TechSpot

Another victim of Sirefef; PC rebooting after 1 min

Inactive
By muckledug
Aug 24, 2012
  1. Hi there. I would be eternally grateful for any help. I'm a bit of a technophobe but have managed to run Farbar . Here is the log from its initial run:

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 23-08-2012 02
    Ran by SYSTEM at 24-08-2012 13:18:32
    Running from F:\
    Windows 7 Starter (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7703072 2009-08-05] (Realtek Semiconductor)
    HKLM\...\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe" [3342336 2009-09-23] (Sentelic Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\alipark\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [x]
    HKU\alipark\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup [x]
    HKU\alipark\...\Run: [Google Update] "C:\Users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-07] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\alipark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\daviepark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ================================ Services (Whitelisted) ==================
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
    2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    ========================== Drivers (Whitelisted) =============
    0 DasBoot; C:\Windows\system32\drivers\DasBoot.SYS [20744 2012-01-17] ()
    0 DasBootF; C:\Windows\system32\drivers\DasBootF.SYS [59272 2012-01-17] ()
    3 fspad_wlh32; C:\Windows\System32\DRIVERS\fspad_wlh32.sys [41984 2009-09-22] (Sentelic Corporation)
    3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [113432 2011-03-28] (ZTE Incorporated)
    3 massfilter_hs; \??\C:\windows\system32\drivers\massfilter_hs.sys [15896 2011-07-07] (HandSet Incorporated)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-08-24 11:51 - 2012-08-24 11:52 - 00000000 ____D C:\FRST
    2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
    2012-08-24 03:52 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\New folder
    2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
    2012-08-20 16:56 - 2012-08-20 16:57 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
    2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
    2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
    2012-08-20 15:59 - 2012-08-24 04:09 - 00001288 ____A C:\Windows\setupact.log
    2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-18 04:39 - 2012-08-18 04:49 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
    2012-08-18 04:36 - 2012-08-24 04:13 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
    2012-08-18 04:35 - 2012-08-24 03:57 - 00000000 ____D C:\Windows\System32\DBBK
    2012-08-18 04:35 - 2012-08-18 04:50 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
    2012-08-18 04:35 - 2012-03-22 08:17 - 00225664 ____A C:\Windows\System32\Drivers\DasBootS.SYS
    2012-08-18 04:35 - 2012-01-17 12:55 - 00059272 ____A C:\Windows\System32\Drivers\DasBootF.SYS
    2012-08-18 04:35 - 2012-01-17 12:55 - 00027528 ____A C:\Windows\System32\Drivers\DasBootK.SYS
    2012-08-18 04:35 - 2012-01-17 12:55 - 00020744 ____A C:\Windows\System32\Drivers\DasBoot.SYS
    2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootI.SYS
    2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootE.SYS
    2012-08-18 04:35 - 2010-05-03 17:37 - 00003072 ____A C:\Windows\System32\Drivers\DasBootD.SYS
    2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
    2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
    2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
    2012-08-18 02:37 - 2012-08-18 02:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
    2012-08-17 18:30 - 2012-08-17 18:30 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-17 18:24 - 2012-08-18 04:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
    2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
    2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
    2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
    2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
    2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
    2012-08-12 11:32 - 2012-08-12 11:32 - 00000000 ____D C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer_files
    2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
    2012-08-11 16:22 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\Dalmellington
    2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
    2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
    2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
    2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
    2012-08-07 15:55 - 2012-08-14 18:13 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
    2012-08-07 15:53 - 2012-08-18 04:04 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
    2012-08-07 15:53 - 2012-08-17 16:04 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
    2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Deployment
    2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Apps\2.0
    2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
    2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
    2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
    2012-08-05 15:22 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\clothes
    2012-08-05 15:18 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\work
    ============ 3 Months Modified Files ========================
    2012-08-24 04:13 - 2012-08-18 04:36 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
    2012-08-24 04:09 - 2012-08-20 15:59 - 00001288 ____A C:\Windows\setupact.log
    2012-08-24 04:09 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
    2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
    2012-08-20 16:57 - 2012-08-20 16:56 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
    2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
    2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
    2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-18 04:50 - 2012-08-18 04:35 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
    2012-08-18 04:49 - 2012-08-18 04:39 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
    2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
    2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
    2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
    2012-08-18 04:08 - 2012-08-17 18:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-18 04:04 - 2012-08-07 15:53 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
    2012-08-18 03:55 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-18 02:38 - 2011-01-28 15:07 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-18 02:38 - 2010-01-18 05:19 - 00722628 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
    2012-08-18 02:08 - 2012-04-27 16:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-18 02:08 - 2011-07-22 15:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-17 16:04 - 2012-08-07 15:53 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
    2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
    2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
    2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
    2012-08-14 18:13 - 2012-08-07 15:55 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
    2012-08-14 16:00 - 2010-12-04 03:54 - 00010547 ____A C:\Users\daviepark\Documents\Untitled 1.odt
    2012-08-14 15:50 - 2012-06-01 17:02 - 00000240 ____A C:\Users\daviepark\Desktop\Royal Babylon Part 1 - Video Dailymotion.url
    2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
    2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
    2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
    2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
    2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
    2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
    2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
    2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
    2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
    2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
    2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
    2012-07-05 10:59 - 2012-07-05 10:59 - 00000232 ____A C:\Users\daviepark\Desktop\100 Grip Seal Bags 6 x 9 Inch 200g Strong Reusable Zip Lock Amazon.co.uk Kitchen & Home.url
    2012-07-03 16:00 - 2012-07-03 16:00 - 00000064 ____A C:\Windows\GPlrLanc.dat
    2012-07-03 15:59 - 2012-07-03 15:58 - 00481296 ____A (Clasys Ltd.) C:\Users\daviepark\Desktop\WS_CI221_V25.exe
    2012-07-01 15:45 - 2012-07-01 15:45 - 00000133 ____A C:\Users\daviepark\Desktop\Mail Order sunset song, cloud howe dvds.url
    2012-06-30 15:24 - 2012-06-30 15:24 - 00000224 ____A C:\Users\alipark\Desktop\Amazon.com Stargate Universe [HD] Season 1, Episode 11 Space [HD] Amazon Instant Video.url
    2012-06-30 14:34 - 2012-06-30 14:34 - 00000222 ____A C:\Users\daviepark\Desktop\Self help try positive action, not positive thinking Science The Observer.url
    2012-06-23 01:09 - 2012-06-23 01:09 - 00000195 ____A C:\Users\alipark\Desktop\Welcome to Facebook — Log in, sign up or learn more.url
    2012-06-20 07:27 - 2012-06-20 03:49 - 00000213 ____A C:\Users\daviepark\Desktop\Edinburgh.url
    2012-06-20 03:49 - 2012-06-20 03:49 - 00000418 ____A C:\Users\daviepark\Desktop\accommodation edinburgh castle edinburgh city centre - Google Maps.url
    2012-06-20 03:27 - 2012-06-20 03:27 - 00000138 ____A C:\Users\daviepark\Desktop\Home.url
    2012-06-18 15:35 - 2012-06-18 15:35 - 00001318 ____A C:\Users\daviepark\Desktop\suburbaniteshand00thor.pdf - Shortcut.lnk
    2012-06-18 00:59 - 2012-06-18 00:59 - 00000140 ____A C:\Users\daviepark\Desktop\Kippford Holidays - Luxury two bedroom caravan overlooking Kippford and Solway Coast near Dalbeattie, Dumfries and Galloway.url
    2012-06-17 16:08 - 2012-06-17 16:08 - 00000370 ____A C:\Users\daviepark\Desktop\Hoseasons - Holiday Availability Listing.url
    2012-06-08 03:40 - 2010-08-22 10:53 - 00000708 ____A C:\Users\daviepark\AppData\Roaming\wklnhst.dat
    2012-06-02 14:19 - 2012-06-19 00:27 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 00:27 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 00:27 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 00:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 00:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-19 00:27 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-19 00:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 06:19 - 2012-06-19 00:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:12 - 2012-06-19 00:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 07:10 - 2012-06-01 07:10 - 00000725 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-06-01 07:09 - 2012-06-01 07:08 - 49744959 ____A C:\Users\daviepark\Downloads\ONE British Lord responsible for Pearl Harbor - the traitor Lord Sempill (1 of 4) [SaveYouTube.com].mp4
    2012-06-01 06:45 - 2010-10-11 01:40 - 00880496 ____A (BitTorrent, Inc.) C:\Users\daviepark\Downloads\utorrent.exe
    ZeroAccess:
    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}
    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\@
    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L
    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\n
    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\U
    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\00000004.@
    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\201d3dde
    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 36%
    Total physical RAM: 1013.38 MB
    Available physical RAM: 638.64 MB
    Total Pagefile: 1013.38 MB
    Available Pagefile: 644.22 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1977.38 MB
    ======================= Partitions =========================
    1 Drive c: (Windows7) (Fixed) (Total:108.07 GB) (Free:50.04 GB) NTFS
    2 Drive e: (New Volume) (Fixed) (Total:117.19 GB) (Free:117.1 GB) NTFS
    3 Drive f: () (Removable) (Total:1.89 GB) (Free:0.78 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (WinRe) (Fixed) (Total:7.63 GB) (Free:3.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 1935 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7813 MB 1024 KB
    Partition 2 Primary 108 GB 7814 MB
    Partition 3 Primary 117 GB 115 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y WinRe NTFS Partition 7813 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Windows7 NTFS Partition 108 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E New Volume NTFS Partition 117 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1935 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 1935 MB Healthy
    ==================================================================================
    Last Boot: 2012-08-16 15:10
    ======================= End Of Log ==========================
  2. muckledug

    muckledug TS Rookie Topic Starter

    And here is the search.txt log;

    Farbar Recovery Scan Tool Version: 23-08-2012 02
    Ran by SYSTEM at 2012-08-24 13:25:42
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
    === End Of Search ===

    P.S. When running farbar, I chose UK keyboard setup (I'm in the UK and have a UK keyboard)
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  4. muckledug

    muckledug TS Rookie Topic Starter

    here is fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-08-2012 02
    Ran by SYSTEM at 2012-08-26 00:09:40 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da} moved successfully.
    C:\Windows\assembly\GAC\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  5. muckledug

    muckledug TS Rookie Topic Starter

    booted normally as instructed. PC is no longer rebooting. PC status reported as 'potentially unprotected'.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. muckledug

    muckledug TS Rookie Topic Starter

    Having trouble logging on to internet. Browsers behaving erratically.

    Here is the combofix log:
    ComboFix 12-08-25.04 - daviepark 27/08/2012 14:51:29.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1013.417 [GMT 1:00]
    Running from: c:\users\daviepark\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-27 13:17 . 2012-08-27 13:17 -------- d-----w- c:\users\daviepark\AppData\Local\Macromedia
    2012-08-24 19:51 . 2012-08-24 19:52 -------- d-----w- C:\FRST
    2012-08-18 12:35 . 2012-08-27 14:12 -------- d-----w- c:\windows\system32\DBBK
    2012-08-18 12:35 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
    2012-08-18 12:35 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
    2012-08-18 12:35 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
    2012-08-18 12:35 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
    2012-08-18 12:35 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
    2012-08-18 12:35 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
    2012-08-18 12:35 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
    2012-08-18 12:18 . 2012-08-18 12:18 43480 ----a-w- c:\windows\system32\drivers\xcqchxec.sys
    2012-08-18 10:37 . 2012-08-18 10:38 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-18 02:30 . 2012-08-18 02:30 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\users\alipark\AppData\Local\Deployment
    2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\users\alipark\AppData\Local\Apps
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-27 14:12 . 2012-08-27 13:33 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4BC0BA-DBAF-4019-86AA-4856761C4FFF}\offreg.dll
    2012-08-18 10:08 . 2012-04-28 00:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-18 10:08 . 2011-07-22 23:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-01 22:51 . 2012-08-27 13:10 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4BC0BA-DBAF-4019-86AA-4856761C4FFF}\mpengine.dll
    2012-07-16 01:41 . 2012-08-18 10:42 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-02 22:19 . 2012-06-19 08:27 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 08:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 08:26 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 08:26 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-19 08:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-19 08:27 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-19 08:26 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 14:19 . 2012-06-19 08:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 14:12 . 2012-06-19 08:26 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-11-21 04:21 . 2011-12-06 18:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
    "fspuip"="c:\program files\FSP\fspuip.exe" [2009-09-23 3342336]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\users\daviepark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    2010-04-10 07:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 ghsmdm;Handset USB Modem;c:\windows\system32\DRIVERS\ghsmdm.sys [x]
    R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S0 DasBoot;Panda AntiMalware Support;c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS [x]
    S0 DasBootF;Panda AntiMalware Support MF;c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
    S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]
    S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    HPService REG_MULTI_SZ HPSLPSVC
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 10:08]
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
    - c:\users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 23:52]
    .
    2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
    - c:\users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 23:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.co.uk/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\
    FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2020085807-1544784501-1952108477-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2020085807-1544784501-1952108477-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conhost.exe
    c:\windows\System32\rundll32.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-27 15:23:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-27 14:23
    .
    Pre-Run: 53,176,008,704 bytes free
    Post-Run: 53,224,972,288 bytes free
    .
    - - End Of File - - 1A4DF396A5E666A959027F0C20F734F6
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay..let's see here...

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  9. muckledug

    muckledug TS Rookie Topic Starter

    AdwCleaner search log:

    # AdwCleaner v1.801 - Logfile created 08/28/2012 at 11:45:43
    # Updated 14/08/2012 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : daviepark - ALIPARK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\daviepark\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Users\alipark\AppData\Local\Ilivid Player
    Folder Found : C:\Users\daviepark\AppData\Local\Conduit
    Folder Found : C:\Users\daviepark\AppData\LocalLow\Conduit
    Folder Found : C:\Users\daviepark\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\daviepark\AppData\LocalLow\uTorrentControl2
    Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\ConduitCommon
    Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3072253
    Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3198785
    Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\Smartbar
    Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\uTorrentControl2
    File Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\searchplugins\Conduit.xml
    ***** [Registry] *****
    [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
    Key Found : HKLM\SOFTWARE\uTorrentControl2
    ***** [Registre - GUID] *****
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{999CD03A-804F-434C-9551-E45CAF24CF5C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{960CA5BC-E5CE-4120-93C6-39092069163B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v8.0.1 (en-GB)
    Profile name : default
    File : C:\Users\alipark\AppData\Roaming\Mozilla\Firefox\Profiles\jpxyqh0k.default\prefs.js
    [OK] File is clean.
    Profile name : default
    File : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\prefs.js
    Found : user_pref("CT3072253..clientLogIsEnabled", false);
    Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
    Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
    Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
    Found : user_pref("CT3072253.CTID", "CT3072253");
    Found : user_pref("CT3072253.CurrentServerDate", "27-8-2012");
    Found : user_pref("CT3072253.DSInstall", false);
    Found : user_pref("CT3072253.DialogsAlignMode", "LTR");
    Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight T[...]
    Found : user_pref("CT3072253.DownloadReferralCookieData", "");
    Found : user_pref("CT3072253.FirstServerDate", "4-7-2012");
    Found : user_pref("CT3072253.FirstTime", true);
    Found : user_pref("CT3072253.FirstTimeFF3", true);
    Found : user_pref("CT3072253.FixPageNotFoundErrors", true);
    Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT3072253.HPInstall", false);
    Found : user_pref("CT3072253.HasUserGlobalKeys", true);
    Found : user_pref("CT3072253.HomePageProtectorEnabled", false);
    Found : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.co.uk/");
    Found : user_pref("CT3072253.Initialize", true);
    Found : user_pref("CT3072253.InitializeCommonPrefs", true);
    Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
    Found : user_pref("CT3072253.InstallationId", "fft11F0.tmp.exe");
    Found : user_pref("CT3072253.InstallationType", "XPE");
    Found : user_pref("CT3072253.InstalledDate", "Tue Jul 03 2012 23:05:06 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT3072253.IsAlertDBUpdated", true);
    Found : user_pref("CT3072253.IsGrouping", false);
    Found : user_pref("CT3072253.IsInitSetupIni", true);
    Found : user_pref("CT3072253.IsMulticommunity", false);
    Found : user_pref("CT3072253.IsOpenThankYouPage", true);
    Found : user_pref("CT3072253.IsOpenUninstallPage", false);
    Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon Aug 27 2012 14:17:25 GMT+0100 (GMT Daylight Ti[...]
    Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT3072253.LastLogin_3.12.0.8", "Tue Jul 03 2012 23:05:09 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Wed Aug 08 2012 02:27:46 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT3072253.LatestVersion", "3.14.1.0");
    Found : user_pref("CT3072253.Locale", "en");
    Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");
    Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");
    Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
    Found : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
    Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
    Found : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
    Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
    Found : user_pref("CT3072253.SearchInNewTabEnabled", true);
    Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight [...]
    Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT3072253.SearchProtectorEnabled", false);
    Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
    Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);
    Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Aug 27 2012 14:17:24 GMT+0100 (GMT Daylight Time[...]
    Found : user_pref("CT3072253.SettingsLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight Time)"[...]
    Found : user_pref("CT3072253.SettingsLastUpdate", "1345149440");
    Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
    Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
    Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Aug 08 2012 02:27:42 GMT+0100 (GMT Dayligh[...]
    Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
    Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
    Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
    Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Found : user_pref("CT3072253.UserID", "UN69560583829857032");
    Found : user_pref("CT3072253.ValidationData_Search", 1);
    Found : user_pref("CT3072253.alertChannelId", "1463702");
    Found : user_pref("CT3072253.autoDisableScopes", -1);
    Found : user_pref("CT3072253.backendstorage.cbcountry_001", "4742");
    Found : user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20303320323031322032333A30353A31342[...]
    Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F2E756[...]
    Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon Aug 27 2012 14:17:27 GMT+0100 (GMT Dayl[...]
    Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
    Found : user_pref("CT3072253.initDone", true);
    Found : user_pref("CT3072253.isAppTrackingManagerOn", false);
    Found : user_pref("CT3072253.myStuffEnabled", true);
    Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT3072253.navigateToUrlOnSearch", false);
    Found : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
    Found : user_pref("CT3072253.revertSettingsEnabled", true);
    Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
    Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);
    Found : user_pref("CT3072253.testingCtid", "");
    Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
    Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
    Found : user_pref("CT3198785.1000082.isPlayDisplay", "true");
    Found : user_pref("CT3198785.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Found : user_pref("CT3198785.129761883816955218.pid2", "8493efb787da9633");
    Found : user_pref("CT3198785.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3198785.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Found : user_pref("CT3198785.FirstTime", "true");
    Found : user_pref("CT3198785.FirstTimeFF3", "true");
    Found : user_pref("CT3198785.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
    Found : user_pref("CT3198785.UserID", "UN45487137326407767");
    Found : user_pref("CT3198785.addressBarTakeOverEnabledInHidden", "true");
    Found : user_pref("CT3198785.autoDisableScopes", -1);
    Found : user_pref("CT3198785.browser.search.defaultthis.engineName", true);
    Found : user_pref("CT3198785.defaultSearch", "true");
    Found : user_pref("CT3198785.embeddedsData", "[{\"appId\":\"129761883813986480\",\"apiPermissions\":{\"cross[...]
    Found : user_pref("CT3198785.enableAlerts", "always");
    Found : user_pref("CT3198785.enableSearchFromAddressBar", "true");
    Found : user_pref("CT3198785.firstTimeDialogOpened", "true");
    Found : user_pref("CT3198785.fixPageNotFoundError", "true");
    Found : user_pref("CT3198785.fixPageNotFoundErrorInHidden", "true");
    Found : user_pref("CT3198785.fixUrls", true);
    Found : user_pref("CT3198785.installId", "230");
    Found : user_pref("CT3198785.installType", "ConduitNSISIntegration");
    Found : user_pref("CT3198785.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3198785.isNewTabEnabled", true);
    Found : user_pref("CT3198785.isPerformedSmartBarTransition", "true");
    Found : user_pref("CT3198785.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Found : user_pref("CT3198785.keyword", true);
    Found : user_pref("CT3198785.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
    Found : user_pref("CT3198785.openThankYouPage", "false");
    Found : user_pref("CT3198785.openUninstallPage", "true");
    Found : user_pref("CT3198785.search.searchAppId", "129761883813986480");
    Found : user_pref("CT3198785.search.searchCount", "0");
    Found : user_pref("CT3198785.searchInNewTabEnabledInHidden", "true");
    Found : user_pref("CT3198785.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT3198785.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Found : user_pref("CT3198785.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
    Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Found : user_pref("CT3198785.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344389273867");
    Found : user_pref("CT3198785.serviceLayer_services_appTracking_lastUpdate", "1344394716837");
    Found : user_pref("CT3198785.serviceLayer_services_appsMetadata_lastUpdate", "1344389273659");
    Found : user_pref("CT3198785.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344394717404");
    Found : user_pref("CT3198785.serviceLayer_services_optimizer_lastUpdate", "1344394717324");
    Found : user_pref("CT3198785.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344389275184");
    Found : user_pref("CT3198785.serviceLayer_services_searchAPI_lastUpdate", "1344389271456");
    Found : user_pref("CT3198785.serviceLayer_services_serviceMap_lastUpdate", "1344389270803");
    Found : user_pref("CT3198785.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344394716186");
    Found : user_pref("CT3198785.serviceLayer_services_toolbarSettings_lastUpdate", "1344389271359");
    Found : user_pref("CT3198785.serviceLayer_services_translation_lastUpdate", "1344389274131");
    Found : user_pref("CT3198785.settingsINI", true);
    Found : user_pref("CT3198785.shouldFirstTimeDialog", "false");
    Found : user_pref("CT3198785.smartbar.CTID", "CT3198785");
    Found : user_pref("CT3198785.smartbar.Uninstall", "0");
    Found : user_pref("CT3198785.smartbar.homepage", true);
    Found : user_pref("CT3198785.smartbar.toolbarName", "WhiteSmoke US ");
    Found : user_pref("CT3198785.toolbarBornServerTime", "8-8-2012");
    Found : user_pref("CT3198785.toolbarCurrentServerTime", "8-8-2012");
    Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"7ae[...]
    Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\daviepark\\AppData\\Roaming\\Mozill[...]
    Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
    Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    Found : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
    Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
    Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
    Found : user_pref("CommunityToolbar.globalUserId", "39a5a613-d06d-423a-8235-69a98023ef8d");
    Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
    Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:3[...]
    Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
    Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Found : user_pref("CommunityToolbar.notifications.locale", "en");
    Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 27 2012 14:17:33 GMT+0100 (G[...]
    Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Found : user_pref("CommunityToolbar.notifications.userId", "ae640c30-ff01-4307-b83e-697775ae4702");
    Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.co.uk/");
    Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
    Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=1[...]
    Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US Customized Web Search");
    Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785[...]
    Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
    Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3198785");
    Found : user_pref("browser.search.selectedEngine", "WhiteSmoke US Customized Web Search");
    Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13");
    Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=[...]
    -\\ Opera v11.0.1156.0
    File : C:\Users\alipark\AppData\Roaming\Opera\Opera\operaprefs.ini
    [OK] File is clean.
    File : C:\Users\daviepark\AppData\Roaming\Opera\Opera\operaprefs.ini
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [20844 octets] - [28/08/2012 11:45:43]
    ########## EOF - C:\AdwCleaner[R1].txt - [20973 octets] ##########
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Remove the Adware.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  11. muckledug

    muckledug TS Rookie Topic Starter

    # AdwCleaner v1.801 - Logfile created 08/29/2012 at 11:51:29
    # Updated 14/08/2012 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : daviepark - ALIPARK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\daviepark\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Users\alipark\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\daviepark\AppData\Local\Conduit
    Folder Deleted : C:\Users\daviepark\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\daviepark\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\daviepark\AppData\LocalLow\uTorrentControl2
    Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\ConduitCommon
    Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3072253
    Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3198785
    Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\Smartbar
    Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\uTorrentControl2
    File Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\searchplugins\Conduit.xml
    ***** [Registry] *****
    [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
    Key Deleted : HKLM\SOFTWARE\uTorrentControl2
    ***** [Registre - GUID] *****
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{999CD03A-804F-434C-9551-E45CAF24CF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{960CA5BC-E5CE-4120-93C6-39092069163B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v8.0.1 (en-GB)
    Profile name : default
    File : C:\Users\alipark\AppData\Roaming\Mozilla\Firefox\Profiles\jpxyqh0k.default\prefs.js
    [OK] File is clean.
    Profile name : default
    File : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\prefs.js
    Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
    Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
    Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
    Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
    Deleted : user_pref("CT3072253.CTID", "CT3072253");
    Deleted : user_pref("CT3072253.CurrentServerDate", "27-8-2012");
    Deleted : user_pref("CT3072253.DSInstall", false);
    Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight T[...]
    Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
    Deleted : user_pref("CT3072253.FirstServerDate", "4-7-2012");
    Deleted : user_pref("CT3072253.FirstTime", true);
    Deleted : user_pref("CT3072253.FirstTimeFF3", true);
    Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT3072253.HPInstall", false);
    Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
    Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.co.uk/");
    Deleted : user_pref("CT3072253.Initialize", true);
    Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
    Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT3072253.InstallationId", "fft11F0.tmp.exe");
    Deleted : user_pref("CT3072253.InstallationType", "XPE");
    Deleted : user_pref("CT3072253.InstalledDate", "Tue Jul 03 2012 23:05:06 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
    Deleted : user_pref("CT3072253.IsGrouping", false);
    Deleted : user_pref("CT3072253.IsInitSetupIni", true);
    Deleted : user_pref("CT3072253.IsMulticommunity", false);
    Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
    Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
    Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon Aug 27 2012 14:17:25 GMT+0100 (GMT Daylight Ti[...]
    Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Tue Jul 03 2012 23:05:09 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Wed Aug 08 2012 02:27:46 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
    Deleted : user_pref("CT3072253.Locale", "en");
    Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
    Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
    Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
    Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
    Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
    Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight [...]
    Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
    Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Aug 27 2012 14:17:24 GMT+0100 (GMT Daylight Time[...]
    Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight Time)"[...]
    Deleted : user_pref("CT3072253.SettingsLastUpdate", "1345149440");
    Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
    Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Aug 08 2012 02:27:42 GMT+0100 (GMT Dayligh[...]
    Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
    Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
    Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT3072253.UserID", "UN69560583829857032");
    Deleted : user_pref("CT3072253.ValidationData_Search", 1);
    Deleted : user_pref("CT3072253.alertChannelId", "1463702");
    Deleted : user_pref("CT3072253.autoDisableScopes", -1);
    Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4742");
    Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20303320323031322032333A30353A31342[...]
    Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F2E756[...]
    Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon Aug 27 2012 14:17:27 GMT+0100 (GMT Dayl[...]
    Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT3072253.initDone", true);
    Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
    Deleted : user_pref("CT3072253.myStuffEnabled", true);
    Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
    Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
    Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT3072253.testingCtid", "");
    Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
    Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
    Deleted : user_pref("CT3198785.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT3198785.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT3198785.129761883816955218.pid2", "8493efb787da9633");
    Deleted : user_pref("CT3198785.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3198785.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3198785.FirstTime", "true");
    Deleted : user_pref("CT3198785.FirstTimeFF3", "true");
    Deleted : user_pref("CT3198785.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
    Deleted : user_pref("CT3198785.UserID", "UN45487137326407767");
    Deleted : user_pref("CT3198785.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3198785.autoDisableScopes", -1);
    Deleted : user_pref("CT3198785.browser.search.defaultthis.engineName", true);
    Deleted : user_pref("CT3198785.defaultSearch", "true");
    Deleted : user_pref("CT3198785.embeddedsData", "[{\"appId\":\"129761883813986480\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3198785.enableAlerts", "always");
    Deleted : user_pref("CT3198785.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3198785.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3198785.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3198785.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3198785.fixUrls", true);
    Deleted : user_pref("CT3198785.installId", "230");
    Deleted : user_pref("CT3198785.installType", "ConduitNSISIntegration");
    Deleted : user_pref("CT3198785.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3198785.isNewTabEnabled", true);
    Deleted : user_pref("CT3198785.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT3198785.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3198785.keyword", true);
    Deleted : user_pref("CT3198785.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
    Deleted : user_pref("CT3198785.openThankYouPage", "false");
    Deleted : user_pref("CT3198785.openUninstallPage", "true");
    Deleted : user_pref("CT3198785.search.searchAppId", "129761883813986480");
    Deleted : user_pref("CT3198785.search.searchCount", "0");
    Deleted : user_pref("CT3198785.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3198785.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3198785.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3198785.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
    Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3198785.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344389273867");
    Deleted : user_pref("CT3198785.serviceLayer_services_appTracking_lastUpdate", "1344394716837");
    Deleted : user_pref("CT3198785.serviceLayer_services_appsMetadata_lastUpdate", "1344389273659");
    Deleted : user_pref("CT3198785.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344394717404");
    Deleted : user_pref("CT3198785.serviceLayer_services_optimizer_lastUpdate", "1344394717324");
    Deleted : user_pref("CT3198785.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344389275184");
    Deleted : user_pref("CT3198785.serviceLayer_services_searchAPI_lastUpdate", "1344389271456");
    Deleted : user_pref("CT3198785.serviceLayer_services_serviceMap_lastUpdate", "1344389270803");
    Deleted : user_pref("CT3198785.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344394716186");
    Deleted : user_pref("CT3198785.serviceLayer_services_toolbarSettings_lastUpdate", "1344389271359");
    Deleted : user_pref("CT3198785.serviceLayer_services_translation_lastUpdate", "1344389274131");
    Deleted : user_pref("CT3198785.settingsINI", true);
    Deleted : user_pref("CT3198785.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3198785.smartbar.CTID", "CT3198785");
    Deleted : user_pref("CT3198785.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3198785.smartbar.homepage", true);
    Deleted : user_pref("CT3198785.smartbar.toolbarName", "WhiteSmoke US ");
    Deleted : user_pref("CT3198785.toolbarBornServerTime", "8-8-2012");
    Deleted : user_pref("CT3198785.toolbarCurrentServerTime", "8-8-2012");
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"7ae[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\daviepark\\AppData\\Roaming\\Mozill[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
    Deleted : user_pref("CommunityToolbar.globalUserId", "39a5a613-d06d-423a-8235-69a98023ef8d");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:3[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 27 2012 14:17:33 GMT+0100 (G[...]
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "ae640c30-ff01-4307-b83e-697775ae4702");
    Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.co.uk/");
    Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=1[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US Customized Web Search");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785[...]
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3198785");
    Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke US Customized Web Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13");
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=[...]
    -\\ Opera v11.0.1156.0
    File : C:\Users\alipark\AppData\Roaming\Opera\Opera\operaprefs.ini
    [OK] File is clean.
    File : C:\Users\daviepark\AppData\Roaming\Opera\Opera\operaprefs.ini
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [20975 octets] - [28/08/2012 11:45:43]
    AdwCleaner[S1].txt - [21377 octets] - [29/08/2012 11:51:29]
    ########## EOF - C:\AdwCleaner[S1].txt - [21506 octets] ##########
     
  12. muckledug

    muckledug TS Rookie Topic Starter

    C:\FRST\Quarantine\services.exe Win32/Sirefef.FC trojan deleted - quarantined
    C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    C:\Users\daviepark\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\34307e44-781fe02a Java/TrojanDownloader.OpenConnection.AP trojan cleaned by deleting - quarantined
    C:\Users\daviepark\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\143b51c7-1415b4ad a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
    C:\Windows\System32\DBBK\54ED1955EDB126599E3814B6E251BCA6 a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
    C:\Windows\System32\DBBK\615E237F22F90CF81D52530D1CF84AAC a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    C:\Windows\System32\DBBK\6E71F4274113197AD75262AF24FB1B09 Win32/Conedex.E trojan cleaned by deleting - quarantined
    C:\Windows\System32\DBBK\85C5DEC9B6B5D6B9DE2C0331A102AD71 Win32/Sirefef.EZ trojan deleted - quarantined
    C:\Windows\System32\DBBK\9056639F5731CEF4D8EAEEBD2021EB0E a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    C:\Windows\System32\DBBK\A302BBFF2A7278C0E239EE5D471D86A9 Win32/Sirefef.FC trojan deleted - quarantined
    C:\Windows\System32\DBBK\FE2EB24E6BD36B8BE3869ECE85AA72BC Win32/Conedex.D trojan cleaned by deleting - quarantined
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run the F-Secure Online Scanner
    • Accept the License Agreement and check the box. Then click on Run Check.
    • [​IMG]
    • It will ask you to Run the Java plugin. Please confirm.
    • Once the download completes, the window for the scanner will launch.
    • Please confirm anymore prompts, and then select Full Scan.
    • The scan will take some time to finish, so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • It will run its cleaning.
    • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
  14. muckledug

    muckledug TS Rookie Topic Starter

    First scan crashed when removing spyware. I ran the scanner again and it found nothing - so I presume it managed to remove the spyware on the first run. Here is the log from the second run.
    Scanning Report

    Friday, August 31, 2012 22:51:28 - 00:09:22

    Computer name: ALIPARK-PC
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\ D:\
    No malware found


    Statistics

    Scanned:
    • Files: 114539
    • System: 4441
    • Not scanned: 21
    Actions:
    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\~DF2440C9C8ABC8814A.TMP
    • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\~DF259F4B7F62AD0AF8.TMP
    • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\~DF419D0C8157EC2E8D.TMP
    • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_DAVIEPARK\3648
    • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\HSPERFDATA_DAVIEPARK\3960
    • C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP
    • C:\FRST\QUARANTINE\DESKTOP.INI
    Options

    Scanning engines:
    Scanning options:
    • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
    • Use advanced heuristics
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good. How is the operation of the PC so far?
  16. muckledug

    muckledug TS Rookie Topic Starter

    Hi DMJ,
    Many thanks for all your help so far. There are a few issues with the PC's operation. For some reason, regardless of the browser I use, I can't login to my google account or surf to google docs / gmail. The browser reports that it can't display the webpage. I have the exact same issue with Facebook. Also, the PC does seem to be running fairly slowly and both memory and processor seem to be getting worked pretty hard.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's take a closer look...

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  18. muckledug

    muckledug TS Rookie Topic Starter

    OTL.TXT (pt 1.

    OTL logfile created on: 06/09/2012 15:38:20 - Run 1
    OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\daviepark\Desktop
    Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.38 Mb Total Physical Memory | 387.25 Mb Available Physical Memory | 38.21% Memory free
    1.99 Gb Paging File | 1.29 Gb Available in Paging File | 64.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 108.07 Gb Total Space | 47.11 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
    Drive D: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

    Computer Name: ALIPARK-PC | User Name: daviepark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/06 15:36:24 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.com
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/09/23 18:00:30 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Program Files\FSP\FspUip.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/09/23 18:00:10 | 000,053,248 | ---- | M] () -- C:\Program Files\FSP\KbdHook.dll
    MOD - [2009/09/18 18:35:28 | 000,073,728 | ---- | M] () -- C:\Program Files\FSP\FspLib.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/08/18 11:08:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DAVIEP~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/01/17 21:55:36 | 000,059,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DasBootF.SYS -- (DasBootF)
    DRV - [2012/01/17 21:55:34 | 000,020,744 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DasBoot.SYS -- (DasBoot)
    DRV - [2011/07/07 17:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2011/03/28 16:34:42 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ghsmdm.sys -- (ghsmdm)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/09/22 17:50:04 | 000,041,984 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
    DRV - [2009/08/10 04:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 01 49 BB D8 41 CB 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {45AB837B-1732-47F4-914B-28202E54527B}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{45AB837B-1732-47F4-914B-28202E54527B}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\..\SearchScopes\{742B8DE7-D75C-44E1-A4BB-12100C0CE82B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/webhp?hl=en&tab=mw"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/05 23:08:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/12/06 19:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daviepark\AppData\Roaming\Mozilla\Extensions
    [2012/08/29 11:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions
    [2012/08/31 10:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/08/31 10:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/09/05 23:08:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/09/05 23:08:36 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/09/05 23:08:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 23:08:36 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/09/05 23:08:36 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/09/05 23:08:36 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/08/27 15:12:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C6A873-0973-47B7-81CC-36B822FFD4F6}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
    MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)

    SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/06 15:36:23 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.com
    [2012/09/06 14:50:16 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.exe
    [2012/08/31 10:14:21 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
    [2012/08/31 10:14:20 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
    [2012/08/31 10:14:20 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
    [2012/08/30 15:27:05 | 000,000,000 | ---D | C] -- C:\Users\daviepark\AppData\Roaming\f-secure
    [2012/08/30 15:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2012/08/30 15:12:03 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
    [2012/08/30 15:12:03 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
    [2012/08/30 15:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/08/29 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/08/29 12:03:46 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
    [2012/08/28 14:54:47 | 000,000,000 | ---D | C] -- C:\Users\daviepark\AppData\Roaming\Foxit Software
    [2012/08/28 14:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2012/08/27 16:22:36 | 000,000,000 | ---D | C] -- C:\Users\daviepark\Desktop\ebikes
    [2012/08/27 15:20:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/27 14:47:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/08/27 14:47:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/08/27 14:47:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/08/27 14:47:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/27 14:46:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/08/27 14:31:53 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\daviepark\Desktop\ComboFix.exe
    [2012/08/27 14:17:59 | 000,000,000 | ---D | C] -- C:\Users\daviepark\AppData\Local\Macromedia
    [2012/08/24 20:51:59 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/18 13:35:40 | 000,000,000 | ---D | C] -- C:\windows\System32\DBBK
    [2012/08/18 13:18:08 | 000,043,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\xcqchxec.sys
    [2012/08/18 11:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/08/18 03:30:09 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
    [2012/08/12 01:22:49 | 000,000,000 | ---D | C] -- C:\Users\daviepark\Desktop\Dalmellington

    ========== Files - Modified Within 30 Days ==========

    [2012/09/06 15:36:24 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.com
    [2012/09/06 15:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/09/06 15:04:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
    [2012/09/06 14:50:16 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.exe
    [2012/09/06 13:54:49 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/06 13:54:49 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/06 13:46:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/09/06 13:46:48 | 796,954,624 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/06 01:04:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
    [2012/09/05 15:16:08 | 000,000,265 | ---- | M] () -- C:\Users\daviepark\Desktop\Sky box upgrades - Claim your free Sky+HD box - Upgrade now.url
    [2012/09/05 01:35:49 | 000,000,320 | ---- | M] () -- C:\Users\daviepark\Desktop\Panasonic TX-L32E5B review Verdict Plasma and lcd tvs Reviews TechRadar.url
    [2012/09/05 00:11:18 | 000,000,301 | ---- | M] () -- C:\Users\daviepark\Desktop\Vivanco SBX 95SE 4-Way AV Scart Switcher Box eBay.url
    [2012/09/04 23:57:57 | 000,000,282 | ---- | M] () -- C:\Users\daviepark\Desktop\Amazon.co.uk Customer Reviews AV Control Box (3 scart) - Full RGB!!! Vivanco SBX-94SE.url
    [2012/09/04 23:50:04 | 000,000,238 | ---- | M] () -- C:\Users\daviepark\Desktop\Automatic 3-way Scart Switch Box - 3 Inputs - 1 output Amazon.co.uk Electronics.url
    [2012/09/04 16:11:34 | 000,000,244 | ---- | M] () -- C:\Users\daviepark\Desktop\1.5 Metre Metal Plug, Gold Plated, OFC Scart Cable 1.5M Amazon.co.uk Electronics.url
    [2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
    [2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
    [2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
    [2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
    [2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
    [2012/08/28 14:52:47 | 000,001,132 | ---- | M] () -- C:\Users\daviepark\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2012/08/28 14:37:37 | 001,491,371 | ---- | M] () -- C:\Users\daviepark\Desktop\esa1.pdf
    [2012/08/28 11:44:07 | 000,618,227 | ---- | M] () -- C:\Users\daviepark\Desktop\adwcleaner.exe
    [2012/08/27 16:19:06 | 000,000,228 | ---- | M] () -- C:\Users\daviepark\Desktop\Panasonic TXL32E5B-www.buydigital.tv.url
    [2012/08/27 16:09:14 | 000,000,247 | ---- | M] () -- C:\Users\daviepark\Desktop\[Active] - Another victim of Sirefef; PC rebooting after 1 min - TechSpot Forums.url
    [2012/08/27 15:12:39 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/08/27 14:31:53 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\daviepark\Desktop\ComboFix.exe
    [2012/08/26 00:16:55 | 000,621,742 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/08/26 00:16:55 | 000,108,792 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/08/18 13:18:08 | 000,043,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\xcqchxec.sys
    [2012/08/18 11:38:44 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/08/18 11:08:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
    [2012/08/18 11:08:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
    [2012/08/15 16:57:16 | 000,000,241 | ---- | M] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
    [2012/08/15 16:52:51 | 000,000,266 | ---- | M] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
    [2012/08/15 01:00:23 | 000,010,547 | ---- | M] () -- C:\Users\daviepark\Documents\Untitled 1.odt
    [2012/08/15 00:50:50 | 000,000,240 | ---- | M] () -- C:\Users\daviepark\Desktop\Royal Babylon Part 1 - Video Dailymotion.url
    [2012/08/14 01:11:49 | 000,000,240 | ---- | M] () -- C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
    [2012/08/07 22:45:12 | 000,915,929 | ---- | M] () -- C:\Users\daviepark\Desktop\Nick Hornby - A Long Way Down.pdf

    ========== Files Created - No Company Name ==========

    [2012/09/05 15:16:08 | 000,000,265 | ---- | C] () -- C:\Users\daviepark\Desktop\Sky box upgrades - Claim your free Sky+HD box - Upgrade now.url
    [2012/09/05 01:35:49 | 000,000,320 | ---- | C] () -- C:\Users\daviepark\Desktop\Panasonic TX-L32E5B review Verdict Plasma and lcd tvs Reviews TechRadar.url
    [2012/09/05 00:11:18 | 000,000,301 | ---- | C] () -- C:\Users\daviepark\Desktop\Vivanco SBX 95SE 4-Way AV Scart Switcher Box eBay.url
    [2012/09/04 23:57:57 | 000,000,282 | ---- | C] () -- C:\Users\daviepark\Desktop\Amazon.co.uk Customer Reviews AV Control Box (3 scart) - Full RGB!!! Vivanco SBX-94SE.url
    [2012/09/04 23:50:04 | 000,000,238 | ---- | C] () -- C:\Users\daviepark\Desktop\Automatic 3-way Scart Switch Box - 3 Inputs - 1 output Amazon.co.uk Electronics.url
    [2012/09/04 16:11:33 | 000,000,244 | ---- | C] () -- C:\Users\daviepark\Desktop\1.5 Metre Metal Plug, Gold Plated, OFC Scart Cable 1.5M Amazon.co.uk Electronics.url
    [2012/08/28 14:52:47 | 000,001,132 | ---- | C] () -- C:\Users\daviepark\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2012/08/28 14:37:37 | 001,491,371 | ---- | C] () -- C:\Users\daviepark\Desktop\esa1.pdf
    [2012/08/28 11:43:59 | 000,618,227 | ---- | C] () -- C:\Users\daviepark\Desktop\adwcleaner.exe
    [2012/08/27 16:19:06 | 000,000,228 | ---- | C] () -- C:\Users\daviepark\Desktop\Panasonic TXL32E5B-www.buydigital.tv.url
    [2012/08/27 16:09:14 | 000,000,247 | ---- | C] () -- C:\Users\daviepark\Desktop\[Active] - Another victim of Sirefef; PC rebooting after 1 min - TechSpot Forums.url
    [2012/08/27 14:47:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/08/27 14:47:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/08/27 14:47:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/08/27 14:47:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/08/27 14:47:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/08/18 13:35:40 | 000,225,664 | ---- | C] () -- C:\windows\System32\drivers\DasBootS.SYS
    [2012/08/18 13:35:40 | 000,059,272 | ---- | C] () -- C:\windows\System32\drivers\DasBootF.SYS
    [2012/08/18 13:35:40 | 000,027,528 | ---- | C] () -- C:\windows\System32\drivers\DasBootK.SYS
    [2012/08/18 13:35:40 | 000,009,096 | ---- | C] () -- C:\windows\System32\drivers\DasBootI.SYS
    [2012/08/18 13:35:40 | 000,009,096 | ---- | C] () -- C:\windows\System32\drivers\DasBootE.SYS
    [2012/08/18 13:35:40 | 000,003,072 | ---- | C] () -- C:\windows\System32\drivers\DasBootD.SYS
    [2012/08/18 13:35:38 | 000,020,744 | ---- | C] () -- C:\windows\System32\drivers\DasBoot.SYS
    [2012/08/18 11:38:22 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/08/18 03:24:58 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/08/15 16:57:16 | 000,000,241 | ---- | C] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
    [2012/08/15 16:52:51 | 000,000,266 | ---- | C] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
    [2012/08/14 01:11:48 | 000,000,240 | ---- | C] () -- C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
    [2012/08/08 00:53:06 | 000,000,916 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
    [2012/08/08 00:53:02 | 000,000,864 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
    [2012/08/07 22:45:11 | 000,915,929 | ---- | C] () -- C:\Users\daviepark\Desktop\Nick Hornby - A Long Way Down.pdf
    [2012/07/04 01:00:28 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
    [2011/12/26 04:24:55 | 000,584,584 | ---- | C] () -- C:\windows\adb.exe
    [2011/08/04 21:45:15 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
    [2011/07/11 16:49:45 | 000,172,005 | ---- | C] () -- C:\windows\hpoins47.dat
    [2011/07/11 16:49:45 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl47.dat
    [2010/10/18 00:03:13 | 000,007,168 | ---- | C] () -- C:\Users\daviepark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/22 19:53:27 | 000,000,708 | ---- | C] () -- C:\Users\daviepark\AppData\Roaming\wklnhst.dat
  19. muckledug

    muckledug TS Rookie Topic Starter

    OTL.txt pt2;

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ShowIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\HideIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ReinstallCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\shell\open\command\\: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ShowIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\HideIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ReinstallCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\shell\open\command\\: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/08/18 13:18:08 | 000,043,480 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\xcqchxec.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2010/12/01 02:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\4Media
    [2010/12/01 12:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2010/12/18 20:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Calibre2
    [2010/08/23 01:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2012/08/27 15:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2011/12/06 14:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
    [2010/12/27 22:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\EMC Corporation
    [2010/10/18 01:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\Eraser
    [2012/08/29 12:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2011/05/03 00:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\File Shredder
    [2012/08/28 14:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
    [2010/01/21 14:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\FSP
    [2011/09/27 02:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\GetFLV
    [2011/06/09 14:25:50 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2012/07/01 00:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
    [2011/07/11 16:52:48 | 000,000,000 | ---D | M] -- C:\Program Files\HP
    [2012/07/04 09:46:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/01/18 14:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2012/03/03 12:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010/10/11 20:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\IZArc
    [2010/08/19 19:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
    [2012/08/31 10:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2010/08/30 16:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
    [2011/05/03 00:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\LSoft Technologies
    [2010/01/18 14:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2010/09/18 21:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2010/08/19 19:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2012/08/18 11:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
    [2012/03/03 12:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2010/01/18 14:34:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2011/02/14 12:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2010/01/21 15:03:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2012/09/05 23:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2011/07/20 17:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2011/09/21 21:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\Nikki the Ninja
    [2010/12/22 13:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
    [2010/10/21 21:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\NWBusinessSoftware
    [2010/11/04 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
    [2010/12/29 12:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
    [2010/01/18 15:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010/10/11 21:57:13 | 000,000,000 | ---D | M] -- C:\Program Files\Serif
    [2012/08/08 04:13:56 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
    [2010/01/18 14:58:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
    [2010/10/16 12:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\TweetDeck
    [2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010/10/11 10:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2011/08/04 22:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2011/12/06 14:07:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2010/12/22 14:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Grep
    [2011/02/01 12:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
    [2011/12/06 14:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2011/12/06 14:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2011/12/06 14:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
    [2011/12/06 14:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2011/12/06 14:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010/10/11 19:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2011/12/26 04:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE Handset USB Driver

    < %appdata%\*.* >
    [2012/06/08 12:40:38 | 000,000,708 | ---- | M] () -- C:\Users\daviepark\AppData\Roaming\wklnhst.dat

    < MD5 for: AFD.SYS >
    [2011/04/25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
    [2010/11/20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
    [2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
    [2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
    [2011/04/25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
    [2011/04/25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
    [2009/07/14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\erdnt\cache\cryptsvc.dll
    [2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\System32\cryptsvc.dll
    [2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2010/11/20 13:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
    [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
    [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
    [2011/03/03 06:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
    [2011/03/03 06:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
    [2009/07/14 02:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
    [2011/03/03 06:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2012/08/17 23:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Users\alipark\AppData\Local\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
    [2012/08/14 05:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Users\alipark\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
    [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Users\daviepark\AppData\Local\Temp\es.dll
    [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache\es.dll
    [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
    [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2010/01/21 16:57:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2010/01/21 16:57:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
    [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 09:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
    [2010/11/20 09:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
    [2009/07/14 00:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\erdnt\cache\netman.dll
    [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
    [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

    < MD5 for: QMGR.DLL >
    [2009/07/14 02:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
    [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
    [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
    [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll
    [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
    [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2009/07/14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
    [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/04/25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
    [2011/09/29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
    [2011/04/25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
    [2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
    [2010/11/20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
    [2011/09/29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
    [2011/09/29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
    [2010/04/09 08:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
    [2010/04/09 08:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
    [2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\erdnt\cache\tcpip.sys
    [2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\System32\drivers\tcpip.sys
    [2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
    [2011/04/25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
    [2011/04/25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
    [2010/06/14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
    [2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

    < MD5 for: TDX.SYS >
    [2010/11/20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys
    [2010/11/20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
    [2010/11/20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    [2009/07/14 00:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
    [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2009/07/14 02:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
    [2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
    [2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
    [2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe
    [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
    [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
    [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
    [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
    [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
    [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
    [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
    [2010/12/21 06:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
    [2010/12/21 06:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 298 bytes -> C:\windows\System32\drivers\xcqchxec.sys:changelist
  20. muckledug

    muckledug TS Rookie Topic Starter

    EXTRAS.txt

    OTL Extras logfile created on: 06/09/2012 15:38:20 - Run 1
    OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\daviepark\Desktop
    Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.38 Mb Total Physical Memory | 387.25 Mb Available Physical Memory | 38.21% Memory free
    1.99 Gb Paging File | 1.29 Gb Available in Paging File | 64.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 108.07 Gb Total Space | 47.11 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
    Drive D: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

    Computer Name: ALIPARK-PC | User Name: daviepark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{98D7312F-8CB5-4267-9F8C-2A02CFE0B267}C:\users\daviepark\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\daviepark\downloads\utorrent.exe |
    "UDP Query User{0736DAA2-431B-47E6-A040-DCC675143368}C:\users\daviepark\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\daviepark\downloads\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
    "{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
    "{C0EC185F-33F7-4858-B947-672A5FCD7DBD}" = calibre
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EFA27A6C-DF46-568B-4BB1-1DBD064F67A8}" = TweetDeck
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
    "{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
    "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "CCleaner" = CCleaner
    "Digital Editions" = Adobe Digital Editions
    "File Shredder_is1" = File Shredder 2.0
    "Foxit Reader_is1" = Foxit Reader
    "GetFLV_is1" = GetFLV 9.0.4.9
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "hott notes 4" = hott notes 4
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
    "NatWest Business Software" = NatWest Business Software
    "Notepad++" = Notepad++
    "Opera 11.00.1156" = Opera 11.00
    "Picasa 3" = Picasa 3
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.10
    "Windows Grep_is1" = Windows Grep 2.3
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "4Media PDF to EPUB Converter" = 4Media PDF to EPUB Converter

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 05/09/2012 17:10:26 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 05/09/2012 17:10:26 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 05/09/2012 17:10:27 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 05/09/2012 17:10:27 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 05/09/2012 18:04:30 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
    Description = The program UNKNOWN version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: a54 Start Time:
    01cd8bb0c0fd5b95 Termination Time: 60000 Application Path: UNKNOWN Report Id:

    Error - 05/09/2012 18:06:06 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
    Description = The program UNKNOWN version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 7e0 Start Time:
    01cd8b9bc97ee1a6 Termination Time: 60000 Application Path: UNKNOWN Report Id: afc1db93-f7a5-11e1-a089-001a13bb75f7

    Error - 05/09/2012 18:21:50 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: c40 Start
    Time: 01cd8bb305128821 Termination Time: 63 Application Path: C:\Program Files\Mozilla
    Firefox\firefox.exe Report Id: 08bf7c29-f7a8-11e1-a089-001a13bb75f7

    Error - 05/09/2012 20:30:30 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: bcc Start
    Time: 01cd8bbe408a5ed6 Termination Time: 42 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 06/09/2012 10:14:46 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.61.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: e1c Start Time:
    01cd8c36c18230cb Termination Time: 15 Application Path: C:\Users\daviepark\Desktop\OTL.exe
    Report
    Id:

    Error - 06/09/2012 10:34:26 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.61.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 950 Start Time:
    01cd8c3a01e625d5 Termination Time: 16 Application Path: C:\Users\daviepark\Desktop\OTL.exe
    Report
    Id:

    [ System Events ]
    Error - 05/09/2012 21:21:18 | Computer Name = alipark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 05/09/2012 21:31:18 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 05/09/2012 21:31:18 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 06/09/2012 06:37:41 | Computer Name = alipark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 06/09/2012 06:47:31 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 06/09/2012 06:47:31 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 06/09/2012 08:47:38 | Computer Name = alipark-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 06/09/2012 08:59:30 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 06/09/2012 08:59:30 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 06/09/2012 10:12:17 | Computer Name = alipark-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
      IE - HKCU\..\SearchScopes\{742B8DE7-D75C-44E1-A4BB-12100C0CE82B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
      O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
      [2012/08/29 12:03:46 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    Let me know how your computer acts now.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.