531DECD}
[2013/04/28 08:27:13 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{192D0F75-72EE-4365-8156-711EBB069623}
[2013/04/28 08:16:24 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\tools_v5.0
[2013/04/28 07:54:31 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\Documents\My Kindle Content
[2013/04/28 07:54:04 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\Amazon
[2013/04/28 07:52:54 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\DeDRM_Windows_Application
[2013/04/28 07:52:30 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\DeDRM_calibre_plugin
[2013/04/27 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{ABBEE34A-DB0B-4030-92C2-2DA39F56AB81}
[2013/04/27 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{CCEDEBC9-4198-45F0-97F2-3D5EFB02B473}
[2013/04/26 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{25AA5D62-1F6E-4CFE-93B1-30860712D80C}
[2013/04/26 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{C1D1053B-7B09-4B3D-AF14-BC36EBBECE55}
[2013/04/25 20:24:23 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{4C0557E7-525A-416A-8348-0F8DC5E03E60}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/25 11:16:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 11:16:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 11:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/25 10:30:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 09:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/24 17:30:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/24 17:17:28 | 000,648,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/24 17:17:28 | 000,124,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/24 15:51:47 | 002,468,600 | ---- | M] () -- C:\Users\dannyboy\Desktop\TechnicLauncher.exe
[2013/05/24 14:44:07 | 003,860,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/21 13:12:40 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/05/18 17:58:35 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/12 12:20:43 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/04 18:57:20 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/18 17:58:35 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/12 12:20:43 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/04/03 20:23:11 | 000,024,365 | ---- | C] () -- C:\Users\dannyboy\AppData\Roaming\UserTile.png
[2013/01/24 17:56:06 | 000,703,117 | ---- | C] () -- C:\Users\dannyboy\AppData\Roaming\technic-launcher.jar
[2012/12/25 09:09:22 | 000,000,581 | ---- | C] () -- C:\Users\dannyboy\AppData\Local\cookies.ini
[2012/10/29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/21 08:32:40 | 000,000,048 | ---- | C] () -- C:\Users\dannyboy\jagex_cl_runescape_LIVE1.dat
[2012/05/20 10:17:18 | 000,000,032 | ---- | C] () -- C:\Users\dannyboy\jagex_cl_runescape_LIVE.dat
[2012/01/21 12:23:03 | 001,145,927 | ---- | C] () -- C:\Users\dannyboy\schoolpic.pdf
[2011/04/22 15:17:12 | 000,159,453 | ---- | C] () -- C:\Users\dannyboy\Wiiscrubber140.rar
[2009/09/15 11:55:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/27 15:25:07 | 000,001,356 | ---- | C] () -- C:\Users\dannyboy\AppData\Local\d3d9caps.dat
[2008/04/07 14:18:42 | 000,000,632 | RHS- | C] () -- C:\Users\dannyboy\ntuser.pol
[2007/12/01 01:14:24 | 000,116,224 | ---- | C] () -- C:\Users\dannyboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/26 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\.minecraft
[2013/05/24 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\.technic
[2010/12/02 15:06:54 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\AlawarSouthpoint
[2013/04/14 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Auslogics
[2010/04/13 21:04:27 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/04/28 08:21:44 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\calibre
[2012/01/21 11:24:35 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Canon
[2013/05/25 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Cuvy
[2007/12/25 17:32:22 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Fisher-Price
[2011/05/23 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\FKRMonitor
[2011/01/22 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\GameInvest
[2010/12/02 14:38:35 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\HitPoint Studios
[2011/12/10 20:03:20 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\ImgBurn
[2008/03/29 20:50:35 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\LG Electronics
[2011/04/22 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\log
[2013/04/20 14:38:49 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\logs
[2009/08/27 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Meridian93
[2013/05/23 13:50:02 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Meyrp
[2010/05/08 10:10:03 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\muvee Technologies
[2010/09/26 15:54:38 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\NatGeoGames
[2009/09/09 21:56:00 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\NCH Swift Sound
[2010/05/25 20:22:10 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\OpenOffice.org
[2012/01/22 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\PeerNetworking
[2008/02/24 14:14:14 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\PictureTrail
[2010/01/17 18:40:49 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\PoBros
[2009/09/05 07:46:39 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Recordpad
[2012/12/06 12:36:15 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Samsung
[2008/01/13 15:07:20 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\ScanSoft
[2013/05/24 14:46:46 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Spotify
[2008/07/30 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Template
[2011/05/30 14:56:51 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\TOMI3
[2010/08/05 21:11:31 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\TomTom
[2013/05/23 13:50:02 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\Uqatap
[2013/05/24 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\uTorrent
[2010/08/12 22:30:58 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\VSTT Manager
[2008/01/25 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\WinBatch
[2011/03/17 00:22:31 | 000,000,000 | ---D | M] -- C:\Users\dannyboy\AppData\Roaming\{44D220C3-881F-47D5-9FC7-42EA3036000A}

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/29 16:53:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/29 16:53:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/19 08:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< dir C:\ /S /A:L /C >
Volume in drive C is COMPAQ
Volume Serial Number is AC1D-AE74
Directory of C:\
02/11/2006 14:02 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
02/11/2006 13:42 <SYMLINKD> en-US [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpClient.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
11/04/2009 07:27 <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
14 File(s) 4,344,192 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile
11/12/2011 12:56 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
11/12/2011 12:56 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
11/12/2011 12:56 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
11/12/2011 12:56 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
11/12/2011 12:56 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/12/2011 12:56 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/12/2011 12:56 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
11/12/2011 12:56 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
11/12/2011 12:56 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
11/12/2011 12:56 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
11/12/2011 12:56 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
11/12/2011 12:56 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
11/12/2011 12:56 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile\Documents
11/12/2011 12:56 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
11/12/2011 12:56 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
11/12/2011 12:56 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 14:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Leapfrog\LeapFrog Connect\Mnt\00010014000F07EF
26/12/2010 12:14 <JUNCTION> 0 [\??\Volume{da245030-0e6e-11e0-a810-001d60731b56}\]
26/12/2010 12:14 <JUNCTION> 1 [\??\Volume{da24503b-0e6e-11e0-a810-001d60731b56}\]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 14:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 14:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Leapfrog\LeapFrog Connect\Mnt\00010014000F07EF
26/12/2010 12:14 <JUNCTION> 0 [\??\Volume{da245030-0e6e-11e0-a810-001d60731b56}\]
26/12/2010 12:14 <JUNCTION> 1 [\??\Volume{da24503b-0e6e-11e0-a810-001d60731b56}\]
0 File(s) 0 bytes
Directory of C:\Users\dannyboy
29/11/2007 15:30 <JUNCTION> Application Data [C:\Users\dannyboy\AppData\Roaming]
29/11/2007 15:30 <JUNCTION> Cookies [C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows\Cookies]
29/11/2007 15:30 <JUNCTION> Local Settings [C:\Users\dannyboy\AppData\Local]
29/11/2007 15:30 <JUNCTION> My Documents [C:\Users\dannyboy\Documents]
29/11/2007 15:30 <JUNCTION> NetHood [C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/11/2007 15:30 <JUNCTION> PrintHood [C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/11/2007 15:30 <JUNCTION> Recent [C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows\Recent]
29/11/2007 15:30 <JUNCTION> SendTo [C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows\SendTo]
29/11/2007 15:30 <JUNCTION> Start Menu [C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows\Start Menu]
29/11/2007 15:30 <JUNCTION> Templates [C:\Users\dannyboy\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\dannyboy\AppData\Local
29/11/2007 15:30 <JUNCTION> Application Data [C:\Users\dannyboy\AppData\Local]
29/11/2007 15:30 <JUNCTION> History [C:\Users\dannyboy\AppData\Local\Microsoft\Windows\History]
29/11/2007 15:30 <JUNCTION> Temporary Internet Files [C:\Users\dannyboy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\dannyboy\AppData\LocalLow
13/05/2012 16:29 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\dannyboy\Documents
29/11/2007 15:30 <JUNCTION> My Music [C:\Users\dannyboy\Music]
29/11/2007 15:30 <JUNCTION> My Pictures [C:\Users\dannyboy\Pictures]
29/11/2007 15:30 <JUNCTION> My Videos [C:\Users\dannyboy\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 14:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 14:02 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 14:02 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 14:02 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 14:02 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 14:02 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 14:02 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 14:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 14:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\IUSR_NMPR
27/08/2007 19:22 <JUNCTION> Application Data [C:\Users\IUSR_NMPR\AppData\Roaming]
27/08/2007 19:22 <JUNCTION> Cookies [C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Cookies]
27/08/2007 19:22 <JUNCTION> Local Settings [C:\Users\IUSR_NMPR\AppData\Local]
27/08/2007 19:22 <JUNCTION> My Documents [C:\Users\IUSR_NMPR\Documents]
27/08/2007 19:22 <JUNCTION> NetHood [C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/08/2007 19:22 <JUNCTION> PrintHood [C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/08/2007 19:22 <JUNCTION> Recent [C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Recent]
27/08/2007 19:22 <JUNCTION> SendTo [C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\SendTo]
27/08/2007 19:22 <JUNCTION> Start Menu [C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Start Menu]
27/08/2007 19:22 <JUNCTION> Templates [C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\IUSR_NMPR\AppData\Local
27/08/2007 19:22 <JUNCTION> Application Data [C:\Users\IUSR_NMPR\AppData\Local]
27/08/2007 19:22 <JUNCTION> History [C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\History]
27/08/2007 19:22 <JUNCTION> Temporary Internet Files [C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\IUSR_NMPR\Documents
27/08/2007 19:22 <JUNCTION> My Music [C:\Users\IUSR_NMPR\Music]
27/08/2007 19:22 <JUNCTION> My Pictures [C:\Users\IUSR_NMPR\Pictures]
27/08/2007 19:22 <JUNCTION> My Videos [C:\Users\IUSR_NMPR\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 14:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
11/12/2011 12:56 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
11/12/2011 12:56 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
11/12/2011 12:56 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
11/12/2011 12:56 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
11/12/2011 12:56 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/12/2011 12:56 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/12/2011 12:56 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
11/12/2011 12:56 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
11/12/2011 12:56 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
11/12/2011 12:56 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
11/12/2011 12:56 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
11/12/2011 12:56 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
11/12/2011 12:56 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
11/12/2011 12:56 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
11/12/2011 12:56 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
11/12/2011 12:56 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
2 File(s) 149,616 bytes
Total Files Listed:
16 File(s) 4,493,808 bytes
104 Dir(s) 23,735,783,424 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:92EB0F35
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:E837C81C
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:705CCD22
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:015DC393
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4001342B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6E1F359F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6D6C4572
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:49B561E5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7838B9E0

< End of report >
  • 0

#9
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL Extras logfile created on: 25/05/2013 11:16:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.20% Memory free
4.94 Gb Paging File | 3.65 Gb Available in Paging File | 73.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.57 Gb Total Space | 22.24 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive D: | 7.51 Gb Total Space | 0.71 Gb Free Space | 9.42% Space Free | Partition Type: NTFS
Drive G: | 1.89 Gb Total Space | 1.89 Gb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: DANNYBOY-PC | User Name: dannyboy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FE2007-E645-1BB3-33CB-75204F47B1B8}" = ccc-utility
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07E4651B-B10D-B079-6A2D-A328E7F97DF8}" = CCC Help Hungarian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
"{0E3FD8AB-3DBA-E2B5-F207-51D4F2F03381}" = CCC Help English
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FAEE4E9-81DF-3B79-0B2B-D9E8D830E16D}" = CCC Help Thai
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{13771F48-69A8-714D-FDB0-EBBA0635A9D4}" = Catalyst Control Center Localization Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A736043-F483-D644-613B-C84D74B5F63A}" = CCC Help Spanish
"{1C36BADC-83D2-7EF2-0F05-513C87FDA1FA}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2161DD18-607D-83B5-2DC7-600EFDA46063}" = CCC Help German
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BD8C31B-F368-99CE-5F5C-A53B0BDD19B0}" = CCC Help Norwegian
"{2BDF9A0B-01C6-4BC3-4288-0BC0160E3ABD}" = CCC Help Czech
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{343F1CC7-F8BF-F564-AA4C-D34B77EEAA95}" = Catalyst Control Center Localization Portuguese
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36486D0E-2DBB-ADD3-1504-4772FA6B285A}" = CCC Help Japanese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4037C0EF-7196-F7A2-7BE4-D4D3ECDCE7D2}" = Catalyst Control Center Graphics Full Existing
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{49496543-1C10-BB99-A88D-54460649968D}" = Catalyst Control Center Graphics Light
"{496A8622-E4BF-D9E4-8507-28C86F0DFB37}" = Catalyst Control Center Core Implementation
"{49E7D0F0-BD9F-FAEC-11C4-9B4C22B6E828}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E94AC9F-F8D4-47E1-AF6E-6DB64B931412}" = Catalyst Control Center Localization Czech
"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51AD07A2-F7D5-E76E-3B8B-2CF123D82597}" = CCC Help French
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{581AF03B-4008-41AE-846C-21CACF9B48A9}" = calibre
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5A65BC34-5BDA-1455-4E05-AC41990527DE}" = ccc-core-static
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DC2E459-D485-ADB7-4FFC-F2A41D9BE686}" = Catalyst Control Center Localization Turkish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = Active@ UNDELETE
"{651AAC88-4728-E17A-9823-F630A315F9F9}" = Catalyst Control Center Graphics Previews Vista
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66FA1F4C-A83B-6759-068D-DF511CC00E28}" = CCC Help Danish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{729A36DE-DB17-6B4A-59DF-279DEE32ED15}" = CCC Help Finnish
"{74220C01-E5D6-63BD-1AC1-A58AB9721024}" = Skins
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A80850F-0D2B-2BD8-E083-BAACCB93630B}" = Catalyst Control Center Localization Korean
"{7E600536-DD6D-4556-025B-2DE2D52781C4}" = Catalyst Control Center Graphics Full New
"{806C85BF-25A8-CDC1-76CB-12365D7818C6}" = Catalyst Control Center Localization Spanish
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82841374-147F-DBBC-962C-C931119F9046}" = Catalyst Control Center Localization Japanese
"{8305D1B0-EA11-7E6E-D3CD-E20E85F92EC8}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{84DEF790-8E3E-FCFF-D0C9-FD4782561AE4}" = CCC Help Dutch
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7AAD00-5A06-F0F3-23C8-A2D220AE3903}" = CCC Help Swedish
"{8C31BF2A-AFB3-6018-F91B-66339FF8F37F}" = Catalyst Control Center Localization Thai
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3785C1-E967-12DF-CF94-1913D920C466}" = CCC Help Turkish
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9257E10D-54A7-D942-DBC0-DAB30E8ED34A}" = Catalyst Control Center Localization Greek
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{973C52C6-533B-1EC1-9738-0553446DFA7E}" = Catalyst Control Center Localization Polish
"{99E3CD2E-22C5-77F6-61F2-D14D6BCB7A23}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDE63FA-D807-2B59-748B-40C5CB523CD0}" = Catalyst Control Center Localization Chinese Standard
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A27D8FDB-6912-E419-A0B0-3C92D137CFDA}" = Catalyst Control Center Localization Finnish
"{A44ED15C-4398-7353-D4B2-9F7E9921FC91}" = Catalyst Control Center Graphics Previews Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92C9CFB-E16F-2387-00E3-63F67E3631AC}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AECEFE78-F109-0D11-AC80-116A0E36CC19}" = Catalyst Control Center Localization German
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BEE02DB1-ED44-BCF3-F560-E79861C30EE0}" = Catalyst Control Center Localization Norwegian
"{BFC3E1CF-D886-BFA5-AF9A-AB3E8D3B84B0}" = CCC Help Italian
"{C16F1E5A-96E8-160D-93FA-8962346108C2}" = Catalyst Control Center Localization Dutch
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner 2010
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C3DE93B9-BF12-DFB3-1320-49C2A1D50F71}" = CCC Help Portuguese
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF840AAD-CDE5-4E18-378B-32B0280D154B}" = CCC Help Russian
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0071C79-4B13-4F51-9D6F-6DD271F2ED86}" = KeyProwler Pro
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D67B3404-93AC-C8CC-EF85-11AD62C9BAEA}" = CCC Help Polish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6FB43A3-28EC-C6ED-D071-B62F547188A3}" = CCC Help Greek
"{E8DE1122-09F3-7A50-4813-6895B62F0B03}" = Catalyst Control Center Localization Hungarian
"{E91A5A51-4BFB-2B85-8BB8-1110625DDD91}" = CCC Help Korean
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8766327-4B94-6613-5CE6-F841AF2C7693}" = Catalyst Control Center Localization Chinese Traditional
"{F9A35214-6A0E-EE01-C17E-86EE33C53869}" = Catalyst Control Center Localization Swedish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ArtistScope Plugin IE 424.2.0.0" = ArtistScope Plugin IE 42
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Picasa 3" = Picasa 3
"RealPlayer 16.0" = RealPlayer
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VSO Inspector_is1" = VSO Inspector 2.1.0.6
"VTechDownloadManager" = Learning Lodge Navigator
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/05/2013 09:45:40 | Computer Name = dannyboy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/05/2013 09:45:40 | Computer Name = dannyboy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/05/2013 09:47:31 | Computer Name = dannyboy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 24/05/2013 09:47:31 | Computer Name = dannyboy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 24/05/2013 09:59:31 | Computer Name = dannyboy-PC | Source = Application Error | ID = 1000
Description = Faulting application BoostSpeed.exe, version 2.5.1.0, time stamp 0x50fa7015,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00066422, process id 0xecc, application start time
0x01ce5884b068dc17.

Error - 24/05/2013 10:03:39 | Computer Name = dannyboy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/05/2013 10:03:39 | Computer Name = dannyboy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/05/2013 11:35:12 | Computer Name = dannyboy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/05/2013 12:43:10 | Computer Name = dannyboy-PC | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 7.0.170.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: f70 Start Time: 01ce5893dad305c7 Termination Time: 931

Error - 24/05/2013 15:12:34 | Computer Name = dannyboy-PC | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 7.0.170.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 250c Start Time: 01ce58ab0ce1efb7 Termination Time: 799

Error - 24/05/2013 15:19:17 | Computer Name = dannyboy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/05/2013 15:27:38 | Computer Name = dannyboy-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 17/04/2008 03:02:42 | Computer Name = dannyboy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 27/05/2008 15:21:17 | Computer Name = dannyboy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 24/09/2009 11:06:14 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/10/2009 14:01:35 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/10/2009 18:50:20 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/10/2009 11:18:03 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/06/2010 05:44:03 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09/11/2010 04:17:48 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/02/2011 10:57:25 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/02/2011 07:46:30 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/02/2011 06:05:59 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/12/2011 06:06:20 | Computer Name = dannyboy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/05/2013 06:13:56 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 25/05/2013 06:13:56 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 25/05/2013 06:13:57 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 25/05/2013 06:14:02 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 25/05/2013 06:14:26 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 25/05/2013 06:14:39 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 25/05/2013 06:14:39 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 25/05/2013 06:14:43 | Computer Name = dannyboy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 25/05/2013 06:16:59 | Computer Name = dannyboy-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Epson Stylus C40 Series
(M) with shared resource name Epson Stylus C40 Series (M). Error 1753. The printer
cannot be used by others on the network.

Error - 25/05/2013 06:16:59 | Computer Name = dannyboy-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Canon MP610 series Printer
with shared resource name Canon MP610 series Printer. Error 1753. The printer cannot
be used by others on the network.


< End of report >
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cherrypie556,

You have latest infection and maybe we will need couple of courses to remove it from your system. Please bare with me.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

  • Click on the Start Posted Image button and in the search box, type Notepad and click on it
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtMon.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtPlug.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSigDwn.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSoftEx.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll"
    CD \
    DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
    START JunctionPoints.txt
    EXIT
    
    
  • Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
  • Locate fix.bat on your Desktop and right click then select Run as administrator

Post JunctionPoints.txt when finished.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{3d8f9659-6b19-11de-b9be-001d60731b56}\Shell - "" = AutoRun
    O33 - MountPoints2\{3d8f9659-6b19-11de-b9be-001d60731b56}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
    O33 - MountPoints2\{53baeb13-76c1-11df-8ab9-001d60731b56}\Shell\AutoRun\command - "" = F:\penDrive.exe
    O33 - MountPoints2\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
    [2013/05/23 13:50:02 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Roaming\Uqatap
    [2013/05/23 13:50:02 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Roaming\Meyrp
    [2013/05/23 13:50:02 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Roaming\Cuvy
    [2013/05/12 08:16:45 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{098BCAC0-A444-4670-9B5E-7D02E2B120D8}
    [2013/05/11 20:16:04 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{8ED3B9B1-7871-43B3-AB1E-D2B57F031C58}
    [2013/05/11 08:42:09 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{C2D34448-E661-468D-9625-E686DDE70FB3}
    [2013/05/10 20:41:29 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{396BF4AD-B969-439F-BCAE-FEC9AE2DB05E}
    [2013/05/10 08:40:55 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{9E8EE4E5-4B60-4504-BA97-A25AE115FD9D}
    [2013/05/09 20:40:20 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{D0489794-E88D-483A-BEB4-D30B32D4832B}
    [2013/05/09 08:39:46 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{F070F329-84A2-4ED5-87C2-06BB97611BBF}
    [2013/05/08 20:39:08 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{C9C9953B-5EA5-423C-B070-9C2074D987A7}
    [2013/05/08 08:38:30 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{B7988E78-6690-497F-900E-4A46DCA41ABA}
    [2013/05/07 20:37:54 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{1D535740-926C-456D-BDAB-89849CF71331}
    [2013/05/07 08:37:21 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{7A655C28-952E-4BE5-A0CF-B2FE29D6567F}
    [2013/05/06 20:36:44 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{D0E87E80-69D8-4038-8CD2-76BA2C2AAD1B}
    [2013/05/06 08:36:10 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{4FC5770D-206D-4B91-B6DB-99CACE6C903C}
    [2013/05/05 20:35:35 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{31E84360-0571-43B0-9962-6B43B41EA41F}
    [2013/05/05 08:35:01 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{90D3851E-C340-473F-9E1C-F70F00D201E7}
    [2013/05/04 20:34:28 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{EB38AD92-A465-4944-A510-A7D3A4668F3E}
    [2013/05/04 08:33:55 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{CD7486D1-F265-415E-B4ED-B0D7FD587C7D}
    [2013/05/03 20:33:19 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{8085B048-45D9-41DA-BCBE-A911F1AC3E8C}
    [2013/05/03 08:32:47 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{6E3186FC-7C9E-4C94-8EBF-E154370FA2D8}
    [2013/05/02 20:32:15 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{B4BA527E-7B56-4B49-ADB1-A071E3A77D3E}
    [2013/05/02 08:31:40 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{6F020992-66B9-4348-B0F5-74FA5FA707C8}
    [2013/05/01 20:31:05 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{44361E58-590B-4F30-A8A6-0CB64BDE94F0}
    [2013/05/01 08:30:32 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{2587C02D-B7FE-4C0F-B764-DA9A1DA13430}
    [2013/04/30 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{5C079854-CDC8-44DE-AD98-A397C9393ACB}
    [2013/04/30 08:29:27 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{73F77F68-02BB-469A-AEC8-BD3880F463ED}
    [2013/04/29 20:28:53 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{CB2CEA53-0FEE-4995-8B22-711777D4A5C8}
    [2013/04/29 08:28:21 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{E274C3F8-5AF2-4D1D-9275-3A4DF8CC4B6F}
    [2013/04/28 20:27:48 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{9E5966CA-D2C4-48D1-9735-F6C93531DECD}
    [2013/04/28 08:27:13 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{192D0F75-72EE-4365-8156-711EBB069623}
    [2013/04/27 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{ABBEE34A-DB0B-4030-92C2-2DA39F56AB81}
    [2013/04/27 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{CCEDEBC9-4198-45F0-97F2-3D5EFB02B473}
    [2013/04/26 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{25AA5D62-1F6E-4CFE-93B1-30860712D80C}
    [2013/04/26 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{C1D1053B-7B09-4B3D-AF14-BC36EBBECE55}
    [2013/04/25 20:24:23 | 000,000,000 | ---D | C] -- C:\Users\dannyboy\AppData\Local\{4C0557E7-525A-416A-8348-0F8DC5E03E60}

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 4

Please don't forget to include these items in your reply:

  • JunctionPoints.txt
  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#11
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Volume in drive C is COMPAQ
Volume Serial Number is AC1D-AE74

Directory of C:\

02/11/2006 14:02 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes

Directory of C:\ProgramData

02/11/2006 14:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\ProgramData\Leapfrog\LeapFrog Connect\Mnt\00010014000F07EF

26/12/2010 12:14 <JUNCTION> 0 [\??\Volume{da245030-0e6e-11e0-a810-001d60731b56}\]
26/12/2010 12:14 <JUNCTION> 1 [\??\Volume{da24503b-0e6e-11e0-a810-001d60731b56}\]
0 File(s) 0 bytes
  • 0

#12
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d8f9659-6b19-11de-b9be-001d60731b56}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d8f9659-6b19-11de-b9be-001d60731b56}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d8f9659-6b19-11de-b9be-001d60731b56}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d8f9659-6b19-11de-b9be-001d60731b56}\ not found.
File F:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53baeb13-76c1-11df-8ab9-001d60731b56}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53baeb13-76c1-11df-8ab9-001d60731b56}\ not found.
File F:\penDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4573dc1-ad5e-11df-867f-806e6f6e6963}\ not found.
File F:\Autorun.exe not found.
C:\Users\dannyboy\AppData\Roaming\Uqatap folder moved successfully.
C:\Users\dannyboy\AppData\Roaming\Meyrp folder moved successfully.
C:\Users\dannyboy\AppData\Roaming\Cuvy folder moved successfully.
C:\Users\dannyboy\AppData\Local\{098BCAC0-A444-4670-9B5E-7D02E2B120D8} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{8ED3B9B1-7871-43B3-AB1E-D2B57F031C58} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{C2D34448-E661-468D-9625-E686DDE70FB3} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{396BF4AD-B969-439F-BCAE-FEC9AE2DB05E} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{9E8EE4E5-4B60-4504-BA97-A25AE115FD9D} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{D0489794-E88D-483A-BEB4-D30B32D4832B} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{F070F329-84A2-4ED5-87C2-06BB97611BBF} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{C9C9953B-5EA5-423C-B070-9C2074D987A7} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{B7988E78-6690-497F-900E-4A46DCA41ABA} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{1D535740-926C-456D-BDAB-89849CF71331} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{7A655C28-952E-4BE5-A0CF-B2FE29D6567F} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{D0E87E80-69D8-4038-8CD2-76BA2C2AAD1B} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{4FC5770D-206D-4B91-B6DB-99CACE6C903C} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{31E84360-0571-43B0-9962-6B43B41EA41F} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{90D3851E-C340-473F-9E1C-F70F00D201E7} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{EB38AD92-A465-4944-A510-A7D3A4668F3E} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{CD7486D1-F265-415E-B4ED-B0D7FD587C7D} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{8085B048-45D9-41DA-BCBE-A911F1AC3E8C} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{6E3186FC-7C9E-4C94-8EBF-E154370FA2D8} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{B4BA527E-7B56-4B49-ADB1-A071E3A77D3E} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{6F020992-66B9-4348-B0F5-74FA5FA707C8} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{44361E58-590B-4F30-A8A6-0CB64BDE94F0} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{2587C02D-B7FE-4C0F-B764-DA9A1DA13430} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{5C079854-CDC8-44DE-AD98-A397C9393ACB} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{73F77F68-02BB-469A-AEC8-BD3880F463ED} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{CB2CEA53-0FEE-4995-8B22-711777D4A5C8} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{E274C3F8-5AF2-4D1D-9275-3A4DF8CC4B6F} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{9E5966CA-D2C4-48D1-9735-F6C93531DECD} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{192D0F75-72EE-4365-8156-711EBB069623} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{ABBEE34A-DB0B-4030-92C2-2DA39F56AB81} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{CCEDEBC9-4198-45F0-97F2-3D5EFB02B473} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{25AA5D62-1F6E-4CFE-93B1-30860712D80C} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{C1D1053B-7B09-4B3D-AF14-BC36EBBECE55} folder moved successfully.
C:\Users\dannyboy\AppData\Local\{4C0557E7-525A-416A-8348-0F8DC5E03E60} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05282013_112037
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi cherrypie556,

Please post Combofix log from Step 3 when you do the scan.
  • 0

#14
cherrypie556

cherrypie556

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry. I got sidetracked with the kids. It seems to have fixed itself. Hubby had a fiddle with sorting the P.C. and it will download and run again. Thanks for your help.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP