Inactive Another victim of Sirefef; PC rebooting after 1 min

M

muckledug

Posts: 13   +0
Hi there. I would be eternally grateful for any help. I'm a bit of a technophobe but have managed to run Farbar . Here is the log from its initial run:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 24-08-2012 13:18:32
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe" [3342336 2009-09-23] (Sentelic Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\alipark\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [x]
HKU\alipark\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup [x]
HKU\alipark\...\Run: [Google Update] "C:\Users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-07] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\alipark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\daviepark\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
================================ Services (Whitelisted) ==================
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
========================== Drivers (Whitelisted) =============
0 DasBoot; C:\Windows\system32\drivers\DasBoot.SYS [20744 2012-01-17] ()
0 DasBootF; C:\Windows\system32\drivers\DasBootF.SYS [59272 2012-01-17] ()
3 fspad_wlh32; C:\Windows\System32\DRIVERS\fspad_wlh32.sys [41984 2009-09-22] (Sentelic Corporation)
3 ghsmdm; C:\Windows\System32\DRIVERS\ghsmdm.sys [113432 2011-03-28] (ZTE Incorporated)
3 massfilter_hs; \??\C:\windows\system32\drivers\massfilter_hs.sys [15896 2011-07-07] (HandSet Incorporated)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-24 11:51 - 2012-08-24 11:52 - 00000000 ____D C:\FRST
2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
2012-08-24 03:52 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\New folder
2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
2012-08-20 16:56 - 2012-08-20 16:57 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
2012-08-20 15:59 - 2012-08-24 04:09 - 00001288 ____A C:\Windows\setupact.log
2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-18 04:39 - 2012-08-18 04:49 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-08-18 04:36 - 2012-08-24 04:13 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
2012-08-18 04:35 - 2012-08-24 03:57 - 00000000 ____D C:\Windows\System32\DBBK
2012-08-18 04:35 - 2012-08-18 04:50 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
2012-08-18 04:35 - 2012-03-22 08:17 - 00225664 ____A C:\Windows\System32\Drivers\DasBootS.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00059272 ____A C:\Windows\System32\Drivers\DasBootF.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00027528 ____A C:\Windows\System32\Drivers\DasBootK.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00020744 ____A C:\Windows\System32\Drivers\DasBoot.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootI.SYS
2012-08-18 04:35 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootE.SYS
2012-08-18 04:35 - 2010-05-03 17:37 - 00003072 ____A C:\Windows\System32\Drivers\DasBootD.SYS
2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
2012-08-18 02:37 - 2012-08-18 02:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
2012-08-17 18:30 - 2012-08-17 18:30 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-17 18:24 - 2012-08-18 04:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
2012-08-12 11:32 - 2012-08-12 11:32 - 00000000 ____D C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer_files
2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
2012-08-11 16:22 - 2012-08-24 03:53 - 00000000 ____D C:\Users\daviepark\Desktop\Dalmellington
2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
2012-08-07 15:55 - 2012-08-14 18:13 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
2012-08-07 15:53 - 2012-08-18 04:04 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
2012-08-07 15:53 - 2012-08-17 16:04 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Deployment
2012-08-07 15:52 - 2012-08-07 15:52 - 00000000 ____D C:\Users\alipark\AppData\Local\Apps\2.0
2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
2012-08-05 15:22 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\clothes
2012-08-05 15:18 - 2012-08-05 15:22 - 00000000 ____D C:\Users\alipark\Desktop\work
============ 3 Months Modified Files ========================
2012-08-24 04:13 - 2012-08-18 04:36 - 00028900 ____A C:\Windows\System32\PHOOKSmf.txt
2012-08-24 04:09 - 2012-08-20 15:59 - 00001288 ____A C:\Windows\setupact.log
2012-08-24 04:09 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-24 03:59 - 2012-08-24 03:59 - 00000328 ____A C:\Windows\PFRO.log
2012-08-20 16:57 - 2012-08-20 16:57 - 00388948 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW.exe
2012-08-20 16:57 - 2012-08-20 16:56 - 08852592 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\Pareto_AV_Setup_RW (1).exe
2012-08-20 16:52 - 2012-08-20 16:52 - 01015348 ____A (ParetoLogic Inc.) C:\Users\alipark\Downloads\1EF3.tmp
2012-08-20 16:45 - 2012-08-20 16:45 - 00000198 ____A C:\Users\alipark\Desktop\Delete TrojanWin32-Sirefef.AB - How to Delete TrojanWin32-Sirefef.AB - YouTube.url
2012-08-20 15:59 - 2012-08-20 15:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-18 04:50 - 2012-08-18 04:35 - 00035329 ____A C:\Users\daviepark\Desktop\yorkyt.exe.log
2012-08-18 04:49 - 2012-08-18 04:39 - 00210840 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-08-18 04:31 - 2012-08-18 04:31 - 01415784 ____A C:\Users\daviepark\Desktop\yorkyt.exe
2012-08-18 04:21 - 2012-08-18 04:21 - 01415784 ____A C:\Users\daviepark\Downloads\yorkyt.exe
2012-08-18 04:18 - 2012-08-18 04:18 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xcqchxec.sys
2012-08-18 04:08 - 2012-08-17 18:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-18 04:04 - 2012-08-07 15:53 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
2012-08-18 03:55 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-18 02:38 - 2011-01-28 15:07 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-18 02:38 - 2010-01-18 05:19 - 00722628 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-18 02:36 - 2012-08-18 02:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daviepark\Downloads\mseinstall.exe
2012-08-18 02:08 - 2012-04-27 16:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-18 02:08 - 2011-07-22 15:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-18 01:43 - 2009-07-13 20:34 - 00010464 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-17 16:04 - 2012-08-07 15:53 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
2012-08-17 04:13 - 2012-08-17 04:13 - 00000182 ____A C:\Users\alipark\Desktop\Knitwear David Emanuel Rib Edge To Edge Cardigan Black Plus Size Womens Clothing from Bonmarche.url
2012-08-15 07:57 - 2012-08-15 07:57 - 00000241 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
2012-08-15 07:52 - 2012-08-15 07:52 - 00000266 ____A C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
2012-08-14 18:13 - 2012-08-07 15:55 - 00002473 ____A C:\Users\alipark\Desktop\Google Chrome.lnk
2012-08-14 16:00 - 2010-12-04 03:54 - 00010547 ____A C:\Users\daviepark\Documents\Untitled 1.odt
2012-08-14 15:50 - 2012-06-01 17:02 - 00000240 ____A C:\Users\daviepark\Desktop\Royal Babylon Part 1 - Video Dailymotion.url
2012-08-14 07:13 - 2012-08-14 07:13 - 00000232 ____A C:\Users\alipark\Desktop\Amazon.co.uk - Subscribe & Save.url
2012-08-13 16:11 - 2012-08-13 16:11 - 00000240 ____A C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
2012-08-12 11:32 - 2012-08-12 11:32 - 00376095 ____A C:\Users\alipark\Desktop\Plus Round Neck Bobble Button Plain Cardigan - Marks & Spencer.htm
2012-08-12 09:17 - 2012-08-12 09:17 - 00000426 ____A C:\Users\alipark\Desktop\Evans Large Floral Maxi Dress - New In - Evans.url
2012-08-11 10:11 - 2012-08-11 10:11 - 00000220 ____A C:\Users\alipark\Desktop\The Lordship of Galloway c.900 to c.1300 Amazon.co.uk Richard Oram Books.url
2012-08-11 08:58 - 2012-08-11 08:58 - 00000194 ____A C:\Users\alipark\Desktop\Helen of Galloway - Wikipedia, the free encyclopedia.url
2012-08-09 17:34 - 2012-08-09 17:34 - 00000210 ____A C:\Users\daviepark\Desktop\Breakdown Cover Select your level of cover - The AA.url
2012-08-08 02:40 - 2012-08-08 02:40 - 03834787 ____A C:\Users\daviepark\Downloads\Community_Action_Kit.zip
2012-08-07 10:55 - 2012-08-07 10:55 - 00000213 ____A C:\Users\alipark\Desktop\Soft-Spoken Makeup Roleplay - YouTube.url
2012-08-07 10:53 - 2012-08-07 10:53 - 00000213 ____A C:\Users\alipark\Desktop\~Relaxing Make Up Artist Role Play ~ - YouTube.url
2012-08-06 10:26 - 2012-08-06 10:26 - 00000143 ____A C:\Users\daviepark\Desktop\Your selected plan uSwitch.url
2012-07-05 10:59 - 2012-07-05 10:59 - 00000232 ____A C:\Users\daviepark\Desktop\100 Grip Seal Bags 6 x 9 Inch 200g Strong Reusable Zip Lock Amazon.co.uk Kitchen & Home.url
2012-07-03 16:00 - 2012-07-03 16:00 - 00000064 ____A C:\Windows\GPlrLanc.dat
2012-07-03 15:59 - 2012-07-03 15:58 - 00481296 ____A (Clasys Ltd.) C:\Users\daviepark\Desktop\WS_CI221_V25.exe
2012-07-01 15:45 - 2012-07-01 15:45 - 00000133 ____A C:\Users\daviepark\Desktop\Mail Order sunset song, cloud howe dvds.url
2012-06-30 15:24 - 2012-06-30 15:24 - 00000224 ____A C:\Users\alipark\Desktop\Amazon.com Stargate Universe [HD] Season 1, Episode 11 Space [HD] Amazon Instant Video.url
2012-06-30 14:34 - 2012-06-30 14:34 - 00000222 ____A C:\Users\daviepark\Desktop\Self help try positive action, not positive thinking Science The Observer.url
2012-06-23 01:09 - 2012-06-23 01:09 - 00000195 ____A C:\Users\alipark\Desktop\Welcome to Facebook — Log in, sign up or learn more.url
2012-06-20 07:27 - 2012-06-20 03:49 - 00000213 ____A C:\Users\daviepark\Desktop\Edinburgh.url
2012-06-20 03:49 - 2012-06-20 03:49 - 00000418 ____A C:\Users\daviepark\Desktop\accommodation edinburgh castle edinburgh city centre - Google Maps.url
2012-06-20 03:27 - 2012-06-20 03:27 - 00000138 ____A C:\Users\daviepark\Desktop\Home.url
2012-06-18 15:35 - 2012-06-18 15:35 - 00001318 ____A C:\Users\daviepark\Desktop\suburbaniteshand00thor.pdf - Shortcut.lnk
2012-06-18 00:59 - 2012-06-18 00:59 - 00000140 ____A C:\Users\daviepark\Desktop\Kippford Holidays - Luxury two bedroom caravan overlooking Kippford and Solway Coast near Dalbeattie, Dumfries and Galloway.url
2012-06-17 16:08 - 2012-06-17 16:08 - 00000370 ____A C:\Users\daviepark\Desktop\Hoseasons - Holiday Availability Listing.url
2012-06-08 03:40 - 2010-08-22 10:53 - 00000708 ____A C:\Users\daviepark\AppData\Roaming\wklnhst.dat
2012-06-02 14:19 - 2012-06-19 00:27 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 00:27 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 00:27 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 00:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 00:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 00:27 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 00:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-19 00:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-19 00:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 07:10 - 2012-06-01 07:10 - 00000725 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-01 07:09 - 2012-06-01 07:08 - 49744959 ____A C:\Users\daviepark\Downloads\ONE British Lord responsible for Pearl Harbor - the traitor Lord Sempill (1 of 4) [SaveYouTube.com].mp4
2012-06-01 06:45 - 2010-10-11 01:40 - 00880496 ____A (BitTorrent, Inc.) C:\Users\daviepark\Downloads\utorrent.exe
ZeroAccess:
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\@
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\n
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\U
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\00000004.@
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L\201d3dde
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 36%
Total physical RAM: 1013.38 MB
Available physical RAM: 638.64 MB
Total Pagefile: 1013.38 MB
Available Pagefile: 644.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.38 MB
======================= Partitions =========================
1 Drive c: (Windows7) (Fixed) (Total:108.07 GB) (Free:50.04 GB) NTFS
2 Drive e: (New Volume) (Fixed) (Total:117.19 GB) (Free:117.1 GB) NTFS
3 Drive f: () (Removable) (Total:1.89 GB) (Free:0.78 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (WinRe) (Fixed) (Total:7.63 GB) (Free:3.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1935 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7813 MB 1024 KB
Partition 2 Primary 108 GB 7814 MB
Partition 3 Primary 117 GB 115 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y WinRe NTFS Partition 7813 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows7 NTFS Partition 108 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 117 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1935 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1935 MB Healthy
==================================================================================
Last Boot: 2012-08-16 15:10
======================= End Of Log ==========================
 
And here is the search.txt log;

Farbar Recovery Scan Tool Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-24 13:25:42
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===

P.S. When running farbar, I chose UK keyboard setup (I'm in the UK and have a UK keyboard)
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}
C:\Windows\assembly\GAC\Desktop.ini
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
here is fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-26 00:09:40 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
booted normally as instructed. PC is no longer rebooting. PC status reported as 'potentially unprotected'.
 
ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Having trouble logging on to internet. Browsers behaving erratically.

Here is the combofix log:
ComboFix 12-08-25.04 - daviepark 27/08/2012 14:51:29.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1013.417 [GMT 1:00]
Running from: c:\users\daviepark\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 13:17 . 2012-08-27 13:17 -------- d-----w- c:\users\daviepark\AppData\Local\Macromedia
2012-08-24 19:51 . 2012-08-24 19:52 -------- d-----w- C:\FRST
2012-08-18 12:35 . 2012-08-27 14:12 -------- d-----w- c:\windows\system32\DBBK
2012-08-18 12:35 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2012-08-18 12:35 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2012-08-18 12:35 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2012-08-18 12:35 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2012-08-18 12:35 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2012-08-18 12:35 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2012-08-18 12:35 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2012-08-18 12:18 . 2012-08-18 12:18 43480 ----a-w- c:\windows\system32\drivers\xcqchxec.sys
2012-08-18 10:37 . 2012-08-18 10:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-18 02:30 . 2012-08-18 02:30 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\users\alipark\AppData\Local\Deployment
2012-08-07 23:52 . 2012-08-07 23:52 -------- d-----w- c:\users\alipark\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 14:12 . 2012-08-27 13:33 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4BC0BA-DBAF-4019-86AA-4856761C4FFF}\offreg.dll
2012-08-18 10:08 . 2012-04-28 00:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 10:08 . 2011-07-22 23:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-01 22:51 . 2012-08-27 13:10 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4BC0BA-DBAF-4019-86AA-4856761C4FFF}\mpengine.dll
2012-07-16 01:41 . 2012-08-18 10:42 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-02 22:19 . 2012-06-19 08:27 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 08:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 08:26 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 08:26 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 08:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 08:27 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 08:26 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-19 08:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-19 08:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-11-21 04:21 . 2011-12-06 18:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-09-23 3342336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\daviepark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 07:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ghsmdm;Handset USB Modem;c:\windows\system32\DRIVERS\ghsmdm.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 DasBoot;Panda AntiMalware Support;c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS [x]
S0 DasBootF;Panda AntiMalware Support MF;c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 10:08]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
- c:\users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 23:52]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
- c:\users\alipark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2020085807-1544784501-1952108477-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2020085807-1544784501-1952108477-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-27 15:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 14:23
.
Pre-Run: 53,176,008,704 bytes free
Post-Run: 53,224,972,288 bytes free
.
- - End Of File - - 1A4DF396A5E666A959027F0C20F734F6
 
Okay..let's see here...

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
AdwCleaner search log:

# AdwCleaner v1.801 - Logfile created 08/28/2012 at 11:45:43
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : daviepark - ALIPARK-PC
# Boot Mode : Normal
# Running from : C:\Users\daviepark\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\Users\alipark\AppData\Local\Ilivid Player
Folder Found : C:\Users\daviepark\AppData\Local\Conduit
Folder Found : C:\Users\daviepark\AppData\LocalLow\Conduit
Folder Found : C:\Users\daviepark\AppData\LocalLow\PriceGong
Folder Found : C:\Users\daviepark\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\ConduitCommon
Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3072253
Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3198785
Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\Smartbar
Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\uTorrentControl2
File Found : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\searchplugins\Conduit.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Found : HKLM\SOFTWARE\uTorrentControl2
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{999CD03A-804F-434C-9551-E45CAF24CF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{960CA5BC-E5CE-4120-93C6-39092069163B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v8.0.1 (en-GB)
Profile name : default
File : C:\Users\alipark\AppData\Roaming\Mozilla\Firefox\Profiles\jpxyqh0k.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\prefs.js
Found : user_pref("CT3072253..clientLogIsEnabled", false);
Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Found : user_pref("CT3072253.CTID", "CT3072253");
Found : user_pref("CT3072253.CurrentServerDate", "27-8-2012");
Found : user_pref("CT3072253.DSInstall", false);
Found : user_pref("CT3072253.DialogsAlignMode", "LTR");
Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT3072253.DownloadReferralCookieData", "");
Found : user_pref("CT3072253.FirstServerDate", "4-7-2012");
Found : user_pref("CT3072253.FirstTime", true);
Found : user_pref("CT3072253.FirstTimeFF3", true);
Found : user_pref("CT3072253.FixPageNotFoundErrors", true);
Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3072253.HPInstall", false);
Found : user_pref("CT3072253.HasUserGlobalKeys", true);
Found : user_pref("CT3072253.HomePageProtectorEnabled", false);
Found : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.co.uk/");
Found : user_pref("CT3072253.Initialize", true);
Found : user_pref("CT3072253.InitializeCommonPrefs", true);
Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3072253.InstallationId", "fft11F0.tmp.exe");
Found : user_pref("CT3072253.InstallationType", "XPE");
Found : user_pref("CT3072253.InstalledDate", "Tue Jul 03 2012 23:05:06 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3072253.IsAlertDBUpdated", true);
Found : user_pref("CT3072253.IsGrouping", false);
Found : user_pref("CT3072253.IsInitSetupIni", true);
Found : user_pref("CT3072253.IsMulticommunity", false);
Found : user_pref("CT3072253.IsOpenThankYouPage", true);
Found : user_pref("CT3072253.IsOpenUninstallPage", false);
Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon Aug 27 2012 14:17:25 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3072253.LastLogin_3.12.0.8", "Tue Jul 03 2012 23:05:09 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Wed Aug 08 2012 02:27:46 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Found : user_pref("CT3072253.Locale", "en");
Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Found : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Found : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Found : user_pref("CT3072253.SearchInNewTabEnabled", true);
Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3072253.SearchProtectorEnabled", false);
Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Aug 27 2012 14:17:24 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT3072253.SettingsLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3072253.SettingsLastUpdate", "1345149440");
Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Aug 08 2012 02:27:42 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3072253.UserID", "UN69560583829857032");
Found : user_pref("CT3072253.ValidationData_Search", 1);
Found : user_pref("CT3072253.alertChannelId", "1463702");
Found : user_pref("CT3072253.autoDisableScopes", -1);
Found : user_pref("CT3072253.backendstorage.cbcountry_001", "4742");
Found : user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20303320323031322032333A30353A31342[...]
Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F2E756[...]
Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon Aug 27 2012 14:17:27 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3072253.initDone", true);
Found : user_pref("CT3072253.isAppTrackingManagerOn", false);
Found : user_pref("CT3072253.myStuffEnabled", true);
Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3072253.navigateToUrlOnSearch", false);
Found : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Found : user_pref("CT3072253.revertSettingsEnabled", true);
Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Found : user_pref("CT3072253.testingCtid", "");
Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3198785.1000082.isPlayDisplay", "true");
Found : user_pref("CT3198785.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3198785.129761883816955218.pid2", "8493efb787da9633");
Found : user_pref("CT3198785.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3198785.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3198785.FirstTime", "true");
Found : user_pref("CT3198785.FirstTimeFF3", "true");
Found : user_pref("CT3198785.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Found : user_pref("CT3198785.UserID", "UN45487137326407767");
Found : user_pref("CT3198785.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3198785.autoDisableScopes", -1);
Found : user_pref("CT3198785.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3198785.defaultSearch", "true");
Found : user_pref("CT3198785.embeddedsData", "[{\"appId\":\"129761883813986480\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3198785.enableAlerts", "always");
Found : user_pref("CT3198785.enableSearchFromAddressBar", "true");
Found : user_pref("CT3198785.firstTimeDialogOpened", "true");
Found : user_pref("CT3198785.fixPageNotFoundError", "true");
Found : user_pref("CT3198785.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3198785.fixUrls", true);
Found : user_pref("CT3198785.installId", "230");
Found : user_pref("CT3198785.installType", "ConduitNSISIntegration");
Found : user_pref("CT3198785.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3198785.isNewTabEnabled", true);
Found : user_pref("CT3198785.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3198785.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3198785.keyword", true);
Found : user_pref("CT3198785.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Found : user_pref("CT3198785.openThankYouPage", "false");
Found : user_pref("CT3198785.openUninstallPage", "true");
Found : user_pref("CT3198785.search.searchAppId", "129761883813986480");
Found : user_pref("CT3198785.search.searchCount", "0");
Found : user_pref("CT3198785.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3198785.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3198785.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3198785.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3198785.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344389273867");
Found : user_pref("CT3198785.serviceLayer_services_appTracking_lastUpdate", "1344394716837");
Found : user_pref("CT3198785.serviceLayer_services_appsMetadata_lastUpdate", "1344389273659");
Found : user_pref("CT3198785.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344394717404");
Found : user_pref("CT3198785.serviceLayer_services_optimizer_lastUpdate", "1344394717324");
Found : user_pref("CT3198785.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344389275184");
Found : user_pref("CT3198785.serviceLayer_services_searchAPI_lastUpdate", "1344389271456");
Found : user_pref("CT3198785.serviceLayer_services_serviceMap_lastUpdate", "1344389270803");
Found : user_pref("CT3198785.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344394716186");
Found : user_pref("CT3198785.serviceLayer_services_toolbarSettings_lastUpdate", "1344389271359");
Found : user_pref("CT3198785.serviceLayer_services_translation_lastUpdate", "1344389274131");
Found : user_pref("CT3198785.settingsINI", true);
Found : user_pref("CT3198785.shouldFirstTimeDialog", "false");
Found : user_pref("CT3198785.smartbar.CTID", "CT3198785");
Found : user_pref("CT3198785.smartbar.Uninstall", "0");
Found : user_pref("CT3198785.smartbar.homepage", true);
Found : user_pref("CT3198785.smartbar.toolbarName", "WhiteSmoke US ");
Found : user_pref("CT3198785.toolbarBornServerTime", "8-8-2012");
Found : user_pref("CT3198785.toolbarCurrentServerTime", "8-8-2012");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"7ae[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\daviepark\\AppData\\Roaming\\Mozill[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Found : user_pref("CommunityToolbar.globalUserId", "39a5a613-d06d-423a-8235-69a98023ef8d");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:3[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 27 2012 14:17:33 GMT+0100 (G[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "ae640c30-ff01-4307-b83e-697775ae4702");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.co.uk/");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3198785");
Found : user_pref("browser.search.selectedEngine", "WhiteSmoke US Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=[...]
-\\ Opera v11.0.1156.0
File : C:\Users\alipark\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\daviepark\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [20844 octets] - [28/08/2012 11:45:43]
########## EOF - C:\AdwCleaner[R1].txt - [20973 octets] ##########
 
Remove the Adware.
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Please post the log.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
# AdwCleaner v1.801 - Logfile created 08/29/2012 at 11:51:29
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : daviepark - ALIPARK-PC
# Boot Mode : Normal
# Running from : C:\Users\daviepark\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Users\alipark\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\daviepark\AppData\Local\Conduit
Folder Deleted : C:\Users\daviepark\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\daviepark\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\daviepark\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\ConduitCommon
Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3072253
Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\CT3198785
Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\Smartbar
Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentControl2
File Deleted : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\searchplugins\Conduit.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\uTorrentControl2
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{999CD03A-804F-434C-9551-E45CAF24CF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{960CA5BC-E5CE-4120-93C6-39092069163B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v8.0.1 (en-GB)
Profile name : default
File : C:\Users\alipark\AppData\Roaming\Mozilla\Firefox\Profiles\jpxyqh0k.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\prefs.js
Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "27-8-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "4-7-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.co.uk/");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft11F0.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Tue Jul 03 2012 23:05:06 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon Aug 27 2012 14:17:25 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Tue Jul 03 2012 23:05:09 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Wed Aug 08 2012 02:27:46 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Aug 27 2012 14:17:24 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Mon Aug 27 2012 14:17:23 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1345149440");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Aug 08 2012 02:27:42 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN69560583829857032");
Deleted : user_pref("CT3072253.ValidationData_Search", 1);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4742");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20303320323031322032333A30353A31342[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F2E756[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon Aug 27 2012 14:17:27 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Aug 27 2012 14:17:26 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3198785.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3198785.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3198785.129761883816955218.pid2", "8493efb787da9633");
Deleted : user_pref("CT3198785.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3198785.FirstTime", "true");
Deleted : user_pref("CT3198785.FirstTimeFF3", "true");
Deleted : user_pref("CT3198785.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Deleted : user_pref("CT3198785.UserID", "UN45487137326407767");
Deleted : user_pref("CT3198785.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3198785.autoDisableScopes", -1);
Deleted : user_pref("CT3198785.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3198785.defaultSearch", "true");
Deleted : user_pref("CT3198785.embeddedsData", "[{\"appId\":\"129761883813986480\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3198785.enableAlerts", "always");
Deleted : user_pref("CT3198785.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3198785.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3198785.fixPageNotFoundError", "true");
Deleted : user_pref("CT3198785.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3198785.fixUrls", true);
Deleted : user_pref("CT3198785.installId", "230");
Deleted : user_pref("CT3198785.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3198785.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.isNewTabEnabled", true);
Deleted : user_pref("CT3198785.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3198785.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3198785.keyword", true);
Deleted : user_pref("CT3198785.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3198785.openThankYouPage", "false");
Deleted : user_pref("CT3198785.openUninstallPage", "true");
Deleted : user_pref("CT3198785.search.searchAppId", "129761883813986480");
Deleted : user_pref("CT3198785.search.searchCount", "0");
Deleted : user_pref("CT3198785.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3198785.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3198785.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3198785.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344389273867");
Deleted : user_pref("CT3198785.serviceLayer_services_appTracking_lastUpdate", "1344394716837");
Deleted : user_pref("CT3198785.serviceLayer_services_appsMetadata_lastUpdate", "1344389273659");
Deleted : user_pref("CT3198785.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344394717404");
Deleted : user_pref("CT3198785.serviceLayer_services_optimizer_lastUpdate", "1344394717324");
Deleted : user_pref("CT3198785.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344389275184");
Deleted : user_pref("CT3198785.serviceLayer_services_searchAPI_lastUpdate", "1344389271456");
Deleted : user_pref("CT3198785.serviceLayer_services_serviceMap_lastUpdate", "1344389270803");
Deleted : user_pref("CT3198785.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344394716186");
Deleted : user_pref("CT3198785.serviceLayer_services_toolbarSettings_lastUpdate", "1344389271359");
Deleted : user_pref("CT3198785.serviceLayer_services_translation_lastUpdate", "1344389274131");
Deleted : user_pref("CT3198785.settingsINI", true);
Deleted : user_pref("CT3198785.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3198785.smartbar.CTID", "CT3198785");
Deleted : user_pref("CT3198785.smartbar.Uninstall", "0");
Deleted : user_pref("CT3198785.smartbar.homepage", true);
Deleted : user_pref("CT3198785.smartbar.toolbarName", "WhiteSmoke US ");
Deleted : user_pref("CT3198785.toolbarBornServerTime", "8-8-2012");
Deleted : user_pref("CT3198785.toolbarCurrentServerTime", "8-8-2012");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"7ae[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\daviepark\\AppData\\Roaming\\Mozill[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "39a5a613-d06d-423a-8235-69a98023ef8d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 27 2012 14:17:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 27 2012 14:17:33 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ae640c30-ff01-4307-b83e-697775ae4702");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.co.uk/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3198785");
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke US Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=[...]
-\\ Opera v11.0.1156.0
File : C:\Users\alipark\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\daviepark\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [20975 octets] - [28/08/2012 11:45:43]
AdwCleaner[S1].txt - [21377 octets] - [29/08/2012 11:51:29]
########## EOF - C:\AdwCleaner[S1].txt - [21506 octets] ##########
 
C:\FRST\Quarantine\services.exe Win32/Sirefef.FC trojan deleted - quarantined
C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{7d8c2957-6119-1690-cdfd-9126525147da}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Users\daviepark\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\34307e44-781fe02a Java/TrojanDownloader.OpenConnection.AP trojan cleaned by deleting - quarantined
C:\Users\daviepark\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\143b51c7-1415b4ad a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Windows\System32\DBBK\54ED1955EDB126599E3814B6E251BCA6 a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\System32\DBBK\615E237F22F90CF81D52530D1CF84AAC a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\DBBK\6E71F4274113197AD75262AF24FB1B09 Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\Windows\System32\DBBK\85C5DEC9B6B5D6B9DE2C0331A102AD71 Win32/Sirefef.EZ trojan deleted - quarantined
C:\Windows\System32\DBBK\9056639F5731CEF4D8EAEEBD2021EB0E a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\DBBK\A302BBFF2A7278C0E239EE5D471D86A9 Win32/Sirefef.FC trojan deleted - quarantined
C:\Windows\System32\DBBK\FE2EB24E6BD36B8BE3869ECE85AA72BC Win32/Conedex.D trojan cleaned by deleting - quarantined
 
Please run the F-Secure Online Scanner
  • Accept the License Agreement and check the box. Then click on Run Check.
  • fsecurescan.png
  • It will ask you to Run the Java plugin. Please confirm.
  • Once the download completes, the window for the scanner will launch.
  • Please confirm anymore prompts, and then select Full Scan.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • It will run its cleaning.
  • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
 
[FONT=Verdana] First scan crashed when removing spyware. I ran the scanner again and it found nothing - so I presume it managed to remove the spyware on the first run. Here is the log from the second run.[/FONT]
[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Friday, August 31, 2012 22:51:28 - 00:09:22[/FONT]

Computer name: ALIPARK-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
[FONT=Arial]No malware found[/FONT]


[FONT=Arial]Statistics[/FONT]

Scanned:
  • Files: 114539
  • System: 4441
  • Not scanned: 21
Actions:
  • Disinfected: 0
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
Files not scanned:
  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\~DF2440C9C8ABC8814A.TMP
  • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\~DF259F4B7F62AD0AF8.TMP
  • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\~DF419D0C8157EC2E8D.TMP
  • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_DAVIEPARK\3648
  • C:\USERS\DAVIEPARK\APPDATA\LOCAL\TEMP\HSPERFDATA_DAVIEPARK\3960
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP
  • C:\FRST\QUARANTINE\DESKTOP.INI
[FONT=Arial]Options[/FONT]

Scanning engines:
Scanning options:
  • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
  • Use advanced heuristics
 
Hi DMJ,
Many thanks for all your help so far. There are a few issues with the PC's operation. For some reason, regardless of the browser I use, I can't login to my google account or surf to google docs / gmail. The browser reports that it can't display the webpage. I have the exact same issue with Facebook. Also, the PC does seem to be running fairly slowly and both memory and processor seem to be getting worked pretty hard.
 
Let's take a closer look...

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
  • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
OTL.TXT (pt 1.

OTL logfile created on: 06/09/2012 15:38:20 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\daviepark\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 387.25 Mb Available Physical Memory | 38.21% Memory free
1.99 Gb Paging File | 1.29 Gb Available in Paging File | 64.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.07 Gb Total Space | 47.11 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: ALIPARK-PC | User Name: daviepark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 15:36:24 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.com
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/23 18:00:30 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Program Files\FSP\FspUip.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/23 18:00:10 | 000,053,248 | ---- | M] () -- C:\Program Files\FSP\KbdHook.dll
MOD - [2009/09/18 18:35:28 | 000,073,728 | ---- | M] () -- C:\Program Files\FSP\FspLib.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/18 11:08:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DAVIEP~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/17 21:55:36 | 000,059,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DasBootF.SYS -- (DasBootF)
DRV - [2012/01/17 21:55:34 | 000,020,744 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DasBoot.SYS -- (DasBoot)
DRV - [2011/07/07 17:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/03/28 16:34:42 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ghsmdm.sys -- (ghsmdm)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/09/22 17:50:04 | 000,041,984 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/08/10 04:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 01 49 BB D8 41 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {45AB837B-1732-47F4-914B-28202E54527B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45AB837B-1732-47F4-914B-28202E54527B}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{742B8DE7-D75C-44E1-A4BB-12100C0CE82B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/webhp?hl=en&tab=mw"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/05 23:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/06 19:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daviepark\AppData\Roaming\Mozilla\Extensions
[2012/08/29 11:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daviepark\AppData\Roaming\Mozilla\Firefox\Profiles\v5rtmmiq.default\extensions
[2012/08/31 10:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/31 10:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 23:08:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 23:08:36 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/05 23:08:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 23:08:36 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/09/05 23:08:36 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/05 23:08:36 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/08/27 15:12:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70C6A873-0973-47B7-81CC-36B822FFD4F6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 15:36:23 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.com
[2012/09/06 14:50:16 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.exe
[2012/08/31 10:14:21 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/08/31 10:14:20 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/08/31 10:14:20 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/08/30 15:27:05 | 000,000,000 | ---D | C] -- C:\Users\daviepark\AppData\Roaming\f-secure
[2012/08/30 15:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/08/30 15:12:03 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012/08/30 15:12:03 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012/08/30 15:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/29 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/29 12:03:46 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2012/08/28 14:54:47 | 000,000,000 | ---D | C] -- C:\Users\daviepark\AppData\Roaming\Foxit Software
[2012/08/28 14:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/08/27 16:22:36 | 000,000,000 | ---D | C] -- C:\Users\daviepark\Desktop\ebikes
[2012/08/27 15:20:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/27 14:47:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/27 14:47:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/27 14:47:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/27 14:47:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/27 14:46:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/27 14:31:53 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\daviepark\Desktop\ComboFix.exe
[2012/08/27 14:17:59 | 000,000,000 | ---D | C] -- C:\Users\daviepark\AppData\Local\Macromedia
[2012/08/24 20:51:59 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/18 13:35:40 | 000,000,000 | ---D | C] -- C:\windows\System32\DBBK
[2012/08/18 13:18:08 | 000,043,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\xcqchxec.sys
[2012/08/18 11:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/18 03:30:09 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/08/12 01:22:49 | 000,000,000 | ---D | C] -- C:\Users\daviepark\Desktop\Dalmellington

========== Files - Modified Within 30 Days ==========

[2012/09/06 15:36:24 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.com
[2012/09/06 15:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 15:04:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
[2012/09/06 14:50:16 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\daviepark\Desktop\OTL.exe
[2012/09/06 13:54:49 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 13:54:49 | 000,010,464 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 13:46:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/06 13:46:48 | 796,954,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 01:04:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
[2012/09/05 15:16:08 | 000,000,265 | ---- | M] () -- C:\Users\daviepark\Desktop\Sky box upgrades - Claim your free Sky+HD box - Upgrade now.url
[2012/09/05 01:35:49 | 000,000,320 | ---- | M] () -- C:\Users\daviepark\Desktop\Panasonic TX-L32E5B review Verdict Plasma and lcd tvs Reviews TechRadar.url
[2012/09/05 00:11:18 | 000,000,301 | ---- | M] () -- C:\Users\daviepark\Desktop\Vivanco SBX 95SE 4-Way AV Scart Switcher Box eBay.url
[2012/09/04 23:57:57 | 000,000,282 | ---- | M] () -- C:\Users\daviepark\Desktop\Amazon.co.uk Customer Reviews AV Control Box (3 scart) - Full RGB!!! Vivanco SBX-94SE.url
[2012/09/04 23:50:04 | 000,000,238 | ---- | M] () -- C:\Users\daviepark\Desktop\Automatic 3-way Scart Switch Box - 3 Inputs - 1 output Amazon.co.uk Electronics.url
[2012/09/04 16:11:34 | 000,000,244 | ---- | M] () -- C:\Users\daviepark\Desktop\1.5 Metre Metal Plug, Gold Plated, OFC Scart Cable 1.5M Amazon.co.uk Electronics.url
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/08/28 14:52:47 | 000,001,132 | ---- | M] () -- C:\Users\daviepark\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/08/28 14:37:37 | 001,491,371 | ---- | M] () -- C:\Users\daviepark\Desktop\esa1.pdf
[2012/08/28 11:44:07 | 000,618,227 | ---- | M] () -- C:\Users\daviepark\Desktop\adwcleaner.exe
[2012/08/27 16:19:06 | 000,000,228 | ---- | M] () -- C:\Users\daviepark\Desktop\Panasonic TXL32E5B-www.buydigital.tv.url
[2012/08/27 16:09:14 | 000,000,247 | ---- | M] () -- C:\Users\daviepark\Desktop\[Active] - Another victim of Sirefef; PC rebooting after 1 min - TechSpot Forums.url
[2012/08/27 15:12:39 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/08/27 14:31:53 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\daviepark\Desktop\ComboFix.exe
[2012/08/26 00:16:55 | 000,621,742 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/08/26 00:16:55 | 000,108,792 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/08/18 13:18:08 | 000,043,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\xcqchxec.sys
[2012/08/18 11:38:44 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/08/18 11:08:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/18 11:08:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/08/15 16:57:16 | 000,000,241 | ---- | M] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
[2012/08/15 16:52:51 | 000,000,266 | ---- | M] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
[2012/08/15 01:00:23 | 000,010,547 | ---- | M] () -- C:\Users\daviepark\Documents\Untitled 1.odt
[2012/08/15 00:50:50 | 000,000,240 | ---- | M] () -- C:\Users\daviepark\Desktop\Royal Babylon Part 1 - Video Dailymotion.url
[2012/08/14 01:11:49 | 000,000,240 | ---- | M] () -- C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
[2012/08/07 22:45:12 | 000,915,929 | ---- | M] () -- C:\Users\daviepark\Desktop\Nick Hornby - A Long Way Down.pdf

========== Files Created - No Company Name ==========

[2012/09/05 15:16:08 | 000,000,265 | ---- | C] () -- C:\Users\daviepark\Desktop\Sky box upgrades - Claim your free Sky+HD box - Upgrade now.url
[2012/09/05 01:35:49 | 000,000,320 | ---- | C] () -- C:\Users\daviepark\Desktop\Panasonic TX-L32E5B review Verdict Plasma and lcd tvs Reviews TechRadar.url
[2012/09/05 00:11:18 | 000,000,301 | ---- | C] () -- C:\Users\daviepark\Desktop\Vivanco SBX 95SE 4-Way AV Scart Switcher Box eBay.url
[2012/09/04 23:57:57 | 000,000,282 | ---- | C] () -- C:\Users\daviepark\Desktop\Amazon.co.uk Customer Reviews AV Control Box (3 scart) - Full RGB!!! Vivanco SBX-94SE.url
[2012/09/04 23:50:04 | 000,000,238 | ---- | C] () -- C:\Users\daviepark\Desktop\Automatic 3-way Scart Switch Box - 3 Inputs - 1 output Amazon.co.uk Electronics.url
[2012/09/04 16:11:33 | 000,000,244 | ---- | C] () -- C:\Users\daviepark\Desktop\1.5 Metre Metal Plug, Gold Plated, OFC Scart Cable 1.5M Amazon.co.uk Electronics.url
[2012/08/28 14:52:47 | 000,001,132 | ---- | C] () -- C:\Users\daviepark\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/08/28 14:37:37 | 001,491,371 | ---- | C] () -- C:\Users\daviepark\Desktop\esa1.pdf
[2012/08/28 11:43:59 | 000,618,227 | ---- | C] () -- C:\Users\daviepark\Desktop\adwcleaner.exe
[2012/08/27 16:19:06 | 000,000,228 | ---- | C] () -- C:\Users\daviepark\Desktop\Panasonic TXL32E5B-www.buydigital.tv.url
[2012/08/27 16:09:14 | 000,000,247 | ---- | C] () -- C:\Users\daviepark\Desktop\[Active] - Another victim of Sirefef; PC rebooting after 1 min - TechSpot Forums.url
[2012/08/27 14:47:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/08/27 14:47:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/08/27 14:47:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/08/27 14:47:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/08/27 14:47:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/08/18 13:35:40 | 000,225,664 | ---- | C] () -- C:\windows\System32\drivers\DasBootS.SYS
[2012/08/18 13:35:40 | 000,059,272 | ---- | C] () -- C:\windows\System32\drivers\DasBootF.SYS
[2012/08/18 13:35:40 | 000,027,528 | ---- | C] () -- C:\windows\System32\drivers\DasBootK.SYS
[2012/08/18 13:35:40 | 000,009,096 | ---- | C] () -- C:\windows\System32\drivers\DasBootI.SYS
[2012/08/18 13:35:40 | 000,009,096 | ---- | C] () -- C:\windows\System32\drivers\DasBootE.SYS
[2012/08/18 13:35:40 | 000,003,072 | ---- | C] () -- C:\windows\System32\drivers\DasBootD.SYS
[2012/08/18 13:35:38 | 000,020,744 | ---- | C] () -- C:\windows\System32\drivers\DasBoot.SYS
[2012/08/18 11:38:22 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/18 03:24:58 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 16:57:16 | 000,000,241 | ---- | C] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-large-format-printers-127-c.asp.url
[2012/08/15 16:52:51 | 000,000,266 | ---- | C] () -- C:\Users\daviepark\Desktop\http--www.ipfstore.co.uk-canon-imageprograf-ipf6300s-a1-24-production-printer-798-p.asp.url
[2012/08/14 01:11:48 | 000,000,240 | ---- | C] () -- C:\Users\daviepark\Desktop\Metacam 1.5mg-ml Oral Suspension for dogs POM-Hyperdrug.url
[2012/08/08 00:53:06 | 000,000,916 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
[2012/08/08 00:53:02 | 000,000,864 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
[2012/08/07 22:45:11 | 000,915,929 | ---- | C] () -- C:\Users\daviepark\Desktop\Nick Hornby - A Long Way Down.pdf
[2012/07/04 01:00:28 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/12/26 04:24:55 | 000,584,584 | ---- | C] () -- C:\windows\adb.exe
[2011/08/04 21:45:15 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/07/11 16:49:45 | 000,172,005 | ---- | C] () -- C:\windows\hpoins47.dat
[2011/07/11 16:49:45 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl47.dat
[2010/10/18 00:03:13 | 000,007,168 | ---- | C] () -- C:\Users\daviepark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 19:53:27 | 000,000,708 | ---- | C] () -- C:\Users\daviepark\AppData\Roaming\wklnhst.dat
 
OTL.txt pt2;

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ShowIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\HideIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ReinstallCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\shell\open\command\\: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 23:08:36 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 23:08:43 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ShowIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\HideIconsCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\InstallInfo\\ReinstallCommand: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.TWTYN3MOYYOOSC6D645PGLAW44\shell\open\command\\: "C:\Users\alipark\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/12/06 17:41:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/06 17:42:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2010/12/29 12:45:07 | 000,944,496 | ---- | M] (Opera Software)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/08/18 13:18:08 | 000,043,480 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\xcqchxec.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2010/12/01 02:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\4Media
[2010/12/01 12:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/12/18 20:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Calibre2
[2010/08/23 01:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/08/27 15:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/12/06 14:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/12/27 22:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\EMC Corporation
[2010/10/18 01:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\Eraser
[2012/08/29 12:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/05/03 00:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\File Shredder
[2012/08/28 14:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/01/21 14:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\FSP
[2011/09/27 02:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\GetFLV
[2011/06/09 14:25:50 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/07/01 00:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2011/07/11 16:52:48 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2012/07/04 09:46:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/01/18 14:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/03/03 12:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/11 20:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\IZArc
[2010/08/19 19:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2012/08/31 10:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/30 16:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2011/05/03 00:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\LSoft Technologies
[2010/01/18 14:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/09/18 21:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/08/19 19:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/08/18 11:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2012/03/03 12:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/18 14:34:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/14 12:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/21 15:03:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/09/05 23:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/07/20 17:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/09/21 21:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\Nikki the Ninja
[2010/12/22 13:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2010/10/21 21:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\NWBusinessSoftware
[2010/11/04 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/29 12:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/01/18 15:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/11 21:57:13 | 000,000,000 | ---D | M] -- C:\Program Files\Serif
[2012/08/08 04:13:56 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/18 14:58:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2010/10/16 12:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\TweetDeck
[2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/11 10:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/08/04 22:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/12/06 14:07:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/12/22 14:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Grep
[2011/02/01 12:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/12/06 14:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/12/06 14:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/12/06 14:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/12/06 14:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/12/06 14:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/10/11 19:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/12/26 04:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE Handset USB Driver

< %appdata%\*.* >
[2012/06/08 12:40:38 | 000,000,708 | ---- | M] () -- C:\Users\daviepark\AppData\Roaming\wklnhst.dat

< MD5 for: AFD.SYS >
[2011/04/25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\erdnt\cache\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\System32\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010/11/20 13:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
[2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011/03/03 06:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011/03/03 06:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009/07/14 02:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011/03/03 06:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/08/17 23:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Users\alipark\AppData\Local\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
[2012/08/14 05:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Users\alipark\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Users\daviepark\AppData\Local\Temp\es.dll
[2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache\es.dll
[2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/01/21 16:57:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/01/21 16:57:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 09:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010/11/20 09:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/14 00:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\erdnt\cache\netman.dll
[2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2009/07/14 02:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll
[2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/09/29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011/09/29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2010/04/09 08:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010/04/09 08:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\erdnt\cache\tcpip.sys
[2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\System32\drivers\tcpip.sys
[2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011/04/25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2010/06/14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys
[2010/11/20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010/11/20 09:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009/07/14 00:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/14 02:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
[2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
[2010/12/21 06:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
[2010/12/21 06:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 298 bytes -> C:\windows\System32\drivers\xcqchxec.sys:changelist
 
EXTRAS.txt

OTL Extras logfile created on: 06/09/2012 15:38:20 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\daviepark\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 387.25 Mb Available Physical Memory | 38.21% Memory free
1.99 Gb Paging File | 1.29 Gb Available in Paging File | 64.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.07 Gb Total Space | 47.11 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: ALIPARK-PC | User Name: daviepark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{98D7312F-8CB5-4267-9F8C-2A02CFE0B267}C:\users\daviepark\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\daviepark\downloads\utorrent.exe |
"UDP Query User{0736DAA2-431B-47E6-A040-DCC675143368}C:\users\daviepark\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\daviepark\downloads\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{C0EC185F-33F7-4858-B947-672A5FCD7DBD}" = calibre
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFA27A6C-DF46-568B-4BB1-1DBD064F67A8}" = TweetDeck
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"File Shredder_is1" = File Shredder 2.0
"Foxit Reader_is1" = Foxit Reader
"GetFLV_is1" = GetFLV 9.0.4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hott notes 4" = hott notes 4
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"NatWest Business Software" = NatWest Business Software
"Notepad++" = Notepad++
"Opera 11.00.1156" = Opera 11.00
"Picasa 3" = Picasa 3
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"Windows Grep_is1" = Windows Grep 2.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"4Media PDF to EPUB Converter" = 4Media PDF to EPUB Converter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/09/2012 17:10:26 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 05/09/2012 17:10:26 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 05/09/2012 17:10:27 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 05/09/2012 17:10:27 | Computer Name = alipark-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 05/09/2012 18:04:30 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
Description = The program UNKNOWN version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: a54 Start Time:
01cd8bb0c0fd5b95 Termination Time: 60000 Application Path: UNKNOWN Report Id:

Error - 05/09/2012 18:06:06 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
Description = The program UNKNOWN version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 7e0 Start Time:
01cd8b9bc97ee1a6 Termination Time: 60000 Application Path: UNKNOWN Report Id: afc1db93-f7a5-11e1-a089-001a13bb75f7

Error - 05/09/2012 18:21:50 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c40 Start
Time: 01cd8bb305128821 Termination Time: 63 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 08bf7c29-f7a8-11e1-a089-001a13bb75f7

Error - 05/09/2012 20:30:30 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bcc Start
Time: 01cd8bbe408a5ed6 Termination Time: 42 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 06/09/2012 10:14:46 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.61.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e1c Start Time:
01cd8c36c18230cb Termination Time: 15 Application Path: C:\Users\daviepark\Desktop\OTL.exe
Report
Id:

Error - 06/09/2012 10:34:26 | Computer Name = alipark-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.61.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 950 Start Time:
01cd8c3a01e625d5 Termination Time: 16 Application Path: C:\Users\daviepark\Desktop\OTL.exe
Report
Id:

[ System Events ]
Error - 05/09/2012 21:21:18 | Computer Name = alipark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 05/09/2012 21:31:18 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 05/09/2012 21:31:18 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 06/09/2012 06:37:41 | Computer Name = alipark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 06/09/2012 06:47:31 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 06/09/2012 06:47:31 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 06/09/2012 08:47:38 | Computer Name = alipark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 06/09/2012 08:59:30 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 06/09/2012 08:59:30 | Computer Name = alipark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 06/09/2012 10:12:17 | Computer Name = alipark-PC | Source = DCOM | ID = 10010
Description =


< End of report >
 
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    IE - HKCU\..\SearchScopes\{742B8DE7-D75C-44E1-A4BB-12100C0CE82B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    [2012/08/29 12:03:46 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Let me know how your computer acts now.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back