First I got the Live Security Platinum malware...

[Timmytour]

...and through it I found this forum. I followed some instructions that I didn't realise at the time were specific for a user! So mt pc is now useable again, but I still can't switch on my security (Microsoft essentials) so I will need further help!

Anyway...glad to be here and already appreciative of the work you guys do.

 

[Plexx]

Hi there and welcome to the forums.

In regards to your issue, the best place to get some assistance is here.

In any case, have you followed all the steps here? When I give that site, I am referring to the registry fix.

Could a mod split OP post and move it to Malware Removal Guides?

One more suggestion that could possibly help is Windows Repair by Tweaking.com although I am not sure from the top of my head if it has limitations.

 

[Malware Maniac]

Hello welcome to the forums.
First place I recommend you go is Troubleshooting Software and Hardware Issues Forum and state your problems there.
If you still have malware on your system goto Malware Removal Assistance Forum and get some help there.
After that is handled I recommend you go is the Security Configuration Wizard so we can give you suggestions of how to better protect yourself.
How did you find out about MT?

 

[McLovin]

Hello and welcome to MalwareTips.

Hope that you enjoy your stay.

The first stop that we recommend is the PC Security Configuration Wizard so that we can give you feedback on your configuration.

Have a look around the forum. You will learn quite a few new things here

Once again welcome

 

[Timmytour]

Hello welcome to the forums.
First place I recommend you go is Troubleshooting Software and Hardware Issues Forum and state your problems there.
If you still have malware on your system goto Malware Removal Assistance Forum and get some help there.
After that is handled I recommend you go is the Security Configuration Wizard so we can give you suggestions of how to better protect yourself.
How did you find out about MT?

Hi MM and Biozfear....thanks for the welcomes.

MM....I found out about the forum on a Google search looking for help with the Live Security Platinum malware.

I'll go along to that Malware Removal assistance forum now -)

 

[Timmytour]

Sorry McLovin....our posts crossed! Thank you for your welcome. Just been there and I hope I've put down enough info.

 

[Jack]

Hello and welcome!
Can you please follow the instructions from this post: http://malwaretips.com/Announcement-Mandatory-scans-and-logs-before-we-start

 

[Timmytour]

Hi Jack...thanks for your welcome and thanks for the help that you have already given me, albeit unknowingly.

I saw another post of yours before I joined up and ran the Kapersky virus remover, Eset and OTI

As per the instructions in your link, here's the OTL scan

OTL logfile created on: 02/08/2012 19:59:35 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\User1\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 55.26% Memory free
4.80 Gb Paging File | 3.18 Gb Available in Paging File | 66.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 17.09 Gb Free Space | 11.46% Space Free | Partition Type: NTFS

Computer Name: xxx | User Name: User1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User1\My Documents\Downloads\Programs\OTL_2.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Documents and Settings\User1\My Documents\Downloads\Programs\BitTorrent-7.2.1.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
PRC - c:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
PRC - c:\Program Files\HPQ\HP Connection Manager 1.1\bin\gbx4log.exe (HP)
PRC - C:\Program Files\HPQ\HP Connection Manager 1.1\bin\gbxApp.exe (HP)
PRC - C:\Program Files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\QUALCOMM\QDLService\QDLService.exe (QUALCOMM, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PRIVACYICONCLIENT.EXE (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.EXE (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - c:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
MOD - C:\Program Files\NetWorx\sqlite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3075.40503__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3075.40459__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3075.40518__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3075.40719__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3075.40495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3075.40626__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3075.40480__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3075.40755__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3075.40679__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3075.40689__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3075.40770__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3075.40763__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3075.40511__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3075.40695__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3075.40474__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3075.40687__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3075.40769__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3075.40510__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3075.40636__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3075.40532__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3075.40482__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3075.40709__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3075.40525__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3075.40654__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3075.40635__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3075.40538__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3075.40653__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3075.40629__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3075.40619__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3075.40671__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3075.40539__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3075.40627__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3075.40635__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3075.40669__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2939.23766__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3075.40468__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3075.40489__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3075.40743__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3075.40451__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3075.40740__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3075.40778__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3075.40450__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3075.40452__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3075.40448__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3075.40450__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3075.40742__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
MOD - C:\Program Files\Flip Video\FlipShare\Core.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\qca2.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtGui4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtXml4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtSql4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtCore4.dll ()
MOD - C:\Program Files\Adobe\Adobe Bridge CS5\Symlib.dll ()
MOD - C:\Program Files\Adobe\Adobe Bridge CS5\libmysqld.dll ()
MOD - c:\Program Files\HPQ\HP Connection Manager 1.1\bin\connmgr.dll ()
MOD - c:\Program Files\HPQ\HP Connection Manager 1.1\bin\hpcmif.dll ()
MOD - C:\Program Files\HPQ\HP Connection Manager 1.1\bin\HPBIOS.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\WINDOWS\system32\flcdlmsg.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (crd) -- C:\DOCUME~1\ELLAAN~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (wlcrasvc) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
SRV - (ImapiService) -- C:\WINDOWS\system32\imapihp.exe (Microsoft Corporation)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
SRV - (mdvsrv) -- C:\Program Files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe (HP)
SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (QDLService) -- C:\QUALCOMM\QDLService\QDLService.exe (QUALCOMM, Inc.)
SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (UNS) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.EXE (Intel Corporation)
SRV - (ASBroker) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (FLCDLOCK) -- C:\WINDOWS\system32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (PersonalSecureDriveService) -- C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (IDMTDI) -- C:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)
DRV - (RDPVDD) -- C:\WINDOWS\system32\drivers\rdpvmp.sys (Microsoft Corporation)
DRV - (RDPDISPM) -- C:\WINDOWS\system32\drivers\rdpdispm.sys (Microsoft Corporation)
DRV - (networx) -- C:\WINDOWS\system32\drivers\networx.sys (NetFilterSDK.com)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (qcusbnethp) -- C:\WINDOWS\system32\drivers\qcusbnethp.sys (QUALCOMM Incorporated)
DRV - (qcusbserhp) -- C:\WINDOWS\system32\drivers\qcusbserhp.sys (QUALCOMM Incorporated)
DRV - (QCFilterhp) -- C:\WINDOWS\system32\drivers\qcfilterhp.sys (QUALCOMM Incorporated)
DRV - (SbAlg) -- C:\WINDOWS\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\WINDOWS\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\WINDOWS\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\WINDOWS\System32\drivers\SafeBoot.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\system32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (DAMDrv) -- C:\WINDOWS\system32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\system32\drivers\psd.sys (Infineon Technologies AG)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismc32) -- C:\WINDOWS\system32\drivers\rismc32.sys (RICOH Company, Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {67D61A57-BBB1-4E83-A420-0522F4070DF8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{4750B04E-93B2-403A-8DA3-4E302243EDEA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=TKR&o=15585&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=IX&apn_dtid=YYYYYYYYGB&apn_uid=3C39809F-F7A5-4529-A228-79991A54909D&apn_sauid=C708680A-044C-4058-BB36-FD6684D3BBA0
IE - HKCU\..\SearchScopes\{67D61A57-BBB1-4E83-A420-0522F4070DF8}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/04 15:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge [2012/08/01 11:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/04 15:23:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\User1\Application Data\IDM\idmmzcc5 [2012/06/14 20:07:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\User1\Application Data\IDM\idmmzcc5 [2012/06/14 20:07:44 | 000,000,000 | ---D | M]

[2012/05/18 07:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\extensions
[2012/05/18 07:29:11 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

O1 HOSTS File: ([2011/09/22 08:31:41 | 000,437,605 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15053 more lines...
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [coreworks] C:\Program Files\HPQ\HP Connection Manager 1.1\bin\gbxapp.exe (HP)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Documents and Settings\User1\My Documents\Downloads\Programs\BitTorrent-7.2.1.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all File not found
O4 - HKCU..\Run: [MoeMonitor.exe] C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} https://register.btinternet.com/templates/btmailcontrol013.cab (mailhelper Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.btinternet.com/templates/btwebcontrol028.cab (webhelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C58E21C7-B578-45FA-B9A7-5BD5BE79DF87}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLL) - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O20 - Winlogon\Notify\wlcrdplauncher: DllName - (C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll) - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/09 12:54:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ff0af363-661c-11de-a92d-00216a36b856}\Shell - "" = AutoRun
O33 - MountPoints2\{ff0af363-661c-11de-a92d-00216a36b856}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff0af363-661c-11de-a92d-00216a36b856}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 09:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/31 00:42:07 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\FixExec.exe
[2012/07/30 21:59:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/07/30 19:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\Live Security Platinum
[2012/07/30 07:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\036DFF6168D59C9E61EA5A017B07D287
[2012/07/23 20:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\Marriage
[2012/07/22 12:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2012/07/19 19:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\Help
[2001/11/21 09:10:06 | 018,330,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Oxpsp1.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 19:48:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/02 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/02 19:44:49 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-1965331169-725345543-1003.job
[2012/08/02 19:44:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/02 19:44:18 | 3183,751,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 19:11:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/01 11:09:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/01 06:29:09 | 000,465,442 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/01 06:29:09 | 000,079,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/01 02:00:03 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User1.job
[2012/08/01 02:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User2.job
[2012/08/01 01:18:36 | 142,012,320 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\setup_11.0.0.1245.x01_2012_08_01_03_06.exe
[2012/08/01 01:06:02 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Live Security Platinum Support Site.url
[2012/07/31 01:43:38 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Internet.lnk
[2012/07/31 00:42:17 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Shortcut (2) to FixExec.lnk
[2012/07/31 00:38:43 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Shortcut to FixExec.lnk
[2012/07/31 00:17:28 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\FixExec.exe
[2012/07/30 19:07:40 | 000,002,364 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Live Security Platinum.lnk
[2012/07/27 07:48:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/27 07:48:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/25 07:45:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/07/20 21:01:34 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 19:44:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-1965331169-725345543-1003.job
[2012/07/11 19:15:20 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/11 19:12:15 | 003,611,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 07:35:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/07 16:16:33 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 01:20:14 | 142,012,320 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\setup_11.0.0.1245.x01_2012_08_01_03_06.exe
[2012/08/01 01:06:02 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Live Security Platinum Support Site.url
[2012/08/01 00:59:33 | 3183,751,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/31 01:43:38 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Internet.lnk
[2012/07/31 00:42:17 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Shortcut (2) to FixExec.lnk
[2012/07/31 00:38:43 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Shortcut to FixExec.lnk
[2012/07/30 19:07:39 | 000,002,364 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Live Security Platinum.lnk
[2012/07/30 07:35:13 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\U\00000001.@
[2012/03/05 17:07:00 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2012/03/05 17:07:00 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2012/03/05 17:06:59 | 001,804,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2012/03/05 17:06:59 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2012/02/16 20:59:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 12:43:58 | 000,000,106 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/12/23 14:39:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/02 22:43:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2011/11/02 22:43:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\Organic
[2011/11/02 22:43:20 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2011/11/02 22:42:40 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PageLibraries
[2011/11/02 22:42:40 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2011/11/02 22:42:39 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PDEs
[2011/11/02 22:42:39 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pipe Organ
[2011/11/02 22:42:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Organic
[2011/11/02 22:42:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NetServices
[2011/10/19 17:15:38 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLcNL.DLL
[2011/10/19 17:08:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2011/10/19 17:06:26 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2011/09/22 11:50:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2011/09/17 22:44:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SupportPrinters
[2011/09/17 22:44:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\String Comparison
[2011/09/17 22:44:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2011/09/17 22:44:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Schema
[2011/09/17 22:44:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\String Ensemble
[2011/09/17 18:03:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Nature
[2011/09/17 18:03:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\Master
[2011/09/17 18:03:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/09/17 18:03:26 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Overdrive
[2011/09/17 17:56:07 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/09/17 17:55:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/09/17 16:51:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\Organs
[2011/09/17 16:51:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\Noise Gate
[2011/09/17 16:51:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/09/17 16:51:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/09/17 16:51:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/09/12 13:47:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\Percussion Kit
[2011/09/12 13:47:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\People
[2011/09/12 13:47:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User1\Application Data\Pedal Hard
[2011/09/12 13:44:03 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 13:44:03 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\d3d9caps.dat
[2011/09/09 19:18:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/09/09 17:58:01 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/09/09 17:54:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/09/09 17:54:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/09/09 17:54:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/09/09 17:54:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/09/09 17:54:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/09/09 17:54:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/09/09 17:40:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/09/09 17:27:37 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2011/09/09 17:21:21 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/09/09 17:21:21 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/09/09 17:21:20 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011/09/09 17:21:20 | 000,168,883 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/09/09 13:44:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/09 13:43:24 | 003,611,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/09 12:58:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/09 12:52:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 12:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\@
[2006/02/28 12:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\@

========== LOP Check ==========

[2012/08/01 06:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF6168D59C9E61EA5A017B07D287
[2011/10/19 17:16:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/09/17 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/12/28 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/09/09 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/09/17 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LaserPrinter
[2011/09/17 22:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/09/17 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/02/04 15:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/03/14 10:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/06/09 14:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/09/09 17:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2012/01/25 12:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/10/19 17:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/09/25 13:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2011/09/17 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/09/09 18:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/10/03 12:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/12 15:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/08/02 20:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\BitTorrent
[2012/07/07 08:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Canon
[2012/08/02 19:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\DMCache
[2012/02/13 19:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\FLAC to MP3 Converter
[2011/09/29 02:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\FLV.com FLV Converter
[2012/06/14 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\IDM
[2011/09/09 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Infineon
[2011/09/12 15:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Leadertech
[2011/11/20 20:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\NewSoft
[2011/11/12 12:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nikon
[2012/02/04 15:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia
[2011/10/13 15:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia Ovi Suite
[2012/02/04 15:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia Suite
[2011/10/11 18:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PC Suite
[2012/05/18 07:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PriceGong
[2011/09/12 13:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ScanSoft
[2011/09/10 15:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\searchquband
[2011/09/10 15:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\searchqutoolbar
[2011/09/12 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Smart FLV Converter Pro
[2012/03/31 00:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Smart FLV Converter Pro.INI
[2011/09/12 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/12 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\vShare
[2011/10/12 13:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Desktop Search
[2011/09/12 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Search
[2012/08/02 19:11:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\

 

[Timmytour]

OTL CONT

2012/08/02 19:11:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/07/31 00:17:28 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\FixExec.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/09/12 15:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Adobe
[2011/09/12 15:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Adobe Mini Bridge CS5
[2012/01/20 23:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Apple Computer
[2011/09/09 17:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ATI
[2011/09/12 15:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/08/02 20:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\BitTorrent
[2012/07/07 08:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Canon
[2012/08/02 19:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\DMCache
[2012/02/13 19:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\FLAC to MP3 Converter
[2011/09/29 02:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\FLV.com FLV Converter
[2011/09/12 15:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Google
[2012/05/08 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\hpqLog
[2012/07/07 21:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\HpUpdate
[2011/09/12 15:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Identities
[2012/06/14 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\IDM
[2011/09/09 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Infineon
[2011/09/09 17:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\InstallShield
[2011/09/09 19:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Intel
[2011/09/12 15:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Ipswitch
[2011/09/12 15:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Leadertech
[2011/09/10 00:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Macromedia
[2011/11/20 21:22:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User1\Application Data\Microsoft
[2011/09/12 13:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Motive
[2012/05/18 07:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla
[2011/11/20 20:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\NewSoft
[2011/11/12 12:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nikon
[2012/02/04 15:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia
[2011/10/13 15:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia Ovi Suite
[2012/02/04 15:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia Suite
[2011/10/11 18:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PC Suite
[2012/05/18 07:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PriceGong
[2012/02/07 12:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Real
[2012/07/22 12:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Roxio
[2011/09/12 13:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ScanSoft
[2011/09/10 15:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\searchquband
[2011/09/10 15:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\searchqutoolbar
[2011/09/12 13:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Sibelius Software
[2012/08/02 20:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Skype
[2011/09/12 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\skypePM
[2011/09/12 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Smart FLV Converter Pro
[2012/03/31 00:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Smart FLV Converter Pro.INI
[2011/09/12 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\SonicWALL
[2011/09/12 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/10 17:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Sun
[2011/09/12 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\U3
[2011/09/12 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\vlc
[2011/09/12 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\vShare
[2011/10/12 13:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Desktop Search
[2011/09/12 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Search
[2011/09/12 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\WinRAR

< MD5 for: ATAPI.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/09/12 08:40:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/09/12 08:40:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2006/02/28 12:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/06/05 17:08:38 | 000,109,184 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SafeBoot.sys

< End of report >

 

[Timmytour]

aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 07:37:47
-----------------------------
07:37:47.140 OS Version: Windows 5.1.2600 Service Pack 3
07:37:47.140 Number of processors: 2 586 0x1706
07:37:47.140 ComputerName: REINSURA-BD52A5 UserName: User1
07:37:48.375 Initialize success
07:39:25.109 AVAST engine defs: 12080201
07:41:03.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:41:03.562 Disk 0 Vendor: TOSHIBA_ LH01 Size: 152627MB BusType: 3
07:41:03.578 Disk 0 MBR read successfully
07:41:03.578 Disk 0 MBR scan
07:41:03.625 Disk 0 Windows XP default MBR code
07:41:03.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
07:41:03.625 Disk 0 scanning sectors +312560640
07:41:03.703 Disk 0 scanning C:\WINDOWS\system32\drivers
07:41:13.921 Service scanning
07:41:27.265 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32
07:41:32.078 Modules scanning
07:41:37.203 Disk 0 trace - called modules:
07:41:37.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
07:41:37.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afad030]
07:41:37.250 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> [0x8af10020]
07:41:37.265 5 hpdskflt.sys[f77184e5] -> nt!IofCallDriver -> \Device\0000008f[0x8afa9548]
07:41:37.281 7 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8afa5028]
07:41:38.000 AVAST engine scan C:\WINDOWS
07:41:49.515 AVAST engine scan C:\WINDOWS\system32
07:44:36.515 AVAST engine scan C:\WINDOWS\system32\drivers
07:44:54.343 AVAST engine scan C:\Documents and Settings\User1
08:12:49.515 AVAST engine scan C:\Documents and Settings\All Users
08:15:13.437 Scan finished successfully
19:05:14.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User1\Desktop\MBR.dat"
19:05:14.734 The log file has been saved successfully to "C:\Documents and Settings\User1\Desktop\aswMBR.txt"

 

[Jack]

Hi and welcome to the malwaretips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
You have some left over files from a ZeroAccess rootkit infection on your system and we need to remove them.Please follow the below steps.

STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

 
Download ComboFix from one of the following locations: 

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 
<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
<ul>
<li><>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em>performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><em>Click on <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="nofollow external"><>this link</></a> to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.</em>
-----------------------------------------------------------</li>
</ul>
<ul>
<li>Close any open browsers.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</></li>
<li>Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.</li>
<li>If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------</li></ul>
How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
   
3. When finished, it shall produce a log for you. 
   [*]Please include the C:\ComboFix.txt in your next reply.

Notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li>  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>



<hr />
What's next?

Please post in your next reply:
1.Combofix log
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[Timmytour]

Many thanks Jack.

Computer up and running. I uninstalled Microssoft Security Essentials before running Combofix (as was apparently still operating though I understood it wasn't) and am now re-installing. Computer seems fine.

Log as follows...

ComboFix 12-08-05.02 - User1 06/08/2012 0:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1800 [GMT 1:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc4.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc7.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\User1\Application Data\PriceGong
c:\documents and settings\User1\Application Data\PriceGong\Data\1.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\a.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\b.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\c.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\d.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\e.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\f.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\g.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\h.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\i.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\j.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\k.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\l.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\m.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\n.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\o.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\p.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\q.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\r.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\s.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\t.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\u.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\v.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\w.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\x.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\y.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\z.xml
c:\documents and settings\User1\Local Settings\Application Data\assembly\tmp
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Live Security Platinum Support Site.url
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Uninstall.lnk
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\asmcf.dat
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\components\rlxh.dll
c:\program files\RelevantKnowledge\components\rlxi.dll
c:\program files\RelevantKnowledge\components\rlxj.dll
c:\program files\RelevantKnowledge\components\rlxk.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\ncncf.dat
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlcm.crx
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlxf.dll
c:\windows\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\@
c:\windows\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\U\00000001.@
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-03 08:48 . 2012-08-03 08:48 9231560 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-01 08:32 . 2012-08-01 08:32 -------- d-----w- c:\program files\ESET
2012-07-30 23:42 . 2012-07-30 23:17 883616 ----a-w- C:\FixExec.exe
2012-07-30 22:42 . 2012-07-30 22:42 -------- d-----w- c:\documents and settings\A.N. Other\Local Settings\Application Data\PCHealth
2012-07-30 22:31 . 2012-07-30 22:31 -------- d-----w- c:\documents and settings\Administrator.REINSURA-BD52A5
2012-07-30 06:35 . 2012-08-01 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\036DFF6168D59C9E61EA5A017B07D287
2012-07-22 11:50 . 2012-07-22 11:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2012-07-19 18:33 . 2012-07-19 18:33 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 08:48 . 2012-03-29 05:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 08:48 . 2011-09-10 00:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2006-02-28 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 16:35 . 2011-09-09 11:53 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 16:35 . 2011-09-10 00:11 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-02-28 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2011-09-09 11:53 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2011-09-09 11:53 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2011-09-09 11:53 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2011-09-09 11:53 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2006-02-28 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2011-09-09 11:53 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2011-09-09 11:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2011-09-10 00:11 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2011-09-10 00:11 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-02-28 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-02-28 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 11:00 385024 ------w- c:\windows\system32\html.iec
2001-11-21 08:10 . 2001-11-21 08:10 18330960 ----a-w- c:\program files\Oxpsp1.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoeMonitor.exe"="c:\documents and settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2011-10-01 1315152]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BitTorrent"="c:\documents and settings\User1\My Documents\Downloads\Programs\BitTorrent-7.2.1.exe" [2012-05-18 6379888]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-02 367128]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"coreworks"="c:\program files\HPQ\HP Connection Manager 1.1\bin\gbxapp.exe" [2008-06-12 780776]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-04-21 1090840]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-02-27 3387904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\User2\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-24 142848]
.
c:\documents and settings\User1\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-24 142848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
SonicWALL Global VPN Client.lnk - c:\windows\Installer\{40624553-811E-400E-B69B-38D8926A66BD}\_A408D8C4509665C152B13E.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2011-9-9 197904]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 15:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 15:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-04-21 10:48 69632 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2011-10-01 18:17 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User1\\My Documents\\Downloads\\Programs\\BitTorrent-7.2.1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [05/06/2008 17:08 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [05/06/2008 17:08 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [05/06/2008 17:08 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [05/03/2012 16:45 24064]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [14/09/2011 11:20 108448]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [25/09/2011 13:52 51976]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [21/03/2008 22:54 39712]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [05/06/2008 17:08 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 12:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 12:00 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [15/05/2008 15:11 1176824]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [10/06/2008 11:13 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [05/06/2008 17:07 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [09/09/2011 18:01 77824]
R2 mdvsrv;HP Connection Manager Service;c:\program files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe [12/06/2008 13:19 575976]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [09/09/2011 17:58 576024]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [09/06/2008 09:06 345336]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE [09/09/2011 17:15 2058776]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [01/10/2011 19:17 44880]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [15/05/2008 13:29 475520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [09/09/2011 17:33 193840]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [09/09/2011 17:28 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [09/09/2011 18:00 44800]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [01/10/2011 19:17 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [01/10/2011 19:17 19408]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [09/09/2011 17:27 47616]
S2 crd;crd;c:\docume~1\ELLAAN~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe --> c:\docume~1\ELLAAN~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/04/2012 11:37 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 06:47 250056]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [09/09/2011 18:01 32256]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [21/04/2008 13:27 349432]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [09/09/2011 17:30 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [09/09/2011 17:30 112640]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [09/09/2011 17:30 103680]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:48]
.
2012-08-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User2.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-07 03:44]
.
2012-08-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User1.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-07 03:44]
.
2012-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-08-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
Toolbar-10 - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-kdx - c:\program files\Kontiki\KHost.exe
HKLM-Run-DATAMNGR - c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BitTorrent - c:\documents and settings\User1\My Documents\Downloads\Programs\BitTorrent.exe
AddRemove-Remove on Reboot Shell Extension_is1 - c:\program files\Remove on Reboot\unins000.exe
AddRemove-Searchqu 406 MediaBar - c:\program files\Windows iLivid Toolbar\uninstall.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 00:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*,  \OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLL
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
c:\windows\system32\acomx.dll
c:\windows\system32\acbsi21.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\program files\Hewlett-Packard\DeviceAccessManager\0009\PTDMLiteResource.dll
c:\windows\system32\flcdlmsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
.
- - - - - - - > 'explorer.exe'(12260)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\documents and settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\WLCShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\wscntfy.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\hpq\hp connection manager 1.1\bin\gbx4log.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\System32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\windows\System32\wudfhost.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2012-08-06 00:52:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 23:52
.
Pre-Run: 18,186,305,536 bytes free
Post-Run: 19,291,430,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3BE5B06B611B59882C07A41143D99037

 

[Jack]

Ok, we got those left overs...
Now,can you please perform the following scans:
<>VERY IMPORTANT! PLEASE RUN ONLY ONE SCAN AT THE TIME! DON'T START ALL THE SCAN AT ONCE!</>
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro  by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 2: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank"><>ROGUEKILER DOWNLOAD LINK</></a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.
</ol>
<hr />


STEP 3: Run a scan with ESET Online Scanner.

<ol>
<li>Download ESET Online Scanner utility.
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.HitmanPro log
2.RogueKiller logs
3.ESET log
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!

 

[Timmytour]

Hi Jack

Many thanks for your continued assistance

Prior to your previous post I was a bit premature in thinking my laptop was up and running again. I was getting an increasing number of "script error messages". Then I found myself unable to get onto a microsoft site and realised that once again my google links were being re-directed. Then I noticed that Security Essentials had once again been disabled.

Having then come back here and seen your post I ran Hitmanpro as suggested. I got stuff to remove and had to reboot, but do not seem to have got a report from it. I ran Roguekiller and have attached the report

However the link to Eset comes up with the following message

"404. That’s an error.
The requested URL /us/download/utilities/ was not found on this server. That’s all we know."

I had run it before and removed it from the list of programs and tried again, but to no avail. Before that I tried to run it from the previous copy I had but it could not update and would not proceed.

 

[Timmytour]

Definitely still something on the computer....went to go into Facebook and after a brief look at it a screen came up to say I was banned for being a suspected spammer....but I could verify my identity by entering my credit card information!

 

[Timmytour]

Looked again this morning (now at work on a work computer) and I have a Live Security platinum icon on my desktop!

 

[Timmytour]

Well....thinking i still had problems, i started again. Went through...

1.HitmanPro
2.RogueKiller
3.ESET

Doing this from work so trying to remember what came up. Hitman found a few things I think, Roguekiller found nothing. Before i ran ESET this time I removed my Microsoft essentials via the Add Remove facility on the Control panel. Although it appeared to be disabled anyway, I'm not sure i did that first time around.

ESET located about 12 threats which I got removed.

Computer seemed fine afterwards. I reinstalled Microsoft essentials and ran a quick scan. Nothing. Then later I ran a full scan and it picked up one serious threat and one potential both of which I then got it to remove.

touch wood things seem ok now. Have turned it off and restarted a few times now and Microsoft Essentials appears to still be operational.

 

[Jack]

So what's the current state of your computer?What problems are you experiencing? How is running?...
Can you please run the below utilities:
STEP 1: Run a scan with Kaspersky Virus Removal Tool
Click <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow external" rel="nofollow"><>here</></a> to download the Kaspersky Virus Removal Tool.
<ol>
<li>Save it to your desktop.</li>
<li>Double click the setup file to run it.</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

STEP 2: Run Temp File Cleaner by OldTimer
<ol>
<li>You can download the TFC utility from the below link
<a title="External link" href="http://oldtimer.geekstogo.com/TFC.exe" rel="nofollow external"><>TFC DOWNLOAD LINK</></a> <em>(This link will automatically download Temp File Cleaner on your computer)</em></li>
<li>Please double-click <>TFC.exe</> to run it. (<>Note:</> If you are running on Vista or 7, right-click on the file and choose <>Run As Administrator</>).</li>
<li>It <>will close all programs</> when run, so make sure you have <>saved all your work</> before you begin.</li>
<li>Click the <>Start</> button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. <>Let it run uninterrupted to completion</>.</li>
<li>Once it's finished it should <>reboot your machine</>. If it does not, please <>manually reboot the machine</> yourself to ensure a complete clean.</li>
</ol>
<hr />
STEP 3: Download and run OTL
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Under the Custom Scan box paste this in:

%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

</li>
<li>Click the<> Run Scan</> button.</li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>
<hr />
What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.Kaspersky log
2.OTL logs
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!