Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police Ransom Virus
Message
<blockquote data-quote="edward1" data-source="post: 93551" data-attributes="member: 4314"><p>Hi. Hope this is ok.</p><p>OTL logfile created on: 02/01/2013 14:39:02 - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = D:\</p><p>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</p><p>Internet Explorer (Version = 8.0.6001.18702)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>1023.29 Mb Total Physical Memory | 673.79 Mb Available Physical Memory | 65.85% Memory free</p><p>2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.72% Paging File free</p><p>Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 232.88 Gb Total Space | 158.20 Gb Free Space | 67.93% Space Free | Partition Type: NTFS</p><p>Drive D: | 7.20 Gb Total Space | 7.11 Gb Free Space | 98.78% Space Free | Partition Type: FAT32</p><p> </p><p>Computer Name: PETERCOMPUTERNO | User Name: Jane | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - [2013/01/02 14:26:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe</p><p>PRC - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe</p><p>PRC - [2012/12/28 20:12:06 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\HitmanPro.exe</p><p>PRC - [2012/12/18 11:43:47 | 000,500,888 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe</p><p>PRC - [2012/12/18 11:43:43 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe</p><p>PRC - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</p><p>PRC - [2012/12/03 15:40:50 | 001,031,528 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe</p><p>PRC - [2012/11/22 13:53:01 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe</p><p>PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe</p><p>PRC - [2012/10/30 22:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe</p><p>PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe</p><p>PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe</p><p>PRC - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe</p><p>PRC - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe</p><p>PRC - [2012/01/23 04:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe</p><p>PRC - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe</p><p>PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe</p><p>PRC - [2010/07/26 01:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE</p><p>PRC - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe</p><p>PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe</p><p>PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe</p><p>PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe</p><p>PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe</p><p>PRC - [2004/01/26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - [2012/12/29 08:34:23 | 002,041,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12122900\algo.dll</p><p>MOD - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe</p><p>MOD - [2010/07/04 21:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll</p><p>MOD - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Jane\wgsdgsdgdsgsd.dll -- (winmgmt)</p><p>SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)</p><p>SRV - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)</p><p>SRV - [2012/12/14 10:09:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)</p><p>SRV - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)</p><p>SRV - [2012/12/01 19:56:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)</p><p>SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)</p><p>SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)</p><p>SRV - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)</p><p>SRV - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)</p><p>SRV - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)</p><p>SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)</p><p>SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk)</p><p>SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)</p><p>SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)</p><p>DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)</p><p>DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)</p><p>DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)</p><p>DRV - File not found [Kernel | System | Stopped] -- -- (Changer)</p><p>DRV - [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)</p><p>DRV - [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)</p><p>DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)</p><p>DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)</p><p>DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)</p><p>DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)</p><p>DRV - [2012/10/30 22:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)</p><p>DRV - [2012/10/30 22:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)</p><p>DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)</p><p>DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)</p><p>DRV - [2012/01/04 14:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)</p><p>DRV - [2011/11/01 09:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)</p><p>DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)</p><p>DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)</p><p>DRV - [2011/11/01 09:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)</p><p>DRV - [2011/11/01 09:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)</p><p>DRV - [2011/11/01 09:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)</p><p>DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)</p><p>DRV - [2010/07/04 19:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)</p><p>DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)</p><p>DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)</p><p>DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)</p><p>DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)</p><p>DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (All) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</p><p>IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}</p><p>IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p> </p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}</p><p>IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultengine: "Ask.com"</p><p>FF - prefs.js..browser.search.defaultenginename: "Search Results"</p><p>FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"</p><p>FF - prefs.js..browser.search.defaultthis.engineName: ""</p><p>FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q="</p><p>FF - prefs.js..browser.search.order.1: "Search Results"</p><p>FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"</p><p>FF - prefs.js..browser.search.selectedEngine: "Search Results"</p><p>FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"</p><p>FF - prefs.js..browser.search.useDBForOrder: true</p><p>FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"</p><p>FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1</p><p>FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0</p><p>FF - prefs.js..extensions.enabledAddons: %7B33e0daa6-3af3-d8b5-6752-10e949c61516%7D:1.1</p><p>FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474</p><p>FF - prefs.js..extensions.enabledAddons: %7BB1FC07E1-E05B-4567-8891-E63FBE545BA8%7D:1.2.0</p><p>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1</p><p>FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0754154125834112&o=APN10645&q="</p><p>FF - prefs.js..network.proxy.type: 0</p><p>FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""</p><p>FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""</p><p>FF - prefs.js..browser.startup.homepage: ""</p><p>FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""</p><p> </p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)</p><p>FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/11 08:38:41 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/09 05:43:30 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/10/15 11:34:40 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 19:57:03 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 11:44:11 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/17 18:52:51 | 000,000,000 | ---D | M]</p><p> </p><p>[2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions</p><p>[2012/04/22 17:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions\home2@tomtom.com</p><p>[2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions</p><p>[2012/09/03 14:30:16 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}</p><p>[2012/10/28 19:54:47 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}</p><p>[2012/09/02 12:50:42 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}</p><p>[2012/11/27 14:22:19 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}</p><p>[2012/04/20 20:06:00 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\appbar@alot.com</p><p>[2011/10/01 09:05:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@babylon.com</p><p>[2012/09/03 14:30:46 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@funmoods.com</p><p>[2011/10/01 09:06:03 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\plugin@yontoo.com</p><p>[2011/11/08 15:29:04 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\toolbar@ask.com</p><p>[2011/11/09 17:30:30 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\askcom.xml</p><p>[2012/08/08 09:16:43 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\GadgetBox.xml</p><p>[2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\SearchResults.xml</p><p>[2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\Search_Results.xml</p><p>[2011/12/01 20:23:35 | 000,003,488 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\talktalk-search.xml</p><p>[2012/12/01 19:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2012/12/01 19:57:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p>[2012/10/15 11:34:40 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT</p><p>[2012/11/09 05:43:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF</p><p>[2012/11/27 14:22:28 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION</p><p>[2012/12/01 19:57:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</p><p>[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL</p><p>[2012/07/27 20:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll</p><p>[2012/12/18 11:44:10 | 000,153,296 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll</p><p>[2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll</p><p>[2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll</p><p>[2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll</p><p>[2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll</p><p>[2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll</p><p>[2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll</p><p>[2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll</p><p>[2012/12/18 11:43:51 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll</p><p>[2012/09/06 01:26:22 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml</p><p>[2012/09/06 01:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</p><p>[2012/09/06 01:26:22 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml</p><p>[2012/09/06 01:26:22 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml</p><p>[2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml</p><p>[2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml</p><p>[2012/10/13 12:20:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</p><p>[2012/09/06 01:26:22 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml</p><p>[2012/09/06 01:26:22 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - homepage: http://www.searchnu.com/406</p><p>CHR - homepage: http://www.searchnu.com/406</p><p>CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\</p><p>CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</p><p>CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</p><p>CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\</p><p>CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\</p><p>CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\</p><p>CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</p><p> </p><p>O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Jane\Application Data\Complitly\Complitly.dll (SimplyGen)</p><p>O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)</p><p>O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)</p><p>O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)</p><p>O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)</p><p>O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</p><p>O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.</p><p>O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)</p><p>O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)</p><p>O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)</p><p>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)</p><p>O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (no name) - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</p><p>O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)</p><p>O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)</p><p>O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O4 - HKLM..\Run: [] File not found</p><p>O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)</p><p>O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)</p><p>O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)</p><p>O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)</p><p>O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)</p><p>O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)</p><p>O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)</p><p>O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)</p><p>O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)</p><p>O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()</p><p>O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)</p><p>O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)</p><p>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</p><p>O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()</p><p>O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [] File not found</p><p>O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ISUSPM] C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)</p><p>O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)</p><p>O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)</p><p>O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)</p><p>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</p><p>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = </p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = </p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1</p><p>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)</p><p>O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)</p><p>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{903A9E6F-11D4-4546-8CD6-7BEDCE2C8D48}: DhcpNameServer = 192.168.1.1</p><p>O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ipp - No CLSID value found</p><p>O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msdaipp - No CLSID value found</p><p>O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)</p><p>O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)</p><p>O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)</p><p>O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)</p><p>O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)</p><p>O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)</p><p>O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)</p><p>O24 - Desktop Components:0 (My Current Home Page) - About:Home</p><p>O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)</p><p>O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)</p><p>O31 - SafeBoot: AlternateShell - cmd.exe</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2010/01/14 17:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2012/12/31 10:14:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys</p><p>[2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\little common</p><p>[2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2012/12/31 08:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro</p><p>[2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\Malwarebytes</p><p>[2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes</p><p>[2012/12/30 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer</p><p>[2012/12/29 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer</p><p>[2012/12/18 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</p><p>[2012/12/18 11:44:10 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</p><p>[2012/12/18 11:43:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</p><p>[2012/12/18 11:43:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</p><p>[2012/12/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\searchresultstb</p><p>[2012/12/14 10:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Mouse</p><p>[2012/12/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint</p><p>[2012/12/05 08:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero</p><p>[2012/12/04 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies</p><p>[2012/12/04 16:52:23 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll</p><p>[2012/12/04 16:52:23 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll</p><p>[2012/12/04 16:52:23 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll</p><p>[2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll</p><p>[2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll</p><p>[2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll</p><p>[2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll</p><p>[2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll</p><p>[2012/12/04 16:52:23 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll</p><p>[2012/12/04 16:52:23 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll</p><p>[2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll</p><p>[2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll</p><p>[2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll</p><p>[2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll</p><p>[2012/12/04 16:52:23 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll</p><p>[2012/12/04 16:52:23 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll</p><p>[2012/12/04 16:52:23 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll</p><p>[2012/12/04 16:52:22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll</p><p>[2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll</p><p>[2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll</p><p>[2012/12/04 16:52:22 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll</p><p>[2012/12/04 16:52:22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll</p><p>[2012/12/04 16:52:22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll</p><p>[2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll</p><p>[2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll</p><p>[2012/12/04 16:46:50 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll</p><p>[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/01/02 14:35:09 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys</p><p>[2013/01/02 14:32:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2013/01/02 14:30:35 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/01/02 14:30:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job</p><p>[2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2013/01/02 14:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</p><p>[2013/01/01 21:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/01/01 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job</p><p>[2013/01/01 21:01:30 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job</p><p>[2013/01/01 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</p><p>[2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys</p><p>[2012/12/31 09:23:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk</p><p>[2012/12/31 09:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk</p><p>[2012/12/29 14:36:46 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/29 12:10:27 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad</p><p>[2012/12/28 19:57:38 | 000,002,933 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js</p><p>[2012/12/28 16:21:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/28 10:56:06 | 000,614,271 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg</p><p>[2012/12/28 10:53:31 | 000,533,625 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg</p><p>[2012/12/23 19:57:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\MOT Expiries.wps</p><p>[2012/12/22 12:05:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini</p><p>[2012/12/22 11:56:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/21 19:07:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT</p><p>[2012/12/18 17:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job</p><p>[2012/12/18 11:44:10 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</p><p>[2012/12/18 11:43:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</p><p>[2012/12/18 11:43:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</p><p>[2012/12/18 11:43:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</p><p>[2012/12/17 13:38:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll</p><p>[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll</p><p>[2012/12/14 21:01:08 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job</p><p>[2012/12/14 10:09:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe</p><p>[2012/12/14 10:09:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl</p><p>[2012/12/14 10:03:24 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk</p><p>[2012/12/12 21:48:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK</p><p>[2012/12/04 16:50:02 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin</p><p>[2012/12/04 16:50:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin</p><p>[2012/12/04 16:49:52 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin</p><p>[2012/12/03 15:40:50 | 019,460,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll</p><p>[2012/12/03 15:40:50 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll</p><p>[2012/12/03 15:40:50 | 007,606,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll</p><p>[2012/12/03 15:40:50 | 005,955,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll</p><p>[2012/12/03 15:40:50 | 004,153,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll</p><p>[2012/12/03 15:40:50 | 002,611,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll</p><p>[2012/12/03 15:40:50 | 002,441,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll</p><p>[2012/12/03 15:40:50 | 002,283,884 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data</p><p>[2012/12/03 15:40:50 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll</p><p>[2012/12/03 15:40:50 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll</p><p>[2012/12/03 15:40:50 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll</p><p>[2012/12/03 15:40:50 | 000,012,951 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb</p><p>[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/01/02 14:35:09 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys</p><p>[2013/01/01 21:10:27 | 000,027,902 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\$(KGrHqRHJEkFC(6JS39GBQp6jqdinQ~~60_12.JPG</p><p>[2013/01/01 21:09:59 | 002,179,146 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 7.JPG</p><p>[2013/01/01 21:09:49 | 001,783,120 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 6.JPG</p><p>[2013/01/01 21:09:41 | 002,357,446 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 5.JPG</p><p>[2013/01/01 21:09:31 | 002,769,188 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 4.JPG</p><p>[2013/01/01 21:09:20 | 003,121,303 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 3.JPG</p><p>[2013/01/01 21:08:52 | 001,421,478 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Sale of land to builder of Arthur Rd. houses dated 1914.jpg</p><p>[2013/01/01 20:53:21 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Railton.JPG</p><p>[2013/01/01 20:52:32 | 001,991,604 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 2.JPG</p><p>[2013/01/01 20:51:54 | 001,965,226 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo.JPG</p><p>[2012/12/31 08:52:51 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk</p><p>[2012/12/29 12:14:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk</p><p>[2012/12/28 18:15:45 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js</p><p>[2012/12/28 18:15:12 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad</p><p>[2012/12/28 10:55:27 | 000,614,271 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg</p><p>[2012/12/28 10:52:55 | 000,533,625 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg</p><p>[2012/12/22 11:56:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/22 11:56:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>[2012/12/14 10:03:57 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job</p><p>[2012/12/14 10:03:24 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk</p><p>[2012/12/04 16:46:54 | 000,012,951 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb</p><p>[2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin</p><p>[2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin</p><p>[2012/09/27 10:02:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin</p><p>[2012/09/03 14:30:00 | 000,031,465 | -</p></blockquote><p></p>
[QUOTE="edward1, post: 93551, member: 4314"] Hi. Hope this is ok. OTL logfile created on: 02/01/2013 14:39:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1023.29 Mb Total Physical Memory | 673.79 Mb Available Physical Memory | 65.85% Memory free 2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.72% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 158.20 Gb Free Space | 67.93% Space Free | Partition Type: NTFS Drive D: | 7.20 Gb Total Space | 7.11 Gb Free Space | 98.78% Space Free | Partition Type: FAT32 Computer Name: PETERCOMPUTERNO | User Name: Jane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/01/02 14:26:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe PRC - [2012/12/28 20:12:06 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\HitmanPro.exe PRC - [2012/12/18 11:43:47 | 000,500,888 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe PRC - [2012/12/18 11:43:43 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/12/03 15:40:50 | 001,031,528 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe PRC - [2012/11/22 13:53:01 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/10/30 22:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2012/01/23 04:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2010/07/26 01:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe PRC - [2004/01/26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/12/29 08:34:23 | 002,041,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12122900\algo.dll MOD - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe MOD - [2010/07/04 21:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Jane\wgsdgsdgdsgsd.dll -- (winmgmt) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2012/12/14 10:09:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/12/01 19:56:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist) SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37) DRV - [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012/10/30 22:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012/10/30 22:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2012/01/04 14:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver) DRV - [2011/11/01 09:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/11/01 09:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011/11/01 09:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/11/01 09:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2010/07/04 19:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms} IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms} IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms} IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q=" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.order.1,S: S", "GadgetBox" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1 FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B33e0daa6-3af3-d8b5-6752-10e949c61516%7D:1.1 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7BB1FC07E1-E05B-4567-8891-E63FBE545BA8%7D:1.2.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0754154125834112&o=APN10645&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/11 08:38:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/09 05:43:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/10/15 11:34:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 19:57:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 11:44:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/17 18:52:51 | 000,000,000 | ---D | M] [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions [2012/04/22 17:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions [2012/09/03 14:30:16 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2012/10/28 19:54:47 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2012/09/02 12:50:42 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012/11/27 14:22:19 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2012/04/20 20:06:00 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\appbar@alot.com [2011/10/01 09:05:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@babylon.com [2012/09/03 14:30:46 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@funmoods.com [2011/10/01 09:06:03 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\plugin@yontoo.com [2011/11/08 15:29:04 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\toolbar@ask.com [2011/11/09 17:30:30 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\askcom.xml [2012/08/08 09:16:43 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\GadgetBox.xml [2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\SearchResults.xml [2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\Search_Results.xml [2011/12/01 20:23:35 | 000,003,488 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\talktalk-search.xml [2012/12/01 19:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/01 19:57:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/10/15 11:34:40 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2012/11/09 05:43:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012/12/01 19:57:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2012/07/27 20:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012/12/18 11:44:10 | 000,153,296 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012/12/18 11:43:51 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/09/06 01:26:22 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2012/09/06 01:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/09/06 01:26:22 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2012/09/06 01:26:22 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012/10/13 12:20:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012/09/06 01:26:22 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2012/09/06 01:26:22 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.searchnu.com/406 CHR - homepage: http://www.searchnu.com/406 CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\ CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Jane\Application Data\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [] File not found O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ISUSPM] C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{903A9E6F-11D4-4546-8CD6-7BEDCE2C8D48}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/14 17:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/12/31 10:14:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\little common [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012/12/31 08:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\Malwarebytes [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes [2012/12/30 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer [2012/12/29 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2012/12/18 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012/12/18 11:44:10 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2012/12/18 11:43:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2012/12/18 11:43:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2012/12/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\searchresultstb [2012/12/14 10:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Mouse [2012/12/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint [2012/12/05 08:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero [2012/12/04 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2012/12/04 16:52:23 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll [2012/12/04 16:52:23 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll [2012/12/04 16:52:23 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll [2012/12/04 16:52:23 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll [2012/12/04 16:52:23 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll [2012/12/04 16:52:23 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll [2012/12/04 16:52:23 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll [2012/12/04 16:52:23 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll [2012/12/04 16:52:22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll [2012/12/04 16:52:22 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll [2012/12/04 16:52:22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll [2012/12/04 16:52:22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll [2012/12/04 16:46:50 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [2013/01/02 14:32:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2013/01/02 14:30:35 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/01/02 14:30:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2013/01/02 14:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/01 21:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/01/01 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/01 21:01:30 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013/01/01 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/12/31 09:23:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk [2012/12/31 09:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk [2012/12/29 14:36:46 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/29 12:10:27 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad [2012/12/28 19:57:38 | 000,002,933 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js [2012/12/28 16:21:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/28 10:56:06 | 000,614,271 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg [2012/12/28 10:53:31 | 000,533,625 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg [2012/12/23 19:57:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\MOT Expiries.wps [2012/12/22 12:05:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/12/22 11:56:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/21 19:07:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/18 17:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/12/18 11:44:10 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2012/12/18 11:43:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2012/12/18 11:43:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2012/12/18 11:43:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/12/17 13:38:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012/12/14 21:01:08 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [2012/12/14 10:09:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/12/14 10:09:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/12/14 10:03:24 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk [2012/12/12 21:48:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/04 16:50:02 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/12/04 16:50:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/12/04 16:49:52 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/12/03 15:40:50 | 019,460,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll [2012/12/03 15:40:50 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2012/12/03 15:40:50 | 007,606,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2012/12/03 15:40:50 | 005,955,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll [2012/12/03 15:40:50 | 004,153,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2012/12/03 15:40:50 | 002,611,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2012/12/03 15:40:50 | 002,441,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll [2012/12/03 15:40:50 | 002,283,884 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data [2012/12/03 15:40:50 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2012/12/03 15:40:50 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll [2012/12/03 15:40:50 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll [2012/12/03 15:40:50 | 000,012,951 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/02 14:35:09 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [2013/01/01 21:10:27 | 000,027,902 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\$(KGrHqRHJEkFC(6JS39GBQp6jqdinQ~~60_12.JPG [2013/01/01 21:09:59 | 002,179,146 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 7.JPG [2013/01/01 21:09:49 | 001,783,120 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 6.JPG [2013/01/01 21:09:41 | 002,357,446 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 5.JPG [2013/01/01 21:09:31 | 002,769,188 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 4.JPG [2013/01/01 21:09:20 | 003,121,303 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 3.JPG [2013/01/01 21:08:52 | 001,421,478 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Sale of land to builder of Arthur Rd. houses dated 1914.jpg [2013/01/01 20:53:21 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Railton.JPG [2013/01/01 20:52:32 | 001,991,604 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 2.JPG [2013/01/01 20:51:54 | 001,965,226 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo.JPG [2012/12/31 08:52:51 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk [2012/12/29 12:14:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk [2012/12/28 18:15:45 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js [2012/12/28 18:15:12 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad [2012/12/28 10:55:27 | 000,614,271 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg [2012/12/28 10:52:55 | 000,533,625 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg [2012/12/22 11:56:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/22 11:56:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job [2012/12/14 10:03:57 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [2012/12/14 10:03:24 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk [2012/12/04 16:46:54 | 000,012,951 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/09/27 10:02:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/09/03 14:30:00 | 000,031,465 | - [/QUOTE]
Insert quotes…
Verification
Post reply
Top