Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help to remove Delta-Toolbar
Message
<blockquote data-quote="birdinthehand" data-source="post: 131778" data-attributes="member: 10508"><p>Hi There kuttus,</p><p></p><p>I've followed your instructions but when I ran the scan it only produced the OTL.Txt log, I ran 2 scans but they both only produced the 1 log.</p><p></p><p>OTL logfile created on: 06/08/2013 21:12:19 - Run 2</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Downloads</p><p> Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.10.9200.16635)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>1013.38 Mb Total Physical Memory | 362.58 Mb Available Physical Memory | 35.78% Memory free</p><p>1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.24% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 225.25 Gb Total Space | 199.09 Gb Free Space | 88.38% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: TRUDY-PC | User Name: Trudy | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Trudy\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)</p><p>PRC - C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.)</p><p>PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)</p><p>PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</p><p>PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)</p><p>PRC - C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll ()</p><p>MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()</p><p>MOD - C:\Program Files\FSP\KbdHook.dll ()</p><p>MOD - C:\Program Files\FSP\FspLib.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)</p><p>SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.)</p><p>SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE (Microsoft Corporation.)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)</p><p>SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found</p><p>DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()</p><p>DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)</p><p>DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)</p><p>DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)</p><p>DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)</p><p>DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (All) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = </p><p>IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKLM\..\SearchScopes,DefaultScope = </p><p>IE - HKLM\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = </p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = </p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)</p><p>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </p><p> </p><p>IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)</p><p>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </p><p> </p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = </p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = </p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes,Backup.Old.DefaultScope = {EB54875D-DD8E-4010-B816-E3180B178F69}</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes,DefaultScope = </p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p> </p><p> </p><p>[2013/07/26 18:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Mysearchdial (Enabled)</p><p>CHR - default_search_provider: search_url = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir=</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}</p><p>CHR - homepage: http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir=</p><p>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll</p><p>CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</p><p>CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</p><p>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll</p><p> </p><p>O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)</p><p>O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found</p><p>O3 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</p><p>O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)</p><p>O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)</p><p>O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)</p><p>O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found</p><p>O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [Google Update] C:\Users\Trudy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)</p><p>O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found</p><p>O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)</p><p>O4 - Startup: C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = </p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = </p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17</p><p>O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)</p><p>O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O13 - gopher Prefix: missing</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C6A873-0973-47B7-81CC-36B822FFD4F6}: DhcpNameServer = 192.168.1.1</p><p>O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\System32\igfxdev.dll (Intel Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)</p><p>O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)</p><p>O31 - SafeBoot: AlternateShell - cmd.exe</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/08/02 11:57:20 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\kuttuslogs.1</p><p>[2013/07/31 14:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab</p><p>[2013/07/31 10:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET</p><p>[2013/07/31 10:48:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\System32\bootdelete.exe</p><p>[2013/07/31 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>[2013/07/31 10:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2013/07/31 10:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2013/07/30 23:26:46 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\kuttus</p><p>[2013/07/30 18:29:35 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Malwarebytes</p><p>[2013/07/30 18:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/07/30 18:28:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys</p><p>[2013/07/30 18:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware</p><p>[2013/07/30 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\Programs</p><p>[2013/07/30 17:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>[2013/07/30 17:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2013/07/30 17:04:47 | 000,000,000 | ---D | C] -- C:\windows\ERUNT</p><p>[2013/07/30 11:56:56 | 000,000,000 | ---D | C] -- C:\_OTL</p><p>[2013/07/30 10:55:45 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe</p><p>[2013/07/30 10:55:45 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe</p><p>[2013/07/30 10:55:45 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe</p><p>[2013/07/30 10:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java</p><p>[2013/07/27 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Web Cake</p><p>[2013/07/27 10:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group</p><p>[2013/07/27 10:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard</p><p>[2013/07/26 18:41:04 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions</p><p>[2013/07/26 18:41:02 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins</p><p>[2013/07/26 18:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox</p><p>[2013/07/26 16:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>[2013/07/26 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod</p><p>[2013/07/26 16:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes</p><p>[2013/07/26 16:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime</p><p>[2013/07/26 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime</p><p>[2013/07/26 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ElevatedDiagnostics</p><p>[2013/07/26 13:43:34 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\SlimWare Utilities Inc</p><p>[2013/07/26 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate</p><p>[2013/07/26 13:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate</p><p>[2013/07/26 12:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler</p><p>[2013/07/10 03:08:10 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb</p><p>[2013/07/10 03:08:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll</p><p>[2013/07/10 03:08:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll</p><p>[2013/07/10 03:08:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll</p><p>[2013/07/10 03:08:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll</p><p>[2013/07/10 03:07:58 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll</p><p>[2013/07/10 03:07:58 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe</p><p>[2013/07/10 03:07:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll</p><p>[2013/07/10 03:07:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll</p><p>[2013/07/10 03:07:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe</p><p>[2013/07/09 22:41:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll</p><p>[2013/07/09 22:41:38 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL</p><p>[2013/07/09 22:41:36 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll</p><p>[2013/07/09 22:41:33 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys</p><p>[1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/08/06 21:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/08/06 20:55:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job</p><p>[2013/08/06 20:44:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2013/08/06 10:16:43 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/08/06 10:16:43 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/08/06 10:09:18 | 796,954,624 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/08/02 14:18:59 | 000,006,347 | ---- | M] () -- C:\Users\Trudy\Documents\kaslog - Shortcut.lnk</p><p>[2013/08/02 14:18:20 | 000,001,111 | ---- | M] () -- C:\Users\Trudy\Documents\kaslog2 - Shortcut.lnk</p><p>[2013/08/01 10:03:46 | 000,002,338 | ---- | M] () -- C:\Users\Trudy\Desktop\Google Chrome.lnk</p><p>[2013/07/31 19:42:30 | 000,001,920 | ---- | M] () -- C:\Users\Trudy\Desktop\kaslog2 - Shortcut.lnk</p><p>[2013/07/31 19:42:17 | 000,001,909 | ---- | M] () -- C:\Users\Trudy\Desktop\kaslog - Shortcut.lnk</p><p>[2013/07/31 14:43:22 | 000,001,104 | ---- | M] () -- C:\Users\Trudy\Desktop\ESETSCAN - Shortcut.lnk</p><p>[2013/07/31 10:48:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\System32\bootdelete.exe</p><p>[2013/07/31 10:41:09 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/07/30 19:23:37 | 000,000,000 | ---- | M] () -- C:\Users\Trudy\AppData\Roaming\wklnhst.dat</p><p>[2013/07/30 18:28:54 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/07/30 16:59:26 | 000,013,464 | ---- | M] () -- C:\windows\System32\drivers\SWDUMon.sys</p><p>[2013/07/30 16:57:54 | 000,000,098 | ---- | M] () -- C:\windows\DeleteOnReboot.bat</p><p>[2013/07/30 16:51:54 | 000,001,158 | ---- | M] () -- C:\Users\Trudy\Desktop\mbar-1.06.0.1004 - Shortcut.lnk</p><p>[2013/07/30 08:57:38 | 000,628,460 | ---- | M] () -- C:\windows\System32\perfh009.dat</p><p>[2013/07/30 08:57:38 | 000,110,612 | ---- | M] () -- C:\windows\System32\perfc009.dat</p><p>[2013/07/30 07:55:08 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job</p><p>[2013/07/26 16:35:55 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2013/07/26 16:26:32 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>[2013/07/26 12:42:20 | 000,002,181 | ---- | M] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk</p><p>[2013/07/10 03:20:17 | 000,334,432 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT</p><p>[1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/08/02 11:56:58 | 000,001,111 | ---- | C] () -- C:\Users\Trudy\Documents\kaslog2 - Shortcut.lnk</p><p>[2013/08/02 11:56:43 | 000,006,347 | ---- | C] () -- C:\Users\Trudy\Documents\kaslog - Shortcut.lnk</p><p>[2013/07/31 19:42:30 | 000,001,920 | ---- | C] () -- C:\Users\Trudy\Desktop\kaslog2 - Shortcut.lnk</p><p>[2013/07/31 19:42:17 | 000,001,909 | ---- | C] () -- C:\Users\Trudy\Desktop\kaslog - Shortcut.lnk</p><p>[2013/07/31 14:43:22 | 000,001,104 | ---- | C] () -- C:\Users\Trudy\Desktop\ESETSCAN - Shortcut.lnk</p><p>[2013/07/31 10:41:09 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/07/30 19:23:37 | 000,000,000 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\wklnhst.dat</p><p>[2013/07/30 18:28:54 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/07/30 16:56:36 | 000,000,098 | ---- | C] () -- C:\windows\DeleteOnReboot.bat</p><p>[2013/07/30 16:51:54 | 000,001,158 | ---- | C] () -- C:\Users\Trudy\Desktop\mbar-1.06.0.1004 - Shortcut.lnk</p><p>[2013/07/26 16:35:55 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk</p><p>[2013/07/26 16:26:32 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>[2013/07/26 13:43:39 | 000,013,464 | ---- | C] () -- C:\windows\System32\drivers\SWDUMon.sys</p><p>[2011/10/27 11:38:28 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2012/01/23 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Template</p><p>[2013/01/01 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\TFP</p><p>[2013/07/30 18:45:36 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Web Cake</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p></p><p>< End of report ></p><p></p><p>Kind Regards</p><p></p><p>Trudy</p></blockquote><p></p>
[QUOTE="birdinthehand, post: 131778, member: 10508"] Hi There kuttus, I've followed your instructions but when I ran the scan it only produced the OTL.Txt log, I ran 2 scans but they both only produced the 1 log. OTL logfile created on: 06/08/2013 21:12:19 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.38 Mb Total Physical Memory | 362.58 Mb Available Physical Memory | 35.78% Memory free 1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 225.25 Gb Total Space | 199.09 Gb Free Space | 88.38% Space Free | Partition Type: NTFS Computer Name: TRUDY-PC | User Name: Trudy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Trudy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.) PRC - C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation) PRC - C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll () MOD - C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\FSP\KbdHook.dll () MOD - C:\Program Files\FSP\FspLib.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE (Microsoft Corporation.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys () DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes,Backup.Old.DefaultScope = {EB54875D-DD8E-4010-B816-E3180B178F69} IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes\{19BCE93E-4DD1-A721-C50A-3BE4E5E40A4C}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) [2013/07/26 18:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Mysearchdial (Enabled) CHR - default_search_provider: search_url = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found O3 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [Google Update] C:\Users\Trudy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-2020085807-1544784501-1952108477-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C6A873-0973-47B7-81CC-36B822FFD4F6}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/08/02 11:57:20 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\kuttuslogs.1 [2013/07/31 14:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/07/31 10:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/07/31 10:48:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\System32\bootdelete.exe [2013/07/31 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013/07/31 10:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/07/31 10:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/07/30 23:26:46 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\kuttus [2013/07/30 18:29:35 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Malwarebytes [2013/07/30 18:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/30 18:28:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/07/30 18:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/30 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\Programs [2013/07/30 17:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/07/30 17:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/30 17:04:47 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/07/30 11:56:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013/07/30 10:55:45 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2013/07/30 10:55:45 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2013/07/30 10:55:45 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2013/07/30 10:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/07/27 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Web Cake [2013/07/27 10:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/07/27 10:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013/07/26 18:41:04 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions [2013/07/26 18:41:02 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins [2013/07/26 18:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/07/26 16:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/07/26 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/07/26 16:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/07/26 16:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/07/26 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013/07/26 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ElevatedDiagnostics [2013/07/26 13:43:34 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\SlimWare Utilities Inc [2013/07/26 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate [2013/07/26 13:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate [2013/07/26 12:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler [2013/07/10 03:08:10 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/07/10 03:08:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013/07/10 03:08:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/07/10 03:08:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013/07/10 03:08:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/07/10 03:07:58 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/07/10 03:07:58 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013/07/10 03:07:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013/07/10 03:07:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013/07/10 03:07:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013/07/09 22:41:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013/07/09 22:41:38 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL [2013/07/09 22:41:36 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2013/07/09 22:41:33 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/08/06 21:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/08/06 20:55:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job [2013/08/06 20:44:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/08/06 10:16:43 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/06 10:16:43 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/06 10:09:18 | 796,954,624 | -HS- | M] () -- C:\hiberfil.sys [2013/08/02 14:18:59 | 000,006,347 | ---- | M] () -- C:\Users\Trudy\Documents\kaslog - Shortcut.lnk [2013/08/02 14:18:20 | 000,001,111 | ---- | M] () -- C:\Users\Trudy\Documents\kaslog2 - Shortcut.lnk [2013/08/01 10:03:46 | 000,002,338 | ---- | M] () -- C:\Users\Trudy\Desktop\Google Chrome.lnk [2013/07/31 19:42:30 | 000,001,920 | ---- | M] () -- C:\Users\Trudy\Desktop\kaslog2 - Shortcut.lnk [2013/07/31 19:42:17 | 000,001,909 | ---- | M] () -- C:\Users\Trudy\Desktop\kaslog - Shortcut.lnk [2013/07/31 14:43:22 | 000,001,104 | ---- | M] () -- C:\Users\Trudy\Desktop\ESETSCAN - Shortcut.lnk [2013/07/31 10:48:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\System32\bootdelete.exe [2013/07/31 10:41:09 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/07/30 19:23:37 | 000,000,000 | ---- | M] () -- C:\Users\Trudy\AppData\Roaming\wklnhst.dat [2013/07/30 18:28:54 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/30 16:59:26 | 000,013,464 | ---- | M] () -- C:\windows\System32\drivers\SWDUMon.sys [2013/07/30 16:57:54 | 000,000,098 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013/07/30 16:51:54 | 000,001,158 | ---- | M] () -- C:\Users\Trudy\Desktop\mbar-1.06.0.1004 - Shortcut.lnk [2013/07/30 08:57:38 | 000,628,460 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/07/30 08:57:38 | 000,110,612 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/07/30 07:55:08 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job [2013/07/26 16:35:55 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/07/26 16:26:32 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/07/26 12:42:20 | 000,002,181 | ---- | M] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk [2013/07/10 03:20:17 | 000,334,432 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [1 C:\Users\Trudy\Documents\*.tmp files -> C:\Users\Trudy\Documents\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/08/02 11:56:58 | 000,001,111 | ---- | C] () -- C:\Users\Trudy\Documents\kaslog2 - Shortcut.lnk [2013/08/02 11:56:43 | 000,006,347 | ---- | C] () -- C:\Users\Trudy\Documents\kaslog - Shortcut.lnk [2013/07/31 19:42:30 | 000,001,920 | ---- | C] () -- C:\Users\Trudy\Desktop\kaslog2 - Shortcut.lnk [2013/07/31 19:42:17 | 000,001,909 | ---- | C] () -- C:\Users\Trudy\Desktop\kaslog - Shortcut.lnk [2013/07/31 14:43:22 | 000,001,104 | ---- | C] () -- C:\Users\Trudy\Desktop\ESETSCAN - Shortcut.lnk [2013/07/31 10:41:09 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/07/30 19:23:37 | 000,000,000 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\wklnhst.dat [2013/07/30 18:28:54 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/30 16:56:36 | 000,000,098 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013/07/30 16:51:54 | 000,001,158 | ---- | C] () -- C:\Users\Trudy\Desktop\mbar-1.06.0.1004 - Shortcut.lnk [2013/07/26 16:35:55 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/07/26 16:26:32 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/07/26 13:43:39 | 000,013,464 | ---- | C] () -- C:\windows\System32\drivers\SWDUMon.sys [2011/10/27 11:38:28 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012/01/23 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Template [2013/01/01 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\TFP [2013/07/30 18:45:36 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Web Cake [color=#E56717]========== Purity Check ==========[/color] < End of report > Kind Regards Trudy [/QUOTE]
Insert quotes…
Verification
Post reply
Top