googly_eyes
-
Posts
10 -
Joined
-
Last visited
-
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
cheers! -
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
Have just tried to open the usual sites and it seems that the everything has cleared up! Thanks Maniac!!!!! -
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
<p>OK step 3 completed, see below log...</p> <p> </p> <p> </p> <div>Malwarebytes Anti-Malware (PRO) 1.61.0.1400</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.06.27.06</div> <div> </div> <div>Windows XP Service Pack 3 x86 NTFS</div> <div>Internet Explorer 6.0.2900.5512</div> <div>Simon :: VTUK [administrator]</div> <div> </div> <div>Protection: Enabled</div> <div> </div> <div>27/06/2012 15:59:49</div> <div>mbam-log-2012-06-27 (15-59-49).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 243587</div> <div>Time elapsed: 10 minute(s), 15 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div> -
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
OK that worked This is the log......while you read I shall embark on step 3.... All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found. File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found. File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll not found. File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0 not found. File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0 not found. File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0 not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222f31fb-a14e-4af2-bb14-997f28294370}\ not found. File C:\Documents and Settings\Simon\Application Data\VshareComplete\VshareComplete.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found. File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found. File C:\Program Files\Yontoo\YontooIEClient.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found. File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found. Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found. File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found. Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully. File C:\Program Files\Ares\Ares.exe not found. Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully. File C:\Program Files\BitTorrent\BitTorrent.exe not found. File C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk not found. File C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk not found. File C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk not found. Folder C:\Documents and Settings\Simon\Application Data\BitTorrent\ not found. C:\Documents and Settings\Simon\Application Data\PriceGong\Data folder moved successfully. C:\Documents and Settings\Simon\Application Data\PriceGong folder moved successfully. Folder C:\Documents and Settings\Simon\Application Data\VshareComplete\ not found. ========== FILES ========== File\Folder C:\Program Files\BitTorrent not found. File\Folder C:\Program Files\BitTorrentBar not found. C:\Program Files\Windows Searchqu Toolbar\Datamngr folder moved successfully. C:\Program Files\Windows Searchqu Toolbar folder moved successfully. File\Folder C:\Program Files\Yontoo not found. File\Folder C:\Program Files\Ares not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Ctx_StreamingSvc ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Simon ->Temp folder emptied: 490748406 bytes ->Temporary Internet Files folder emptied: 86592061 bytes ->Java cache emptied: 7068610 bytes ->Google Chrome cache emptied: 6852440 bytes ->Flash cache emptied: 11230 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 6450192 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1558835 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 395765217 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 493324128 bytes Total Files Cleaned = 1,420.00 mb Unable to start System Restore Service. Error code 10 OTL by OldTimer - Version 3.2.53.0 log created on 06272012_154823 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... -
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
p..... sorry for name typo :-) -
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
Hi Manaiac Ive just logged in from my other laptop to ask if it is normal for the "killing processes" to be active this long? I think there is a progress bar at the bottom but nothing seems to be happening other than the killing process message. Just seeking clarification that this is normal as it has been running for an hour now. Cheers Simon -
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
Here you go Manaic OTL Extras logfile created on: 27/06/2012 13:39:57 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Simon\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.49 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 64.01% Memory free 5.32 Gb Paging File | 3.64 Gb Available in Paging File | 68.42% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 35.84 Gb Free Space | 24.05% Space Free | Partition Type: NTFS Drive D: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: VTUK | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353 "9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- () "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" = C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group) "C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- () "C:\Eiris\e41srv\EirisServer.exe" = C:\Eiris\e41srv\EirisServer.exe:*:Enabled:EirisServer Application -- (Visonic Technologies / ELPAS) "C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies) "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- () "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.) "C:\Eiris\apache\bin\httpd.exe" = C:\Eiris\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company) "C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company) "C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company) "C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company) "C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company) "C:\Documents and Settings\Simon\My Documents\Downloads\AA_v3.exe" = C:\Documents and Settings\Simon\My Documents\Downloads\AA_v3.exe:*:Enabled:Ammyy Admin -- () "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\LonWorks\bin\ptserv32.exe" = C:\LonWorks\bin\ptserv32.exe:*:Enabled:FastObjects Server 9.5 -- (POET Software) "C:\Program Files\Steam\steamapps\common\football manager 2012\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2012\fm.exe:*:Enabled:Football Manager 2012 -- (Sports Interactive) "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Program Files\Elpas Local Controller\ELC Programmer.exe" = C:\Program Files\Elpas Local Controller\ELC Programmer.exe:*:Enabled:ELC Programmer -- () "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero) "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56BA241F-580C-43D2-8403-947241AAE633}" = center "{5f6460bd-391e-43ce-bcf3-130ef02f8cb2}_is1" = VshareComplete "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel® Network Connections 16.8.46.0 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{696A666D-7CB6-40f6-B394-BD3EEDAA2B99}" = HP Scanjet G3010 and 4370 9.0 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{70BB990A-1461-4178-943D-7F771067D95C}" = Citrix Offline Plug-in "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{74A18186-FFC5-488A-80D3-0D4ABA1125D8}" = Elpas Local Controller "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express "{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.5.0) "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9026A8AB-A7B2-4260-B93F-BB19E717980B}" = Eiris "{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{993DAF7C-A5F8-42EA-81D4-DAE3C9D2D1F7}_is1" = Remo Recover "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{9FCF2FC0-8268-11D4-A313-0006290D766E}" = Check Point VPN-1 SecureClient NG_AI_R56 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV) "{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9272341-39C4-40D6-8B31-54D85409116F}" = hpg3010 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr "{C012BF9F-79EA-4601-9778-BFE9B3CE83A1}" = hpg3010QFolder "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension "{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection) "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core "{DE39D99E-62CD-440D-BB51-800D5BA5D181}" = Intel® PROSet/Wireless WiFi Software "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EACDEFA8-8BCD-4E9D-BC41-DF59ACD748BB}" = Echelon LNS Server "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr "{EFE86519-31A1-46C3-9850-F7A132E04EFD}" = Echelon OpenLDV 3.4 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "American Civil War - Gettysburg" = American Civil War - Gettysburg (remove only) "Ares" = Ares 2.1.7 "avast" = avast! Free Antivirus "AVS Image Converter_is1" = AVS Image Converter 2.1.2.169 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "BitTorrent" = BitTorrent "BitTorrentBar Toolbar" = BitTorrentBar Toolbar "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CitrixOnlinePluginPackWeb" = Citrix Receiver "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "ENTERPRISE" = Microsoft Office Enterprise 2007 "ezNZB_is1" = ezNZB v3.1.0 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPOCR" = HP OCR Software 9.0 "ImTOO PDF to PowerPoint Converter" = ImTOO PDF to PowerPoint Converter "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express "jZip" = jZip "Logitech Vid" = Logitech Vid HD "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239) "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4 "Oval Office" = Oval Office (remove only) "PcCloneEX" = PcCloneEX "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software "ProInst" = Intel PROSet Wireless "QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en) "RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47 "RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27 "RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.19 "Searchqu 102 MediaBar" = Windows Searchqu Toolbar "Simpo PDF to PowerPoint_is1" = Simpo PDF to PowerPoint 1.2.0.0 "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "Smart PDF Converter_is1" = Smart PDF Converter 6.1.0.441 "SopCast" = SopCast 3.4.0 "Spider32" = Spider32 "StarCraft II" = StarCraft II "Steam App 34220" = Football Manager 2011 "Steam App 71270" = Football Manager 2012 "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "Universal Document Converter_is1" = Universal Document Converter (Demo) "Veetle TV" = Veetle TV "VLC media player" = VLC media player 1.1.10 "vShare plugin" = vShare plugin 1.3 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR 4.01 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 5.1.0.880 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16/03/2012 17:36:09 | Computer Name = VTUK | Source = Application Hang | ID = 1002 Description = Hanging application chrome.exe, version 17.0.963.79, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 16/03/2012 17:36:10 | Computer Name = VTUK | Source = Application Hang | ID = 1002 Description = Hanging application chrome.exe, version 17.0.963.79, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 16/03/2012 17:40:15 | Computer Name = VTUK | Source = nview_info | ID = 11141121 Description = Error - 16/03/2012 18:06:39 | Computer Name = VTUK | Source = nview_info | ID = 11141121 Description = Error - 16/03/2012 18:06:43 | Computer Name = VTUK | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 16/03/2012 18:06:43 | Computer Name = VTUK | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 19/03/2012 06:09:19 | Computer Name = VTUK | Source = Application Error | ID = 1000 Description = Faulting application wfica32.exe, version 13.0.0.6685, faulting module sslsdk_b.dll, version 12.1.4.56357, fault address 0x00013cde. Error - 21/03/2012 07:45:59 | Computer Name = VTUK | Source = Application Error | ID = 1000 Description = Faulting application skype.exe, version 5.5.0.124, faulting module flash11e.ocx, version 11.1.102.55, fault address 0x001df7ac. Error - 22/03/2012 09:35:23 | Computer Name = VTUK | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 27/03/2012 10:10:24 | Computer Name = VTUK | Source = Application Hang | ID = 1002 Description = Hanging application wfica32.exe, version 13.0.0.6685, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ OSession Events ] Error - 07/07/2011 17:49:07 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19961 seconds with 60 seconds of active time. This session ended with a crash. Error - 12/10/2011 04:42:28 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 556 seconds with 0 seconds of active time. This session ended with a crash. Error - 20/10/2011 08:43:59 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 154049 seconds with 0 seconds of active time. This session ended with a crash. Error - 04/11/2011 20:23:47 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43786 seconds with 0 seconds of active time. This session ended with a crash. Error - 18/11/2011 12:51:44 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 95412 seconds with 1560 seconds of active time. This session ended with a crash. Error - 18/11/2011 20:22:47 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29184 seconds with 120 seconds of active time. This session ended with a crash. Error - 18/11/2011 20:22:47 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27032 seconds with 540 seconds of active time. This session ended with a crash. Error - 06/12/2011 14:33:49 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28306 seconds with 600 seconds of active time. This session ended with a crash. Error - 15/03/2012 06:00:07 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 856335 seconds with 5160 seconds of active time. This session ended with a crash. Error - 27/03/2012 19:50:10 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47411 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 26/06/2012 15:09:57 | Computer Name = VTUK | Source = FW1 | ID = 1 Description = FW1: -->ookup failed (5) Error - 26/06/2012 15:10:01 | Computer Name = VTUK | Source = FW1 | ID = 1 Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l--> Error - 26/06/2012 15:10:01 | Computer Name = VTUK | Source = FW1 | ID = 1 Description = FW1: -->ookup failed (5) Error - 26/06/2012 15:10:04 | Computer Name = VTUK | Source = FW1 | ID = 1 Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l--> Error - 26/06/2012 15:10:04 | Computer Name = VTUK | Source = FW1 | ID = 1 Description = FW1: -->ookup failed (5) Error - 26/06/2012 17:03:12 | Computer Name = VTUK | Source = FW1 | ID = 1 Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l--> Error - 26/06/2012 17:03:12 | Computer Name = VTUK | Source = FW1 | ID = 1 Description = FW1: -->ookup failed (5) Error - 27/06/2012 04:40:47 | Computer Name = VTUK | Source = Service Control Manager | ID = 7031 Description = The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error - 27/06/2012 04:40:47 | Computer Name = VTUK | Source = SCardSvr | ID = 610 Description = Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed. Error - 27/06/2012 05:15:38 | Computer Name = VTUK | Source = Service Control Manager | ID = 7031 Description = The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. < End of report > -
not detected by malwarebytes
googly_eyes replied to googly_eyes's topic in Resolved Malware Removal Logs
Hi Maniac Yes I am a paid up user but I thought the forums might offer me a instant solution. As requested, I have followed your instructions to the letter and now you can see what the log produced below. Thanks in advance.... OTL logfile created on: 27/06/2012 13:39:57 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Simon\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.49 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 64.01% Memory free 5.32 Gb Paging File | 3.64 Gb Available in Paging File | 68.42% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 35.84 Gb Free Space | 24.05% Space Free | Partition Type: NTFS Drive D: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: VTUK | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/27 13:37:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon\My Documents\Downloads\OTL.exe PRC - [2012/06/06 10:59:37 | 006,380,440 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/12/23 12:33:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2011/12/23 12:33:40 | 000,370,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe PRC - [2011/12/23 12:33:36 | 000,882,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe PRC - [2011/12/23 11:16:20 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2011/12/23 11:01:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe PRC - [2011/12/23 10:58:28 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2011/12/10 11:25:36 | 002,756,608 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/11/09 17:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe PRC - [2011/08/22 16:12:52 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2011/08/11 12:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2011/08/11 12:27:16 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe PRC - [2011/08/11 12:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2011/08/02 10:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe PRC - [2011/07/19 22:00:34 | 001,034,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe PRC - [2011/07/19 22:00:00 | 000,210,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe PRC - [2011/07/19 18:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe PRC - [2011/06/16 18:15:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011/05/03 07:47:58 | 000,321,448 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe PRC - [2011/03/04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011/01/13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe PRC - [2010/03/09 23:56:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2009/07/07 02:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe PRC - [2008/04/30 16:26:22 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2008/04/14 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/21 20:32:04 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007/09/21 04:40:00 | 000,062,776 | ---- | M] (Echelon Corporation) -- C:\LonWorks\bin\LnsMtsSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2005/03/01 19:49:30 | 001,691,741 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe PRC - [2005/03/01 19:49:18 | 000,036,962 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe PRC - [2005/03/01 19:49:14 | 000,110,689 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe PRC - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/27 07:44:51 | 001,774,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12062700\algo.dll MOD - [2012/06/14 11:58:49 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\767d9fbc5fc15334dd6b6f3f7822be5c\Inkjet.DeviceSettings.ni.dll MOD - [2012/06/14 11:58:48 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\1ebc49b064658f6bb33a8da26bf5db65\Inkjet.Utilities.ni.dll MOD - [2012/06/14 11:58:48 | 000,237,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\8862f33cee6152a145575065da1d9f7c\Inkjet.Localization.ni.dll MOD - [2012/06/14 11:58:47 | 000,824,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\436a3f34aeda5601e7b353522528d7f0\Inkjet.Hardware.ni.dll MOD - [2012/06/14 10:49:13 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012/06/14 10:49:03 | 000,488,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\88d62aa57be5877c553de0485b6897ed\IAStorUtil.ni.dll MOD - [2012/06/14 10:49:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012/06/14 10:01:53 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012/06/14 10:01:44 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012/06/14 09:53:48 | 000,169,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\587d19c0eb157f347e2db37681c294fa\Inkjet.Automation.ni.dll MOD - [2012/06/14 09:53:41 | 000,105,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\da1c99c0e65ff84f293bb8ec15c78da1\Inkjet.Diagnostics.ni.dll MOD - [2012/05/11 12:16:58 | 000,080,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\8a113d17ac02d8e4285ea1db21a3f286\Inkjet.Configuration.ni.dll MOD - [2012/05/11 12:16:57 | 000,180,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\683ccae865dd1941a8ec53c781a01bdc\Inkjet.Statistics.ni.dll MOD - [2012/05/11 12:16:49 | 000,172,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c5119837c6e401c4912b8acbc7f6f8a9\IsdiInterop.ni.dll MOD - [2012/05/11 12:16:46 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8d6a7009a6619a46892dfec9e13fd1ef\IAStorCommon.ni.dll MOD - [2012/05/11 12:11:07 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll MOD - [2012/05/11 12:11:05 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\7fceb73cf92eaf827dda4a45c7dbab18\IAStorDataMgr.ni.dll MOD - [2012/05/11 12:11:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012/05/11 12:10:58 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\93271673d4ac2b490bb2f78234aab670\IAStorDataMgrSvc.ni.exe MOD - [2012/05/10 03:12:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012/05/10 03:10:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012/05/10 03:10:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012/05/10 03:10:29 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012/02/01 16:25:38 | 000,059,904 | ---- | M] () -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2011/08/02 18:29:10 | 000,277,896 | ---- | M] () -- C:\Program Files\Smart PDF Converter\ExplorerExt.dll MOD - [2011/08/02 10:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/02/28 23:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll MOD - [2011/02/24 02:57:18 | 000,555,112 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll MOD - [2011/01/13 02:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll MOD - [2011/01/13 02:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll MOD - [2008/04/14 00:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/14 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2005/03/01 19:49:22 | 000,073,808 | ---- | M] () -- C:\Program Files\CheckPoint\SecuRemote\bin\Bind82.dll ========== Win32 Services (SafeList) ========== SRV - [2012/06/21 10:48:15 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/03/05 15:04:14 | 000,745,472 | ---- | M] (Visonic Technologies / ELPAS) [On_Demand | Stopped] -- C:\Eiris\e41srv\EirisServer.exe -- (EirisServer) SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2011/12/23 12:33:40 | 000,370,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel® SRV - [2011/12/23 12:33:36 | 000,882,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2011/12/23 11:16:20 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2011/12/23 10:58:28 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011/11/09 17:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel® SRV - [2011/08/02 10:47:34 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service) SRV - [2011/07/19 22:00:34 | 001,034,152 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe -- (RadeSvc) SRV - [2011/07/19 22:00:00 | 000,210,864 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe -- (RadeHlprSvc) SRV - [2011/06/22 16:44:36 | 002,146,304 | ---- | M] (Visonic Technologies) [On_Demand | Stopped] -- C:\Eiris\Utilities\EirisRedundancyWatchdog\EirisRedundancyWatchdog.exe -- (EirisWatchdogLite) SRV - [2011/06/16 18:15:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011/05/03 07:47:58 | 000,321,448 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc) SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService) SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService) SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/03/04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/09/21 04:40:00 | 000,066,872 | ---- | M] (Echelon Corporation) [On_Demand | Stopped] -- C:\LonWorks\bin\LdvxBroker.exe -- (LdvxBroker) SRV - [2007/09/21 04:40:00 | 000,062,776 | ---- | M] (Echelon Corporation) [Auto | Running] -- C:\LonWorks\bin\LnsMtsSvc.exe -- (LnsMtsSvc) Echelon Support Service for Microsoft Terminal Services (MTS) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2005/03/01 19:49:18 | 000,036,962 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_WatchDog) SRV - [2005/03/01 19:49:14 | 000,110,689 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service) SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/03/07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/03/07 00:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/03/06 23:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/12/12 08:05:02 | 007,477,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel® DRV - [2011/10/20 19:19:43 | 000,250,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel® DRV - [2011/08/10 23:20:24 | 000,066,776 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2011/07/18 05:24:08 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/07/18 05:24:08 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/07/18 05:24:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2011/06/30 07:49:02 | 000,205,144 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\CtxSbx.sys -- (CtxSbx) DRV - [2011/06/30 07:49:02 | 000,060,248 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxpidmn.sys -- (ctxpidmn) DRV - [2011/06/16 18:15:34 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2011/06/16 18:15:33 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) DRV - [2011/06/16 18:15:32 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2011/06/16 18:15:14 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2011/06/16 16:28:23 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX) DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2011/05/05 09:10:20 | 000,063,360 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvhdbus2kxp.sys -- (cvhdbus) DRV - [2011/03/04 02:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2011/03/04 02:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2011/03/01 15:24:36 | 000,031,280 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdfdrv.sys -- (cdfdrv) DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2010/03/09 23:56:02 | 001,656,499 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2009/09/15 11:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel® DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk) DRV - [2008/04/18 22:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/09/21 04:40:00 | 000,029,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX) DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID) DRV - [2005/03/01 19:49:36 | 002,041,904 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1) DRV - [2005/03/01 19:49:30 | 000,017,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\scap.sys -- (Scap) DRV - [2005/03/01 19:49:28 | 000,014,924 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OMVA.sys -- (OMVA) DRV - [2005/03/01 19:49:24 | 000,670,128 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vpn.sys -- (VPN-1) DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@citrix.com/Citrix Offline Plug-in: C:\Program Files\Citrix\Streaming Client\nprade.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Simon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Simple Pool Game = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo\0.0.3_0\ CHR - Extension: Simple Pool Game = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo\0.0.3_0\~ CHR - Extension: 8 Ball Pool = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof\2.0_0\ CHR - Extension: Old West = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhngnpkhondjmhflomdlhfdoilcjljod\1.0_0\ CHR - Extension: YouTube = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Shogun's Fate = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdliblldgjdficcbflpdknckckdfdkbo\1.0.9_0\ CHR - Extension: Striker Manager = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chmachfiimeggafocgeldapnchdnoiib\5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: WGT Golf Challenge = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\ CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\ CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~ CHR - Extension: VshareComplete plugin for chrome = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: Multiplayer Pool = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fppbghobbfgnifknfaakaemepjaogldf\1.0.3_0\ CHR - Extension: 3D Bowling = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\1.9_0\ CHR - Extension: AirMech = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\10176_0\ CHR - Extension: Bubble Shooter = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.0_0\ CHR - Extension: Isoball 3 = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: Lord of Ultima = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\ CHR - Extension: Galaxy Bowl = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbcnfnbjmfinbadnegmjkhpomcfpoeff\3_0\ CHR - Extension: Cargo Bridge = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\ CHR - Extension: SparkChess = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\5.2.0.1_0\ CHR - Extension: vshare plugin = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: WarTime = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\ CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\ CHR - Extension: Shooting Games = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpnflgjnaodohepcidmeajmnognomdac\1.5_0\ CHR - Extension: Zombie Pandemic = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\ CHR - Extension: Plants vs Zombies = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Yontoo = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: Gmail = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/21 10:43:51 | 000,001,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Documents and Settings\Simon\Application Data\VshareComplete\VshareComplete.dll (SimplyGen) O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media) O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation) O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media) O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group) O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [bitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [F44BE43CC11D91D3DC25D5C54CC07C7B74D7AEB3._service_run] C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe (YouSendIt) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\Simon\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..Trusted Domains: visonic.com ([citrix] https in Trusted sites) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF04655-AE85-46CE-AD14-5C25A7CFF0D9}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ckpNotify: DllName - (ckpNotify.dll) - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/06/16 11:57:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/09/24 15:53:20 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{34762c18-d7ea-11e0-a2ef-b22b5a169f65}\Shell - "" = AutoRun O33 - MountPoints2\{34762c18-d7ea-11e0-a2ef-b22b5a169f65}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{34762c18-d7ea-11e0-a2ef-b22b5a169f65}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/25 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Hub Security Steve Turton Elpas pricing and information [2012/06/25 10:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012/06/21 10:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Start Menu\Programs\Google Chrome [2012/06/13 13:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Local Settings\Application Data\Logitech® Webcam Software [2012/06/13 10:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/06/13 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/06/01 13:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\All right now [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/27 13:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/27 13:33:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003UA.job [2012/06/27 10:33:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003Core.job [2012/06/27 09:41:01 | 000,289,341 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012/06/25 10:07:46 | 000,289,341 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2012/06/21 10:52:03 | 000,497,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/21 10:52:03 | 000,085,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/21 10:49:26 | 000,002,296 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Google Chrome.lnk [2012/06/21 10:45:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012/06/21 10:44:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/21 10:43:51 | 000,001,794 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/06/14 10:04:30 | 003,567,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/14 09:55:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/13 14:10:13 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/06/13 13:39:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/13 13:09:53 | 000,053,936 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\bookmarks_6_13_12.html [2012/06/13 10:59:25 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/06/12 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-VTUK-Simon.job [2012/06/07 11:53:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/06/06 11:13:06 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk [2012/06/06 11:06:04 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2012/06/06 11:06:04 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 10:49:26 | 000,002,296 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Google Chrome.lnk [2012/06/21 10:48:19 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/21 10:28:45 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003UA.job [2012/06/21 10:28:45 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003Core.job [2012/06/13 13:39:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/13 13:09:53 | 000,053,936 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\bookmarks_6_13_12.html [2012/06/13 10:59:25 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/06/06 11:06:04 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk [2012/05/23 15:01:04 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012/05/10 21:08:17 | 000,515,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/03/29 15:23:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/03/29 15:23:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/03/29 15:23:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/03/15 15:56:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Crypkey.ini [2012/03/15 15:56:20 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe [2012/03/15 15:56:20 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys [2012/03/15 15:56:20 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll [2012/03/15 15:56:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe [2012/02/16 02:59:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/17 18:15:14 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll [2012/01/17 18:15:10 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe [2012/01/17 18:15:09 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe [2012/01/17 18:15:06 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe [2011/12/15 23:43:50 | 000,001,424 | ---- | C] () -- C:\WINDOWS\Spiderl.ini [2011/10/06 10:35:31 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin [2011/10/06 10:35:31 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin [2011/10/06 10:34:26 | 000,106,591 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll [2011/10/06 10:33:57 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini [2011/09/15 17:23:39 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Simon\g2mdlhlpx.exe [2011/09/11 01:20:16 | 000,501,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1957994488-651377827-1801674531-1003-0.dat [2011/09/11 01:20:16 | 000,358,622 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011/09/10 11:30:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2011/08/09 15:23:47 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2011/08/09 15:23:47 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CA6262783B.sys [2011/08/05 14:35:30 | 000,001,056 | ---- | C] () -- C:\WINDOWS\System32\EKaio2WiaCoInst.ini [2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011/07/14 20:24:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2011/07/08 13:57:13 | 000,006,650 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2011/07/05 18:55:57 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/23 13:41:45 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2011/06/23 13:09:35 | 000,115,320 | ---- | C] () -- C:\WINDOWS\hpgins21.dat [2011/06/23 13:09:35 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat [2011/06/16 12:54:40 | 000,289,341 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011/06/16 12:49:44 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2011/06/16 12:49:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/06/16 12:48:27 | 003,567,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/06/16 12:00:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/06/16 11:55:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/03/04 02:26:22 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2011/03/04 02:26:22 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2011/03/04 02:26:16 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2011/03/04 02:14:50 | 000,027,362 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011/02/10 05:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini ========== LOP Check ========== [2011/06/16 18:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2012/01/23 15:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY [2011/06/17 11:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/10/06 10:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/03/29 15:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius [2011/06/16 16:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET [2011/11/22 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak [2011/07/08 14:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2012/06/06 10:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint [2011/07/15 16:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2011/09/09 11:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2012/04/30 12:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2011/06/17 13:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/07/08 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB [2011/06/17 11:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media [2011/12/21 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp [2011/10/27 15:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Temp [2011/06/16 18:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Acronis [2012/06/27 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\BitTorrent [2011/06/25 13:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\ezNZB [2011/06/22 14:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\ICAClient [2011/10/20 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Image Zone Express [2012/05/13 20:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Leadertech [2011/11/07 14:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\PriceGong [2012/06/18 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\PrimoPDF [2011/06/23 13:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Printer Info Cache [2011/06/17 11:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Radialpoint [2011/09/09 11:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Samsung [2011/11/06 14:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\searchquband [2011/11/06 14:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\searchqutoolbar [2011/09/12 19:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Smart PDF Converter [2011/10/23 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Sports Interactive [2012/04/17 12:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab [2012/02/01 17:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TeamViewer [2011/10/26 15:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Temp [2012/01/17 18:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\UDC Profiles [2012/03/01 00:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Unity [2011/06/17 11:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Virgin Media [2012/01/31 21:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\VshareComplete [2012/05/25 08:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\YouSendIt [2011/12/21 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Temp [2012/06/21 10:45:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AAB2E68 < End of report > -
Hello all (I did have this post on another section of the forum but Ive been advised to move it here in order to get some advice on how to kill, cure or overcome this)...... Currently my avast is popping up regularly on random but not every site (most common is the bbc news site amongst random others) stating "malicious url blocked. OBJECT: INFECTION URL:MAL" After trawling through malware and antivirus forums of many kinds, there is very little info on the infection, but what info I have seen generally advises to download malwarebytes run a scan and send a log. Well, not only have I downloaded Malwarebytes as suggested, I also have purchased the full version. I have run quick scan, the first detected several items (probably not related) and was quarantined and afterwards I have ran full scan nothing showed up as infected?! Yet I have not eradicated the problem. So Im here now, hoping that a guru out there knows of this infection and can suggest steps for removal. Im running google chrome, windows XP service pack 3. I have attached the log of my latest scan. Thanks in advance for any help. mbam-log-2012-04-04 (12-21-52).txt mbam-log-2012-06-13 (13-39-48).txt mbam-log-2012-06-13 (13-54-11).txt mbam-log-2012-06-25 (15-22-30).txt