1
Tech Clinic / MBAM detected a problem
« on: February 02, 2014, 05:50:50 AM »Well its been a couple of days and nothing untoward - feel free to close this.
Tanks again for the help
Allan
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / MBAM detected a problem
« on: January 30, 2014, 03:17:42 AM »well - seems OK
No unexpected slowdows or popups
Thanks for the help
Allan
3
Tech Clinic / MBAM detected a problem
« on: January 26, 2014, 05:24:45 PM »Sorry - Run Fix log as requested
Allan
User: Public
Total Java Files Cleaned = 5.00 mb
[EMPTYTEMP]
User: All Users
User: allans
->Temp folder emptied: 35143816 bytes
->Temporary Internet Files folder emptied: 355155174 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23773971 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\\System32 .tmp files removed: 0 bytes
%systemroot%\\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\\System32\\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 321833 bytes
%systemroot%\\sysnative\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files folder emptied: 78307 bytes
RecycleBin emptied: 185344157 bytes
Total Files Cleaned = 572.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01262014_222147
Files\\Folders moved on Reboot...
C:\\Users\\allans\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt moved successfully.
File\\Folder C:\\Users\\allans\\AppData\\Local\\Temp\\IntResource.dll not found!
C:\\Users\\allans\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
4
Tech Clinic / MBAM detected a problem
« on: January 26, 2014, 05:11:48 AM »Is this significant?
\"
Activation context generation failed for \"C:\\Program Files\\WinZip\\adxloader.dll.Manifest\".Error in manifest or policy file \"C:\\Program Files\\WinZip\\adxloader.dll.Manifest\" on line 2. The manifest file root element must be assembly.
\"
in the application event log
Allan
5
Tech Clinic / MBAM detected a problem
« on: January 26, 2014, 04:56:46 AM »Thanks - scan log below.
NVIDIA driver has auto-updated in the interim.
I will get back with an update on performance in a comple of days when I see if this has had any effect
Allan
OTL logfile created on: 26/01/2014 09:50:10 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.26% Memory free
8.00 Gb Paging File | 6.32 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 23.76 Gb Free Space | 30.42% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS
Drive E: | 105.47 Gb Total Space | 28.81 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS
Drive T: | 78.13 Gb Total Space | 48.28 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
PRC - [2013/12/24 09:18:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe
PRC - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe
PRC - [2013/12/19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe
PRC - [2013/12/10 02:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe
PRC - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe
PRC - [2013/12/05 10:07:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\GoogleCrashHandler.exe
PRC - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe
PRC - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe
PRC - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe
PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe
PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/23 13:33:16 | 019,336,120 | ---- | M] () -- C:\\Program Files\\Alwil Software\\Avast5\\libcef.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\plugins\\imageformats\\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtCore4.dll
MOD - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/12/10 02:20:28 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/22 16:26:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/08 17:52:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe -- (Polar Daemon)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe -- (NAUpdate)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/12/24 09:18:23 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/05 08:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/10/23 13:33:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/23 13:33:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/04 09:43:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/03/04 09:43:31 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\tdrpm251.sys -- (tdrpman251)
DRV:64bit: - [2013/03/04 09:43:29 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\timntr.sys -- (timounter)
DRV:64bit: - [2013/03/04 09:43:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\snapman.sys -- (snapman)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\e1e6232e.sys -- (e1express)
DRV:64bit: - [2008/04/30 09:32:27 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
IE - HKLM\\..\\SearchScopes,DefaultScope =
IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\\.DEFAULT\\..\\SearchScopes,DefaultScope =
IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKU\\S-1-5-18\\..\\SearchScopes,DefaultScope =
IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKU\\S-1-5-19\\..\\SearchScopes,DefaultScope =
IE - HKU\\S-1-5-20\\..\\SearchScopes,DefaultScope =
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp\'>http://uk.msn.com/?ocid=iehp
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes,DefaultScope = {9A86E642-C27A-47E6-B502-BEF8FD7DECAE}
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes\\{9A86E642-C27A-47E6-B502-BEF8FD7DECAE}: \"URL\" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: \"Google\"
FF - prefs.js..browser.search.defaultenginename: \"Yahoo!\"
FF - prefs.js..browser.search.selectedEngine: \"Yahoo!\"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: \"http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\"
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: \"http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p\'>http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=\"
FF - user.js - File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_12_0_0_43.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@Nero.com/KM: C:\\PROGRA~2\\COMMON~1\\Nero\\BROWSE~1\\NPBROW~1.DLL (Nero AG)
FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Alwil Software\\Avast5\\WebRep\\FF [2013/12/24 09:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]
[2013/03/03 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Extensions
[2013/12/05 13:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions
[2013/12/05 13:25:48 | 000,010,433 | ---- | M] () (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions\\[email protected]
[2013/09/24 07:16:07 | 000,000,911 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\yahoo_ff.xml
[2014/01/08 17:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions
[2014/01/08 17:52:20 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/28 15:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command=%7BsearchTerms\'>http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch
CHR - plugin: Winamp Application Detector (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\
CHR - Extension: Google Drive = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\
CHR - Extension: YouTube = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\
CHR - Extension: Google Search = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\
CHR - Extension: Google Wallet = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.5.0_0\\
CHR - Extension: Gmail = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\\Run: [Acronis Scheduler2 Service] C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\\Run: [IntelliPoint] C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\\Run: [itype] C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\\Run: [NvBackend] C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\\Run: [ShadowPlay] C:\\Windows\\SysNative\\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\\Run: [avast5] C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe (AVAST Software)
O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe (AVAST Software)
O4 - HKLM..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe ()
O4 - HKLM..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe (Acronis)
O4 - HKU\\S-1-5-19..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)
O4 - HKU\\S-1-5-20..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)
O4 - HKU\\S-1-5-19..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found
O4 - HKU\\S-1-5-20..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLinkedConnections = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{F4C083AD-AE62-4150-B954-D5D7D0D6D7BC}: DhcpNameServer = 192.168.169.1
O18:64bit: - Protocol\\Handler\\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*
O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*
O35 - HKLM\\..comfile [open] -- \"%1\" %*
O35 - HKLM\\..exefile [open] -- \"%1\" %*
O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/25 08:25:44 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Local\\NVIDIA Corporation
[2014/01/25 08:25:23 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3dx11_43.dll
[2014/01/25 08:25:22 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3dx10_43.dll
[2014/01/25 08:25:21 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\D3DX9_43.dll
[2014/01/25 08:24:55 | 001,100,248 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvspcap64.dll
[2014/01/25 08:24:55 | 000,982,232 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvspcap.dll
[2014/01/25 08:24:29 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Local\\NVIDIA
[2014/01/25 08:24:20 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\AGEIA Technologies
[2014/01/25 08:21:39 | 030,372,640 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvoglv64.dll
[2014/01/25 08:21:39 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcompiler.dll
[2014/01/25 08:21:39 | 022,960,416 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvoglv32.dll
[2014/01/25 08:21:39 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcompiler.dll
[2014/01/25 08:21:39 | 015,877,216 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvwgf2um.dll
[2014/01/25 08:21:39 | 015,230,352 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvd3dum.dll
[2014/01/25 08:21:39 | 011,605,752 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcuda.dll
[2014/01/25 08:21:39 | 011,554,264 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvopencl.dll
[2014/01/25 08:21:39 | 009,700,224 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcuda.dll
[2014/01/25 08:21:39 | 009,657,464 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvopencl.dll
[2014/01/25 08:21:39 | 003,132,704 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcuvid.dll
[2014/01/25 08:21:39 | 003,125,024 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcuvenc.dll
[2014/01/25 08:21:39 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcuvid.dll
[2014/01/25 08:21:39 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcuvenc.dll
[2014/01/25 08:21:39 | 002,698,272 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvapi.dll
[2014/01/25 08:21:39 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvdispco6433221.dll
[2014/01/25 08:21:39 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvdispgenco6433221.dll
[2014/01/25 08:21:39 | 000,882,464 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\NvIFR64.dll
[2014/01/25 08:21:39 | 000,879,392 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\NvFBC64.dll
[2014/01/25 08:21:39 | 000,852,768 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\NvIFR.dll
[2014/01/25 08:21:39 | 000,847,648 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\NvFBC.dll
[2014/01/25 08:21:39 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\drivers\\nvvad64v.sys
[2014/01/25 08:21:39 | 000,035,104 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvaudcap64v.dll
[2014/01/25 08:21:39 | 000,032,544 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvaudcap32v.dll
[2014/01/25 08:20:46 | 000,000,000 | ---D | C] -- C:\\NVIDIA
[2014/01/18 14:34:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe
[2014/01/18 14:34:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe
[2014/01/18 14:34:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe
[2014/01/18 14:34:51 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll
[2014/01/17 10:27:33 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT
[2014/01/17 10:12:34 | 000,000,000 | ---D | C] -- C:\\AdwCleaner
[2014/01/17 10:11:02 | 001,037,068 | ---- | C] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe
[2014/01/15 14:57:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
[2014/01/15 14:53:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys
[2014/01/15 14:53:11 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys
[2014/01/15 14:53:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys
[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\VC
[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Documents\\TEncoder
[2014/01/14 08:09:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TEncoder Video Converter
[2014/01/14 08:09:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\TEncoder Video Converter
[2014/01/10 13:44:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe
[2014/01/08 17:52:12 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox
[2014/01/07 18:36:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Sun
[2014/01/07 18:36:16 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java
[2014/01/07 18:29:43 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java
[2014/01/07 18:29:32 | 000,000,000 | ---D | C] -- C:\\Program Files\\Java
[2014/01/07 11:49:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\DigitalSites
[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\VideoConverter
[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Video Converter
[2013/12/29 18:53:52 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10131218
========== Files - Modified Within 30 Days ==========
[2014/01/26 09:53:16 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/26 09:53:16 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/26 09:45:57 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job
[2014/01/26 09:45:47 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat
[2014/01/26 09:45:30 | 3220,676,608 | -HS- | M] () -- C:\\hiberfil.sys
[2014/01/25 20:14:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job
[2014/01/25 20:12:09 | 000,000,898 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job
[2014/01/22 16:26:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe
[2014/01/22 16:26:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl
[2014/01/20 19:11:37 | 000,006,935 | ---- | M] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx
[2014/01/17 19:57:59 | 000,786,598 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI
[2014/01/17 19:57:59 | 000,669,594 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat
[2014/01/17 19:57:59 | 000,127,210 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat
[2014/01/17 10:46:54 | 000,791,348 | ---- | M] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI
[2014/01/17 10:11:02 | 001,037,068 | ---- | M] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe
[2014/01/17 10:10:07 | 001,236,282 | ---- | M] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe
[2014/01/17 02:14:55 | 000,002,194 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Chrome.lnk
[2014/01/15 15:00:00 | 000,434,032 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT
[2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
[2014/01/14 08:09:23 | 000,001,130 | ---- | M] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk
[2014/01/10 13:44:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe
[2014/01/08 17:54:38 | 000,000,833 | ---- | M] () -- C:\\Users\\Public\\Desktop\\CCleaner.lnk
[2014/01/07 12:05:05 | 000,004,608 | ---- | M] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/07 11:49:55 | 000,001,116 | ---- | M] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk
[2014/01/07 11:49:55 | 000,001,092 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk
========== Files Created - No Company Name ==========
[2014/01/20 19:11:37 | 000,006,935 | ---- | C] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx
[2014/01/17 10:10:07 | 001,236,282 | ---- | C] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe
[2014/01/14 08:09:23 | 000,001,130 | ---- | C] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk
[2014/01/07 12:04:33 | 000,004,608 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/07 11:49:55 | 000,001,116 | ---- | C] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk
[2014/01/07 11:49:55 | 000,001,092 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk
[2013/12/06 11:18:08 | 000,008,123 | ---- | C] () -- C:\\Users\\allans\\saga_gui.ini
[2013/09/24 07:29:08 | 000,004,362 | ---- | C] () -- C:\\Windows\\cdplayer.ini
[2013/09/24 07:14:36 | 000,001,534 | ---- | C] () -- C:\\ProgramData\\ss.ini
[2013/05/23 18:43:39 | 000,007,671 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\Resmon.ResmonCfg
[2013/03/21 10:04:30 | 000,000,600 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\PUTTY.RND
[2013/03/05 09:50:43 | 000,012,942 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).CAL
[2013/03/05 09:49:35 | 000,038,410 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).ADR
[2013/03/03 18:25:14 | 000,791,348 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64
[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64
[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]
\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Both
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]
========== Custom Scans ==========
< :OTL >
< FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8 >
< FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0:Files >
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
< :Commands >
< [EmptyFlash] >
< [EmptyJava] >
< [EmptyTemp] >
< [Reboot] >
< End of report >
6
Tech Clinic / MBAM detected a problem
« on: January 25, 2014, 03:00:00 AM »Whole computer slows down, random times. I use the computer heavily - maybe 5 or 6 hours per day Mon-Fri and notice it maybe once or twice per day. Similar with IE error messages, which don\'t appear to relate to a specific website. I have had this problem before and thought it due to an \'add-on\', but pretty much all add-ons are now disabled or where practicable removed.
When I have noticed a slowdown whilst using IE I have immediately switched to http://www.speedtest.net/\'>http://www.speedtest.net/ and it has still tested at full line speed as per my contract - so I don\'t think it is broadband service related.
Chrome/Moz use is rare - only if I have to use specific sites which have issues with IE, or for testing web page designs.
I had only one error during use on Friday and no slowdows.
Allan
7
Tech Clinic / MBAM detected a problem
« on: January 21, 2014, 06:12:06 AM »Thanks for the help. I have had chance to use the system a bit over the weekend and it seems improved, no pop-ups. Still has occasional unexpected slow down and occasionally IE reports \'a problem has occurred which has caused IE to stop working, or words to that effect.
Ran OTL as requested - no sign of \'extras\' - log is below.
Allan
OTL logfile created on: 21/01/2014 10:59:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 72.55% Memory free
8.00 Gb Paging File | 6.83 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 24.21 Gb Free Space | 30.99% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS
Drive E: | 105.47 Gb Total Space | 28.81 Gb Free Space | 27.32% Space Free | Partition Type: NTFS
Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 0.52 Gb Free Space | 27.84% Space Free | Partition Type: FAT
Drive T: | 78.13 Gb Total Space | 50.53 Gb Free Space | 64.68% Space Free | Partition Type: NTFS
Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
PRC - [2013/12/24 09:18:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe
PRC - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe
PRC - [2013/12/05 10:07:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\GoogleCrashHandler.exe
PRC - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe
PRC - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe
PRC - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe
PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe
PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/23 13:33:16 | 019,336,120 | ---- | M] () -- C:\\Program Files\\Alwil Software\\Avast5\\libcef.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\plugins\\imageformats\\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtCore4.dll
MOD - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/08 17:52:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/17 19:31:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/02/10 03:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe -- (Polar Daemon)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe -- (NAUpdate)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/12/24 09:18:23 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/23 13:33:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/23 13:33:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/04 09:43:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/03/04 09:43:31 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\tdrpm251.sys -- (tdrpman251)
DRV:64bit: - [2013/03/04 09:43:29 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\timntr.sys -- (timounter)
DRV:64bit: - [2013/03/04 09:43:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\snapman.sys -- (snapman)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\e1e6232e.sys -- (e1express)
DRV:64bit: - [2008/04/30 09:32:27 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
IE - HKLM\\..\\SearchScopes,DefaultScope =
IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\\.DEFAULT\\..\\SearchScopes,DefaultScope =
IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKU\\S-1-5-18\\..\\SearchScopes,DefaultScope =
IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKU\\S-1-5-19\\..\\SearchScopes,DefaultScope =
IE - HKU\\S-1-5-20\\..\\SearchScopes,DefaultScope =
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp\'>http://uk.msn.com/?ocid=iehp
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes,DefaultScope = {9A86E642-C27A-47E6-B502-BEF8FD7DECAE}
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes\\{9A86E642-C27A-47E6-B502-BEF8FD7DECAE}: \"URL\" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: \"Google\"
FF - prefs.js..browser.search.defaultenginename: \"Yahoo!\"
FF - prefs.js..browser.search.selectedEngine: \"Yahoo!\"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: \"http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\"
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: \"http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p\'>http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=\"
FF - user.js - File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_9_900_170.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@Nero.com/KM: C:\\PROGRA~2\\COMMON~1\\Nero\\BROWSE~1\\NPBROW~1.DLL (Nero AG)
FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Alwil Software\\Avast5\\WebRep\\FF [2013/12/24 09:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]
[2013/03/03 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Extensions
[2013/12/05 13:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions
[2013/12/05 13:25:48 | 000,010,433 | ---- | M] () (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions\\[email protected]
[2013/09/24 07:16:07 | 000,000,911 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\yahoo_ff.xml
[2014/01/08 17:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions
[2014/01/08 17:52:20 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/28 15:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command=%7BsearchTerms\'>http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch
CHR - plugin: Winamp Application Detector (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\
CHR - Extension: Google Drive = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\
CHR - Extension: YouTube = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\
CHR - Extension: Google Search = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\
CHR - Extension: Google Wallet = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.5.0_0\\
CHR - Extension: Gmail = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\\Run: [Acronis Scheduler2 Service] C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\\Run: [IntelliPoint] C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\\Run: [itype] C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe (Microsoft Corporation)
O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\\Run: [avast5] C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe (AVAST Software)
O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe (AVAST Software)
O4 - HKLM..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe ()
O4 - HKLM..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe (Acronis)
O4 - HKU\\S-1-5-19..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)
O4 - HKU\\S-1-5-20..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\\RunOnce: [20131224] C:\\Program Files\\Alwil Software\\Avast5\\setup\\emupdate\\f3e5c1c0-0ace-4497-ab08-b7736fae6854.exe (AVAST Software)
O4 - HKU\\S-1-5-19..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found
O4 - HKU\\S-1-5-20..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLinkedConnections = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{F4C083AD-AE62-4150-B954-D5D7D0D6D7BC}: DhcpNameServer = 192.168.169.1
O18:64bit: - Protocol\\Handler\\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*
O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*
O35 - HKLM\\..comfile [open] -- \"%1\" %*
O35 - HKLM\\..exefile [open] -- \"%1\" %*
O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/18 14:34:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe
[2014/01/18 14:34:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe
[2014/01/18 14:34:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe
[2014/01/18 14:34:51 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll
[2014/01/17 10:27:33 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT
[2014/01/17 10:12:34 | 000,000,000 | ---D | C] -- C:\\AdwCleaner
[2014/01/17 10:11:02 | 001,037,068 | ---- | C] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe
[2014/01/15 14:57:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
[2014/01/15 14:53:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys
[2014/01/15 14:53:11 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys
[2014/01/15 14:53:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys
[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\VC
[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Documents\\TEncoder
[2014/01/14 08:09:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TEncoder Video Converter
[2014/01/14 08:09:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\TEncoder Video Converter
[2014/01/10 13:44:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe
[2014/01/08 17:52:12 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox
[2014/01/07 18:36:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Sun
[2014/01/07 18:36:16 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java
[2014/01/07 18:29:43 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java
[2014/01/07 18:29:32 | 000,000,000 | ---D | C] -- C:\\Program Files\\Java
[2014/01/07 11:49:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\DigitalSites
[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\VideoConverter
[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Video Converter
[2013/12/30 11:00:37 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10331230
[2013/12/29 18:54:45 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10231222
[2013/12/29 18:53:52 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10131218
[2013/12/24 09:19:11 | 000,079,672 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys
========== Files - Modified Within 30 Days ==========
[2014/01/21 10:58:10 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job
[2014/01/21 10:57:47 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat
[2014/01/21 10:57:30 | 3220,676,608 | -HS- | M] () -- C:\\hiberfil.sys
[2014/01/21 07:39:06 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 07:39:06 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 20:14:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job
[2014/01/20 20:12:53 | 000,000,898 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job
[2014/01/20 19:19:39 | 000,025,910 | ---- | M] () -- C:\\Users\\allans\\Desktop\\missing.pdf
[2014/01/20 19:11:37 | 000,006,935 | ---- | M] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx
[2014/01/17 19:57:59 | 000,786,598 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI
[2014/01/17 19:57:59 | 000,669,594 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat
[2014/01/17 19:57:59 | 000,127,210 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat
[2014/01/17 10:46:54 | 000,791,348 | ---- | M] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI
[2014/01/17 10:11:02 | 001,037,068 | ---- | M] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe
[2014/01/17 10:10:07 | 001,236,282 | ---- | M] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe
[2014/01/17 02:14:55 | 000,002,194 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Chrome.lnk
[2014/01/15 15:00:00 | 000,434,032 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT
[2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
[2014/01/14 08:09:23 | 000,001,130 | ---- | M] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk
[2014/01/10 13:44:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe
[2014/01/08 17:54:38 | 000,000,833 | ---- | M] () -- C:\\Users\\Public\\Desktop\\CCleaner.lnk
[2014/01/07 12:05:05 | 000,004,608 | ---- | M] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/07 11:49:55 | 000,001,116 | ---- | M] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk
[2014/01/07 11:49:55 | 000,001,092 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk
[2014/01/07 09:16:29 | 000,223,798 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif
[2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys
[2013/12/24 09:19:11 | 000,001,988 | ---- | M] () -- C:\\Users\\Public\\Desktop\\avast! Free Antivirus.lnk
[2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys
[2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswsp.sys
[2013/12/24 09:18:23 | 000,334,136 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\aswBoot.exe
[2013/12/24 09:18:23 | 000,207,904 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys
[2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys
[2013/12/24 09:18:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\\Windows\\avastSS.scr
========== Files Created - No Company Name ==========
[2014/01/20 19:18:27 | 000,025,910 | ---- | C] () -- C:\\Users\\allans\\Desktop\\missing.pdf
[2014/01/20 19:11:37 | 000,006,935 | ---- | C] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx
[2014/01/17 10:10:07 | 001,236,282 | ---- | C] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe
[2014/01/14 08:09:23 | 000,001,130 | ---- | C] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk
[2014/01/07 12:04:33 | 000,004,608 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/07 11:49:55 | 000,001,116 | ---- | C] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk
[2014/01/07 11:49:55 | 000,001,092 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk
[2014/01/07 09:18:56 | 000,223,798 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif
[2013/12/06 11:18:08 | 000,008,123 | ---- | C] () -- C:\\Users\\allans\\saga_gui.ini
[2013/09/24 07:29:08 | 000,004,362 | ---- | C] () -- C:\\Windows\\cdplayer.ini
[2013/09/24 07:14:36 | 000,001,534 | ---- | C] () -- C:\\ProgramData\\ss.ini
[2013/05/23 18:43:39 | 000,007,671 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\Resmon.ResmonCfg
[2013/03/21 10:04:30 | 000,000,600 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\PUTTY.RND
[2013/03/05 09:50:43 | 000,012,942 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).CAL
[2013/03/05 09:49:35 | 000,038,410 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).ADR
[2013/03/03 18:25:14 | 000,791,348 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64
[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64
[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]
\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Both
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]
< End of report >
8
Tech Clinic / MBAM detected a problem
« on: January 17, 2014, 05:45:37 AM »Thanks - as requested - first ADWCleaner then JRT logs
Allan
# AdwCleaner v3.017 - Report created 17/01/2014 at 10:21:01
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : allans - LEMURIA
# Running from : C:\\Users\\allans\\Desktop\\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\\ProgramData\\Ask
Folder Deleted : C:\\ProgramData\\FreeRIP
Folder Deleted : C:\\Program Files (x86)\\Conduit
Folder Deleted : C:\\Program Files (x86)\\FreeRIP
Folder Deleted : C:\\Program Files (x86)\\uTorrentControl_v6
Folder Deleted : C:\\Program Files (x86)\\Common Files\\Spigot
Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Conduit
Folder Deleted : C:\\Users\\allans\\AppData\\Local\\PackageAware
Folder Deleted : C:\\Users\\allans\\AppData\\LocalLow\\Conduit
Folder Deleted : C:\\Users\\allans\\AppData\\LocalLow\\PriceGong
Folder Deleted : C:\\Users\\allans\\AppData\\LocalLow\\uTorrentControl_v6
Folder Deleted : C:\\Users\\allans\\AppData\\Roaming\\pdfforge
Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\Askcom.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\\SOFTWARE\\Classes\\protector_dll.protectorbho
Key Deleted : HKLM\\SOFTWARE\\Classes\\protector_dll.protectorbho.1
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\apnstub_RASAPI32
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\apnstub_RASMANCS
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\FreeRIP3_RASAPI32
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\FreeRIP3_RASMANCS
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\UpdateTask_RASAPI32
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\UpdateTask_RASMANCS
Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT3289075
Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{F9116CAE-76D2-4894-B018-CB7882C6116F}
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{9A3E9456-8793-4537-A72E-83A165E8F1D8}
Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Key Deleted : HKCU\\Software\\Alexa Internet
Key Deleted : HKCU\\Software\\APN PIP
Key Deleted : HKCU\\Software\\Conduit
Key Deleted : HKCU\\Software\\distromatic
Key Deleted : HKCU\\Software\\dsiteproducts
Key Deleted : HKCU\\Software\\AppDataLow\\Toolbar
Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Conduit
Key Deleted : HKCU\\Software\\AppDataLow\\Software\\ConduitSearchScopes
Key Deleted : HKCU\\Software\\AppDataLow\\Software\\PriceGong
Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Search Settings
Key Deleted : HKCU\\Software\\AppDataLow\\Software\\SmartBar
Key Deleted : HKCU\\Software\\AppDataLow\\Software\\uTorrentControl_v6
Key Deleted : HKLM\\Software\\Conduit
Key Deleted : HKLM\\Software\\PIP
Key Deleted : HKLM\\Software\\uTorrentControl_v6
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\uTorrentControl_v6 Toolbar
***** [ Browsers ] *****
-\\\\ Internet Explorer v10.0.9200.16750
-\\\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\prefs.js ]
-\\\\ Google Chrome v32.0.1700.76
[ File : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\preferences ]
*************************
AdwCleaner[R0].txt - [5364 octets] - [17/01/2014 10:12:38]
AdwCleaner[S0].txt - [5203 octets] - [17/01/2014 10:21:01]
########## EOF - C:\\AdwCleaner\\AdwCleaner[S0].txt - [5263 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Enterprise x64
Ran by allans on 17/01/2014 at 10:27:35.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\\Users\\allans\\AppData\\Roaming\\mozilla\\firefox\\profiles\\m14n51wd.default\\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/01/2014 at 10:35:29.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9
Tech Clinic / MBAM detected a problem
« on: January 16, 2014, 03:41:41 AM »Thanks. Here\'s the scans you wanted.
OTL logfile created on: 15/01/2014 15:03:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.05% Memory free
8.00 Gb Paging File | 6.18 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 27.17 Gb Free Space | 34.77% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS
Drive E: | 105.47 Gb Total Space | 29.13 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS
Drive G: | 982.72 Mb Total Space | 38.11 Mb Free Space | 3.88% Space Free | Partition Type: FAT
Drive T: | 78.13 Gb Total Space | 52.63 Gb Free Space | 67.36% Space Free | Partition Type: NTFS
Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
PRC - [2013/12/24 09:18:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe
PRC - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe
PRC - [2013/12/05 10:07:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\GoogleCrashHandler.exe
PRC - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe
PRC - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\reader_sl.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe
PRC - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe
PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe
PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/23 13:33:16 | 019,336,120 | ---- | M] () -- C:\\Program Files\\Alwil Software\\Avast5\\libcef.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\plugins\\imageformats\\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtCore4.dll
MOD - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/08 17:52:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/17 19:31:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/02/10 03:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe -- (Polar Daemon)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe -- (NAUpdate)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/12/24 09:18:23 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/23 13:33:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/23 13:33:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/04 09:43:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/03/04 09:43:31 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\tdrpm251.sys -- (tdrpman251)
DRV:64bit: - [2013/03/04 09:43:29 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\timntr.sys -- (timounter)
DRV:64bit: - [2013/03/04 09:43:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\snapman.sys -- (snapman)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\e1e6232e.sys -- (e1express)
DRV:64bit: - [2008/04/30 09:32:27 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
IE - HKLM\\..\\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp\'>http://uk.msn.com/?ocid=iehp
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes,DefaultScope = {9A86E642-C27A-47E6-B502-BEF8FD7DECAE}
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes\\{9A86E642-C27A-47E6-B502-BEF8FD7DECAE}: \"URL\" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: \"Google\"
FF - prefs.js..browser.search.defaultenginename: \"Yahoo!\"
FF - prefs.js..browser.search.selectedEngine: \"Yahoo!\"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: \"http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\"
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: \"http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p\'>http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=\"
FF - user.js - File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.45.2: C:\\Program Files\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.45.2: C:\\Program Files\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_9_900_170.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@Nero.com/KM: C:\\PROGRA~2\\COMMON~1\\Nero\\BROWSE~1\\NPBROW~1.DLL (Nero AG)
FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Alwil Software\\Avast5\\WebRep\\FF [2013/12/24 09:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]
[2013/03/03 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Extensions
[2013/12/05 13:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions
[2013/12/05 13:25:48 | 000,010,433 | ---- | M] () (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions\\[email protected]
[2013/05/06 06:38:42 | 000,002,308 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\askcom.xml
[2013/09/24 07:16:07 | 000,000,911 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\yahoo_ff.xml
[2014/01/08 17:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions
[2014/01/08 17:52:20 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/28 15:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command=%7BsearchTerms\'>http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch
CHR - plugin: Winamp Application Detector (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\
CHR - Extension: Google Drive = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\
CHR - Extension: YouTube = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\
CHR - Extension: Google Search = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hbcennhacfaagdopikcegfcobcadeocj\\1.0_0\\
CHR - Extension: Domain Error Assistant = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\icdlfehblmklkikfigmjhbmmpmkmpooj\\1.1_0\\
CHR - Extension: Slick Savings = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mhkaekfpcppmmioggniknbnbdbcigpkk\\2.4_0\\
CHR - Extension: Google Wallet = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.5.0_0\\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pfndaklgolladniicklehhancnlgocpp\\1.0_0\\
CHR - Extension: Gmail = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\\..\\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)
O3 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\Toolbar\\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\\Run: [Acronis Scheduler2 Service] C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\\Run: [IntelliPoint] C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\\Run: [itype] C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe (Microsoft Corporation)
O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\\Run: [avast5] C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe (AVAST Software)
O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe (AVAST Software)
O4 - HKLM..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe ()
O4 - HKLM..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe (Acronis)
O4 - HKU\\S-1-5-19..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)
O4 - HKU\\S-1-5-20..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)
O4 - HKU\\S-1-5-19..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found
O4 - HKU\\S-1-5-20..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLinkedConnections = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{F4C083AD-AE62-4150-B954-D5D7D0D6D7BC}: DhcpNameServer = 192.168.169.1
O18:64bit: - Protocol\\Handler\\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*
O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*
O35 - HKLM\\..comfile [open] -- \"%1\" %*
O35 - HKLM\\..exefile [open] -- \"%1\" %*
O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*
O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/15 14:57:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
[2014/01/15 14:56:42 | 000,000,000 | -HSD | C] -- C:\\Config.Msi
[2014/01/15 14:53:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys
[2014/01/15 14:53:11 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys
[2014/01/15 14:53:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys
[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\VC
[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Documents\\TEncoder
[2014/01/14 08:09:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TEncoder Video Converter
[2014/01/14 08:09:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\TEncoder Video Converter
[2014/01/10 13:44:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe
[2014/01/08 17:52:12 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox
[2014/01/07 18:36:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Sun
[2014/01/07 18:36:16 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java
[2014/01/07 18:36:08 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe
[2014/01/07 18:36:02 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe
[2014/01/07 18:36:02 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe
[2014/01/07 18:36:02 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll
[2014/01/07 18:29:48 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaws.exe
[2014/01/07 18:29:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaw.exe
[2014/01/07 18:29:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\java.exe
[2014/01/07 18:29:43 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\WindowsAccessBridge-64.dll
[2014/01/07 18:29:43 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java
[2014/01/07 18:29:32 | 000,000,000 | ---D | C] -- C:\\Program Files\\Java
[2014/01/07 11:49:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\DigitalSites
[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\VideoConverter
[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Video Converter
[2013/12/30 11:00:37 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10331230
[2013/12/29 18:54:45 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10231222
[2013/12/29 18:53:52 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10131218
[2013/12/24 09:19:11 | 000,079,672 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys
[2013/12/17 19:31:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Local\\Macromedia
[2013/12/16 21:03:44 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wmploc.DLL
[2013/12/16 21:03:43 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wmploc.DLL
[2013/12/16 21:03:43 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wmp.dll
[2013/12/16 21:03:41 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wmp.dll
[2013/12/16 21:02:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieui.dll
[2013/12/16 21:02:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieui.dll
[2013/12/16 21:02:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesysprep.dll
[2013/12/16 21:02:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\RegisterIEPKEYs.exe
[2013/12/16 21:02:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesetup.dll
[2013/12/16 21:02:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesetup.dll
[2013/12/16 21:02:00 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ie4uinit.exe
[2013/12/16 21:02:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iernonce.dll
[2013/12/16 21:02:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iernonce.dll
[2013/12/16 21:01:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesysprep.dll
[2013/12/16 21:01:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\RegisterIEPKEYs.exe
[2013/12/16 21:01:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript.dll
[2013/12/16 21:01:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\jscript.dll
[2013/12/16 21:01:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msfeeds.dll
[2013/12/16 21:01:56 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript9.dll
[2013/12/16 20:56:48 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\portcls.sys
[2013/12/16 20:56:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\drmk.sys
[2013/12/16 20:56:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\WMPhoto.dll
[2013/12/16 20:56:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\WMPhoto.dll
[2013/12/16 20:56:45 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msieftp.dll
[2013/12/16 20:56:45 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msieftp.dll
[2013/12/16 20:56:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\imagehlp.dll
[2013/12/16 20:55:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wshom.ocx
[2013/12/16 20:55:47 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\scrrun.dll
[2013/12/16 20:55:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\scrrun.dll
[2013/12/16 20:55:47 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\cscript.exe
[2013/12/16 20:55:47 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\cscript.exe
[2013/12/16 20:55:47 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wshom.ocx
========== Files - Modified Within 30 Days ==========
[2014/01/15 15:02:37 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job
[2014/01/15 15:02:00 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 15:02:00 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 15:00:00 | 000,434,032 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT
[2014/01/15 14:59:43 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat
[2014/01/15 14:58:43 | 3220,676,608 | -HS- | M] () -- C:\\hiberfil.sys
[2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe
[2014/01/15 09:14:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job
[2014/01/15 09:12:31 | 000,000,898 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job
[2014/01/14 08:09:23 | 000,001,130 | ---- | M] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk
[2014/01/12 08:15:50 | 001,980,887 | ---- | M] () -- C:\\Users\\allans\\Desktop\\walk.jpg
[2014/01/10 13:44:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe
[2014/01/08 17:54:38 | 000,000,833 | ---- | M] () -- C:\\Users\\Public\\Desktop\\CCleaner.lnk
[2014/01/07 20:41:56 | 000,782,510 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI
[2014/01/07 20:41:56 | 000,666,652 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat
[2014/01/07 20:41:56 | 000,126,328 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat
[2014/01/07 18:35:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll
[2014/01/07 18:35:54 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe
[2014/01/07 18:35:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe
[2014/01/07 18:35:53 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe
[2014/01/07 18:29:37 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\WindowsAccessBridge-64.dll
[2014/01/07 18:29:35 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaws.exe
[2014/01/07 18:29:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaw.exe
[2014/01/07 18:29:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\java.exe
[2014/01/07 12:05:05 | 000,004,608 | ---- | M] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/07 11:49:55 | 000,001,116 | ---- | M] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk
[2014/01/07 11:49:55 | 000,001,092 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk
[2014/01/07 09:16:29 | 000,223,798 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif
[2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys
[2013/12/24 09:19:11 | 000,001,988 | ---- | M] () -- C:\\Users\\Public\\Desktop\\avast! Free Antivirus.lnk
[2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys
[2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswsp.sys
[2013/12/24 09:18:23 | 000,334,136 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\aswBoot.exe
[2013/12/24 09:18:23 | 000,207,904 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys
[2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys
[2013/12/24 09:18:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\\Windows\\avastSS.scr
[2013/12/17 19:31:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe
[2013/12/17 19:31:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl
[2013/12/17 14:18:40 | 004,284,346 | ---- | M] () -- C:\\Users\\allans\\Desktop\\PICT0004.JPG
========== Files Created - No Company Name ==========
[2014/01/14 08:09:23 | 000,001,130 | ---- | C] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk
[2014/01/12 08:15:44 | 001,980,887 | ---- | C] () -- C:\\Users\\allans\\Desktop\\walk.jpg
[2014/01/12 08:07:31 | 051,158,834 | ---- | C] () -- C:\\Users\\allans\\Desktop\\OS_1993_25000.tif
[2014/01/07 12:04:33 | 000,004,608 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/07 11:49:55 | 000,001,116 | ---- | C] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk
[2014/01/07 11:49:55 | 000,001,092 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk
[2014/01/07 09:18:56 | 000,223,798 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif
[2013/12/17 22:34:39 | 004,284,346 | ---- | C] () -- C:\\Users\\allans\\Desktop\\PICT0004.JPG
[2013/12/06 11:18:08 | 000,008,123 | ---- | C] () -- C:\\Users\\allans\\saga_gui.ini
[2013/09/24 07:29:08 | 000,004,362 | ---- | C] () -- C:\\Windows\\cdplayer.ini
[2013/09/24 07:14:36 | 000,001,534 | ---- | C] () -- C:\\ProgramData\\ss.ini
[2013/05/23 18:43:39 | 000,007,671 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\Resmon.ResmonCfg
[2013/03/21 10:04:30 | 000,000,600 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\PUTTY.RND
[2013/03/05 09:50:43 | 000,012,942 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).CAL
[2013/03/05 09:49:35 | 000,038,410 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).ADR
[2013/03/03 18:25:14 | 000,766,376 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64
[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64
[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]
\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Apartment
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]
\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Free
[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64
\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
\"ThreadingModel\" = Both
[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]
< End of report >
OTL Extras logfile created on: 15/01/2014 15:03:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.05% Memory free
8.00 Gb Paging File | 6.18 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): ?:\\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)
Drive C: | 78.13 Gb Total Space | 27.17 Gb Free Space | 34.77% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS
Drive E: | 105.47 Gb Total Space | 29.13 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS
Drive G: | 982.72 Mb Total Space | 38.11 Mb Free Space | 3.88% Space Free | Partition Type: FAT
Drive T: | 78.13 Gb Total Space | 52.63 Gb Free Space | 67.36% Space Free | Partition Type: NTFS
Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]
.html[@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\\Windows\\SysNative\\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]
.cpl [@ = cplfile] -- C:\\Windows\\SysWow64\\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)
[HKEY_USERS\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Classes\\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]
batfile [open] -- \"%1\" %*
cmdfile [open] -- \"%1\" %*
comfile [open] -- \"%1\" %*
exefile [open] -- \"%1\" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)
htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)
htmlfile [print] -- \"%systemroot%\\system32\\rundll32.exe\" \"%systemroot%\\system32\\mshtml.dll\",PrintHTML \"%1\"
http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)
https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)
inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)
InternetShortcut [open] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\ieframe.dll\",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\mshtml.dll\",PrintHTML \"%1\" (Microsoft Corporation)
piffile [open] -- \"%1\" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- \"%1\"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- \"%1\" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\" (Nullsoft, Inc.)
Directory [Winamp.Play] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)
CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]
batfile [open] -- \"%1\" %*
cmdfile [open] -- \"%1\" %*
comfile [open] -- \"%1\" %*
cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)
exefile [open] -- \"%1\" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)
htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)
htmlfile [print] -- \"%systemroot%\\system32\\rundll32.exe\" \"%systemroot%\\system32\\mshtml.dll\",PrintHTML \"%1\"
http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)
https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)
inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)
piffile [open] -- \"%1\" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- \"%1\"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- \"%1\" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\" (Nullsoft, Inc.)
Directory [Winamp.Play] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)
Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)
CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]
\"cval\" = 1
64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]
\"VistaSp1\" = 28 4D B2 76 41 04 CA 01 [binary data]
\"AntiVirusOverride\" = 0
\"AntiSpywareOverride\" = 0
\"FirewallOverride\" = 0
64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]
\"DisableNotifications\" = 0
\"EnableFirewall\" = 1
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]
\"DisableNotifications\" = 0
\"EnableFirewall\" = 0
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]
\"DisableNotifications\" = 0
\"EnableFirewall\" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]
\"{08E22235-782E-40B9-8090-44C8DFD0E833}\" = lport=139 | protocol=6 | dir=in | app=system |
\"{0D87EB9D-5D54-49BA-BC80-1554BD088E74}\" = lport=137 | protocol=17 | dir=in | app=system |
\"{17413364-8FB3-4D1D-91A7-1C037C249397}\" = rport=445 | protocol=6 | dir=out | app=system |
\"{204D667C-6541-4124-8C05-F489557BAB76}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{224A1C1F-8B79-42A9-8198-BEDADCA37583}\" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\\system32\\svchost.exe |
\"{2A2941FC-670B-4047-9988-57A19033BCAC}\" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
\"{40E7CB30-BFC8-431C-A7E3-907AEE26A302}\" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\\system32\\svchost.exe |
\"{433A075C-9284-42B9-9E1B-35D87C5E2860}\" = rport=139 | protocol=6 | dir=out | app=system |
\"{4854D8F6-4913-4F0D-8DB1-C58FFD2FDC63}\" = lport=445 | protocol=6 | dir=in | app=system |
\"{55FAFB34-2564-478E-806A-E7E2742A89D5}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{62D6C5CD-CBC7-46C4-9FB6-AF68338B04AD}\" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\\system32\\spoolsv.exe |
\"{7A2A48CC-7234-49D6-BC9E-97F6A705D7D6}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{7C41DB9B-09F9-46FF-957F-4BD4C0683221}\" = rport=137 | protocol=17 | dir=out | app=system |
\"{8A5E532F-778F-421B-A81B-1DBF634A45F9}\" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\\system32\\svchost.exe |
\"{8CCE0ADA-5E54-4BD4-BC9D-065AB78D2B0C}\" = lport=138 | protocol=17 | dir=in | app=system |
\"{9791D649-7F5B-4610-8332-3E35ED923A4B}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |
\"{A1FF125F-EB02-4FD0-903A-B32D07A3E9F1}\" = rport=138 | protocol=17 | dir=out | app=system |
\"{A22FE756-177F-4418-95C4-50C5CF41BE26}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{DBE88F26-19C0-4604-A057-68205B62D40D}\" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\\system32\\svchost.exe |
\"{E361BBB0-A35E-4212-ADE5-9AB3753140C7}\" = lport=6004 | protocol=17 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\outlook.exe |
\"{F822615B-6713-48E6-ABA2-F9C8F9C4A360}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |
\"{FD8CB3E0-C95B-48F2-A156-2CB4B2EF02FF}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
\"{FE1814E7-FBF9-4BA2-9D80-CAFFD53C44A8}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]
\"{0D4FA402-4A5C-4540-A3B6-5E4EEB1D5460}\" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\\system32\\svchost.exe |
\"{0E2712F4-6BA0-43F4-B082-A6A61915E305}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\onenote.exe |
\"{11155DB5-687F-4A3E-A87C-668A8745027E}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\groove.exe |
\"{245C604F-E8B2-4CE1-B42A-56A9F77CC5C3}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{2486F7C7-AAB7-4107-8CA0-1BA3A997DC12}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\groove.exe |
\"{2857A9AA-6A24-4777-9F5E-D9C4C66B8F25}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{5B3A7DDE-39AD-4CBB-82FD-EB9F2E438C50}\" = dir=in | app=c:\\program files (x86)\\common files\\apple\\apple application support\\webkit2webprocess.exe |
\"{5D44005E-4A69-41C5-8EEF-16285E3399B2}\" = protocol=58 | dir=in | [email protected],-28545 |
\"{5EA4DBAB-3EFA-4DF4-ADF2-8FE44FF6E6C1}\" = protocol=6 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |
\"{69C8E10D-1E32-4F24-A2A6-EED32FC428EC}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\nero\\km\\kwikmedia.exe |
\"{6B67F757-6642-47C3-8A6A-2CEA168281C9}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\nero\\km\\kwikmedia.exe |
\"{72A03BD0-70F2-4980-A717-26E962B107ED}\" = protocol=17 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |
\"{752E9910-7D6A-4861-9459-885A4B74980B}\" = protocol=58 | dir=out | [email protected],-28546 |
\"{8248F4FD-F2AA-410D-96D9-FCD1A850AFE6}\" = protocol=1 | dir=in | [email protected],-28543 |
\"{8C961A63-AEE7-4660-8AB5-28B02846494F}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |
\"{9808F8B4-4B62-4D08-B05E-6289088126ED}\" = protocol=1 | dir=out | [email protected],-28544 |
\"{991632B3-9E39-403C-B3C1-8CD3836C2A1A}\" = protocol=17 | dir=in | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |
\"{AA78B872-B29F-4EF0-AE38-5D898C2DCF07}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\onenote.exe |
\"{C1C1F581-7439-43C6-81CD-0D6B676D742D}\" = protocol=17 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |
\"{F756F898-CAFE-40E4-B792-8D823359CDE4}\" = protocol=6 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |
\"TCP Query User{7ADF76F6-B2A3-4160-9EB6-D1D34B77E157}C:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe\" = protocol=6 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |
\"UDP Query User{9A633EB3-3117-4CC8-BBDF-940B53BF1688}C:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe\" = protocol=17 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]
\"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}\" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
\"{26A24AE4-039D-4CA4-87B4-2F86417045FF}\" = Java 7 Update 45 (64-bit)
\"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\" = PVSonyDll
\"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}\" = Microsoft IntelliPoint 8.2
\"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}\" = Microsoft .NET Framework 4.5.1
\"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}\" = Microsoft IntelliType Pro 8.2
\"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\" = Microsoft Silverlight
\"{90120000-002A-0000-1000-0000000FF1CE}\" = Microsoft Office Office 64-bit Components 2007
\"{90120000-002A-0409-1000-0000000FF1CE}\" = Microsoft Office Shared 64-bit MUI (English) 2007
\"{90120000-0116-0409-1000-0000000FF1CE}\" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
\"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033\" = Microsoft .NET Framework 4.5.1
\"{95120000-00B9-0409-1000-0000000FF1CE}\" = Microsoft Application Error Reporting
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision\" = NVIDIA 3D Vision Driver 314.07
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel\" = NVIDIA Control Panel 314.07
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver\" = NVIDIA Graphics Driver 314.07
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB\" = NVIDIA 3D Vision Controller Driver 314.07
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX\" = NVIDIA PhysX System Software 9.12.1031
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update\" = NVIDIA Update 1.12.12
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer\" = NVIDIA Install Application
\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update\" = NVIDIA Update Components
\"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}\" = PlayReady PC Runtime amd64
\"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}\" = WinZip 17.0
\"{E3B264CE-D9CF-448B-960F-4F832FB1F990}\" = Corel Graphics - Windows Shell Extension 64 Bit
\"CCleaner\" = CCleaner
\"Microsoft IntelliPoint 8.2\" = Microsoft IntelliPoint 8.2
\"Microsoft IntelliType Pro 8.2\" = Microsoft IntelliType Pro 8.2
\"QGIS Dufour\" = QGIS Dufour 2.0.1 Dufour
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]
\"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}\" = Corel Graphics - Windows Shell Extension
\"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}\" = Corel DESIGNER Technical Suite X5
\"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}\" = PDFCreator
\"{0071820F-09B0-4998-8320-F89629DCBC99}\" = Nero BackItUp
\"{052A1E34-A54B-458C-A4E3-24C3E054754A}\" = Nero Kwik Media
\"{0708FF30-78C0-47B0-81F0-C84604DC769C}\" = Nero Express Help (CHM)
\"{07EA0F8
10
Tech Clinic / MBAM detected a problem
« on: January 10, 2014, 09:03:35 AM »Every month I routinely run MBAM & AVAST on \'full scan\' prior to backup. This month they both flagged problems - which I allowed them to clean. They both give a clean bill of health - but I\'ve noticed the odd unexpected pop-up.
All problems reported by AVAST were \\Sun\\Java\\Deployment\\cache related.
After AVSAST \'moved files o Chest\' I went to Sun website, downloaded Java removal tool, removed and then reinstalled Java from a fresh download.
MBAM LOG:
Registry Keys Detected: 4
HKCR\\CLSID\\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Video Converter (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3A787631-66A2-4634-B928-A37E73B58FB6} (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
HKCU\\Software\\Distromatic\\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\\Users\\allans\\AppData\\Roaming\\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\\Users\\allans\\AppData\\Local\\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
Files Detected: 7
C:\\Program Files (x86)\\Conduit\\Community Alerts\\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\\Program Files (x86)\\VideoConverter\\Uninstall\\__Uninstall_.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\Uninstall.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\coupons_2.4.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\CouponsHelper.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\coupons_2.7.xpi (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\\Users\\allans\\AppData\\Local\\Slick Savings\\coupons.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
Please can someone take a look at the HJT log below
Thanks
Allan
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:52:59, on 10/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)
FIREFOX: 26.0 (en-US)
Boot mode: Normal
Running processes:
C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe
C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe
C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe
C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe
C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe
C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe
C:\\Program Files (x86)\\Internet Explorer\\IELowutil.exe
C:\\Program Files (x86)\\Microsoft Office\\Office12\\OUTLOOK.EXE
C:\\Program Files\\WinZip\\zipsendservice.exe
C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE
C:\\Users\\allans\\Desktop\\HijackThis.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll
O2 - BHO: uTorrentControl_v6 - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll
O3 - Toolbar: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll
O4 - HKLM\\..\\Run: [avast5] \"C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe\" /nogui
O4 - HKLM\\..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe /autorun
O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"
O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"
O4 - HKLM\\..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe
O4 - HKLM\\..\\Run: [APSDaemon] \"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [AvastUI.exe] \"C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe\" /nogui
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [LightScribe Control Panel] C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOCAL SERVICE\')
O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOCAL SERVICE\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETWORK SERVICE\')
O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETWORK SERVICE\')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~2\\MICROS~2\\Office12\\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com\'>http://www.samsungsetup.com
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe
O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe
O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)
O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files (x86)\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files (x86)\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)
O23 - Service: @C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe
O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\\Windows\\system32\\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe
O23 - Service: Polar Daemon - Unknown owner - C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe
O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe
O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)
O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)
--
End of file - 10213 bytes
11
Tech Clinic / win32 trojan - help please
« on: October 18, 2008, 09:51:59 AM »
[quote name=\'guestolo\' post=\'444750\' date=\'Oct 17 2008, 05:00 AM\']Appears like your in the clear, is that correct?[/quote]
I guess so - many thanks
I guess so - many thanks
12
Tech Clinic / win32 trojan - help please
« on: October 16, 2008, 04:45:56 PM »
[quote name=\'Allans\' post=\'444701\' date=\'Oct 16 2008, 05:45 PM\']I will creat an image and then install them and then run Kaspersky and let you know[/quote]
Booted Vista, ran all updates, hen ran Avast - detected as reported - ran kaspersky - clean.
Booted XP, ran all updates, hen ran Avast - detected as reported - ran kaspersky - clean.
Looks like you are right - false detect
Booted Vista, ran all updates, hen ran Avast - detected as reported - ran kaspersky - clean.
Booted XP, ran all updates, hen ran Avast - detected as reported - ran kaspersky - clean.
Looks like you are right - false detect
13
Tech Clinic / win32 trojan - help please
« on: October 16, 2008, 11:09:52 AM »
[quote name=\'guestolo\' post=\'444668\' date=\'Oct 16 2008, 03:21 AM\']I have a feeling it's a false postive, from what I'm seeing on the Internet
But just to be safe Please do a scan with [color=\"#3333ff\"]Kaspersky Online Scanner[/color][/quote]
Kaspersky wont run unless I update windows, my install is 'virgin' direct from Vista SP1 install disk
without any updates yet - I didnt install them 'cos of the virus report.
I will creat an image and then install them and then run Kaspersky and let you know
Thanks
Allan
But just to be safe Please do a scan with [color=\"#3333ff\"]Kaspersky Online Scanner[/color][/quote]
Kaspersky wont run unless I update windows, my install is 'virgin' direct from Vista SP1 install disk
without any updates yet - I didnt install them 'cos of the virus report.
I will creat an image and then install them and then run Kaspersky and let you know
Thanks
Allan
14
Tech Clinic / win32 trojan - help please
« on: October 15, 2008, 02:10:51 AM »
I have a dual boot system (XP and Vista) with Avast on both
Booting under Vista detects win32:VB-EIJ in the pagesys file on the XP partition, but nothing in its own partition.
Booting under XP detects win32:Small-DTB in the pagesys file on the Vista partition, but nothing in its own partition.
As yet no symptoms detected. PC has been taken out of my network, other PCs scan clean, but I find it odd that Avast sees nothing in the booted partition and am concerned it is not detecting.
below is Hijack log for Vista boot.
Advice appreciated please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:07, on 15/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1170005839-4226897812-1479485239-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{12197E0C-CD24-4A52-A2CF-C86DFCA42C8C}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12197E0C-CD24-4A52-A2CF-C86DFCA42C8C}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12197E0C-CD24-4A52-A2CF-C86DFCA42C8C}: NameServer = 10.0.0.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
--
End of file - 6147 bytes
Booting under Vista detects win32:VB-EIJ in the pagesys file on the XP partition, but nothing in its own partition.
Booting under XP detects win32:Small-DTB in the pagesys file on the Vista partition, but nothing in its own partition.
As yet no symptoms detected. PC has been taken out of my network, other PCs scan clean, but I find it odd that Avast sees nothing in the booted partition and am concerned it is not detecting.
below is Hijack log for Vista boot.
Advice appreciated please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:07, on 15/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1170005839-4226897812-1479485239-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{12197E0C-CD24-4A52-A2CF-C86DFCA42C8C}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{12197E0C-CD24-4A52-A2CF-C86DFCA42C8C}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{12197E0C-CD24-4A52-A2CF-C86DFCA42C8C}: NameServer = 10.0.0.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
--
End of file - 6147 bytes
Pages: [1]