Solved Is my computer infected by malware?

[NCISabbyfan]

Here are the results of ComboFix. As I disabled only Comodo anti-virus, I got a small number of Comodo pop-ups before and during the process of ComboFix requesting me to grant permission to run ComboFix. One was said to run in partially sandboxed mode, but everything ran smoothly:

ComboFix 13-08-04.01 - David 04/08/2013 11:05:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.950 [GMT 1:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\TempDIR
c:\users\David\videos\hpusetup.exe
c:\users\David\videos\install_flashplayer11x32axau_gtbd_chrd_dn_aih.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-07-04 to 2013-08-04 )))))))))))))))))))))))))))))))
.
.
2013-08-03 16:58 . 2013-08-03 17:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-29 16:42 . 2013-07-29 16:43 -------- d-s---w- c:\programdata\Shared Space
2013-07-29 00:15 . 2013-08-04 10:01 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-07-28 22:13 . 2013-07-28 22:13 -------- d-----w- c:\programdata\Innovative Solutions
2013-07-28 22:13 . 2013-07-28 22:13 -------- d-----w- c:\users\David\AppData\Local\Innovative Solutions
2013-07-28 22:13 . 2013-07-28 22:13 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2013-07-28 22:13 . 2009-11-05 12:24 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2013-07-28 22:13 . 2013-07-28 22:13 -------- d-----w- c:\program files\Innovative Solutions
2013-07-27 17:21 . 2013-07-27 17:21 -------- d-----w- c:\programdata\VS Revo Group
2013-07-23 18:57 . 2013-07-23 18:57 -------- d-----w- c:\users\David\AppData\Local\VS Revo Group
2013-07-23 16:34 . 2013-07-23 16:34 -------- d-----w- c:\program files\HitmanPro
2013-07-23 16:09 . 2013-07-23 16:27 -------- d-----w- c:\programdata\HitmanPro
2013-07-10 22:28 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-23 22:07 . 2012-04-09 06:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-23 22:07 . 2011-05-17 06:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-08 20:59 . 2013-06-18 15:15 583448 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-18 15:16 . 2013-06-18 15:16 85464 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 15:15 . 2013-06-18 15:15 43216 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:15 . 2013-06-18 15:15 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-06-18 15:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-06-18 15:15 348584 ----a-w- c:\windows\system32\guard32.dll
2013-06-18 15:15 . 2013-06-18 15:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-06-18 15:15 . 2013-06-18 15:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-05-08 04:37 . 2013-06-12 18:45 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" [2012-11-16 529888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-29 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2008-07-29 557149]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 154136]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1464536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backupExtension=.Startup
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 11:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 10:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:07]
.
2013-08-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-02-01 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com?fr=fp-comodo
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41}: NameServer = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 11:13
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:30,35,8b,dc,2d,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\guard32.dll
.
Completion time: 2013-08-04 11:16:55
ComboFix-quarantined-files.txt 2013-08-04 10:16
.
Pre-Run: 128,352,628,736 bytes free
Post-Run: 128,467,202,048 bytes free
.
- - End Of File - - 3CE22F0A224DBCEE1C3207331AF88887
5C616939100B85E558DA92B899A0FC36

 

[NCISabbyfan]

Quickly skimming through the above, I thought I'd completely uninstalled Revo.

Advanced Uninstaller PRO 11 (which I didn't have when I uninstalled Revo) is much better at removing leftover traces that "Add/Remove Programs" misses.

Upon opening the Folder that created itself automatically on my Desktop, which I had to restore from the Recycle Bin, it opens the entire contents of the hard drive, so "Documents", "Videos", etc. Why it's ended up on my Desktop is beyond me, but if there's a way of saving the contents of the Folder, but removing the Desktop folder, that would be great. Clearly, it's the stubborn LogMeIn that's caused this.

 

[Broni]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[NCISabbyfan]

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 18:08:54
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\David\AppData\Local\PackageAware
Folder Deleted : C:\Users\David\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1790 octets] - [04/08/2013 18:08:54]

########## EOF - C:\AdwCleaner[S1].txt - [1850 octets] ##########

 

[NCISabbyfan]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.2 (08.03.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by David on 04/08/2013 at 18:19:28.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2013 at 18:23:45.53
End of JRT log

 

[NCISabbyfan]

OTL logfile created on: 04/08/2013 18:26:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.38% Memory free
4.22 Gb Paging File | 3.10 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 119.42 Gb Free Space | 51.28% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 18:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/08/03 13:20:03 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/07/14 11:57:38 | 001,821,384 | ---- | M] () -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
PRC - [2013/07/08 21:59:39 | 004,801,304 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2013/07/08 21:59:06 | 009,044,696 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe
PRC - [2013/07/08 21:59:06 | 001,464,536 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
PRC - [2013/06/18 16:15:28 | 001,839,832 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/16 16:32:06 | 000,529,888 | ---- | M] (NerdoftheHerd.com) -- C:\Program Files\Radio Downloader\Radio Downloader.exe
PRC - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/09/01 17:31:26 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2009/08/21 11:36:46 | 000,878,080 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe
PRC - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/07/29 12:36:49 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe
PRC - [2008/07/29 12:36:48 | 000,557,149 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
PRC - [2008/05/29 01:06:02 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/11 00:57:39 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c7b6efda1a28f37adc2cd7e5b4ed687b\Microsoft.VisualBasic.ni.dll
MOD - [2013/07/11 00:54:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59375bfcbdf9a51a963b71c10f6204d4\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 00:54:51 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b369565297de5b18e488962a43164f59\System.Transactions.ni.dll
MOD - [2013/07/11 00:54:49 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\632affb16da1970ae3d40574d7356977\System.EnterpriseServices.ni.dll
MOD - [2013/07/11 00:54:35 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\798504f7455735fbc9abe8d6ebe73f03\System.Configuration.ni.dll
MOD - [2013/07/11 00:52:38 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll
MOD - [2013/07/11 00:52:05 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll
MOD - [2013/07/11 00:51:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll
MOD - [2013/07/11 00:51:24 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\40569a773af7fcc0d27e7557898a74b7\System.Data.ni.dll
MOD - [2013/07/11 00:50:07 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013/07/11 00:49:53 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/29 12:36:49 | 000,364,544 | ---- | M] () -- C:\Program Files\Thomson\ST330\diagnostics\qwt.dll
MOD - [2008/07/29 12:36:48 | 004,222,976 | ---- | M] () -- C:\Program Files\Thomson\ST330\diagnostics\qt-mt332.dll


========== Services (SafeList) ==========

SRV - [2013/08/03 13:20:03 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/07/23 23:07:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/14 11:57:38 | 001,821,384 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
SRV - [2013/07/08 21:59:39 | 004,801,304 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/06/18 16:15:28 | 000,127,192 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2008/07/29 12:36:49 | 000,581,632 | ---- | M] () [Auto | Running] -- C:\Program Files/Thomson/ST330/service/st330service.exe -- (st330service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/07/08 21:59:45 | 000,583,448 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/06/18 16:16:00 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/06/18 16:15:58 | 000,043,216 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/06/18 16:15:56 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/29 12:36:49 | 000,035,328 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stppp.sys -- (stppp)
DRV - [2008/07/29 12:36:49 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\st330.sys -- (ST330)
DRV - [2008/07/29 12:36:49 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stbus.sys -- (STBUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com?fr=fp-comodo
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 1B 76 1A 53 31 CE 01 [binary data]
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()


[2013/04/08 08:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2013/08/04 11:13:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: [diagnostics] C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-1078621116-359186801-1165392699-1000..\Run: [Radio Downloader] C:\Program Files\Radio Downloader\Radio Downloader.exe (NerdoftheHerd.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4BCBEB3-1FF3-4CB6-878B-E568516CAE41}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/04 18:25:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/08/04 18:19:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/04 18:14:56 | 000,561,889 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\David\Desktop\JRT.exe
[2013/08/04 11:17:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/04 11:16:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/04 11:04:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/04 11:04:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/04 11:04:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/04 11:03:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/08/04 11:03:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/04 11:03:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/04 10:49:51 | 005,099,708 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/08/03 23:01:49 | 000,000,000 | R--D | C] -- C:\Users\David\Desktop
[2013/08/03 17:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/03 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\mbar-1.06.0.1004
[2013/08/03 16:41:28 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/08/03 14:30:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\David\Desktop\dds.com
[2013/07/29 17:42:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013/07/28 23:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/07/28 23:13:58 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013/07/28 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Innovative Solutions
[2013/07/28 23:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2013/07/28 23:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/07/28 23:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2013/07/27 18:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/07/25 21:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/07/23 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\VS Revo Group
[2013/07/23 17:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/07/23 17:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/07/23 17:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/07/20 09:38:14 | 000,000,000 | ---D | C] -- C:\Windows\pss

========== Files - Modified Within 30 Days ==========

[2013/08/04 18:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/08/04 18:16:13 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/08/04 18:15:05 | 000,561,889 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\David\Desktop\JRT.exe
[2013/08/04 18:12:35 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 18:12:35 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 18:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/04 18:06:17 | 000,666,633 | ---- | M] () -- C:\Users\David\Desktop\adwcleaner.exe
[2013/08/04 18:04:32 | 000,000,194 | ---- | M] () -- C:\Users\David\AppData\Roaming\default.rss
[2013/08/04 18:02:40 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/08/04 17:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/04 17:42:14 | 000,002,627 | ---- | M] () -- C:\Users\David\Desktop\Word 2007.lnk
[2013/08/04 11:13:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/04 10:50:18 | 005,099,708 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/08/03 17:21:52 | 013,399,154 | ---- | M] () -- C:\Users\David\Desktop\mbar-1.06.0.1004.zip
[2013/08/03 16:40:53 | 000,916,992 | ---- | M] () -- C:\Users\David\Desktop\RogueKiller.exe
[2013/08/03 14:30:50 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\David\Desktop\dds.com
[2013/08/02 23:43:04 | 000,437,660 | ---- | M] () -- C:\Users\David\Desktop\HitmanPro 3.7.7 - Scan Results Friday 2 August 2013.jpg
[2013/07/31 10:51:26 | 012,467,822 | ---- | M] () -- C:\Users\David\Desktop\Legs & Co - Come on Dance, Dance - TOTP TX 20071978 - Video Dailymotion.flv
[2013/07/31 10:51:01 | 011,064,397 | ---- | M] () -- C:\Users\David\Desktop\Legs & Co - Come Back And Finish What You Started - TOTP TX 27071978 - Video Dailymotion.flv
[2013/07/31 10:51:00 | 019,630,852 | ---- | M] () -- C:\Users\David\Desktop\Legs & Co - How Can This Be Love - TOTP TX 27071978 - Video Dailymotion.flv
[2013/07/31 10:50:50 | 018,722,222 | ---- | M] () -- C:\Users\David\Desktop\Legs & Co - Baby Stop Crying - TOTP TX 10081978 - Video Dailymotion.flv
[2013/07/31 10:50:47 | 018,164,148 | ---- | M] () -- C:\Users\David\Desktop\Legs & Co - Don't Stop Now - TOTP TX 03081978 - Video Dailymotion.flv
[2013/07/30 17:10:15 | 000,061,952 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/30 08:20:41 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/29 17:43:52 | 000,000,545 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/07/29 01:02:25 | 000,000,660 | ---- | M] () -- C:\Windows\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2013/07/28 23:13:56 | 000,002,216 | ---- | M] () -- C:\Users\David\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/28 23:13:56 | 000,002,112 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller PRO 11.lnk
[2013/07/27 23:43:56 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/07/25 19:21:54 | 000,002,585 | ---- | M] () -- C:\Users\David\Desktop\Excel 2007.lnk
[2013/07/23 17:34:50 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/07/23 17:16:23 | 000,000,346 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/07/18 17:13:29 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/11 00:46:42 | 000,371,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/08 21:59:45 | 000,583,448 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

========== Files Created - No Company Name ==========

[2013/08/04 18:06:14 | 000,666,633 | ---- | C] () -- C:\Users\David\Desktop\adwcleaner.exe
[2013/08/04 11:04:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/04 11:04:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/04 11:04:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/04 11:04:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/04 11:04:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/03 17:21:44 | 013,399,154 | ---- | C] () -- C:\Users\David\Desktop\mbar-1.06.0.1004.zip
[2013/08/03 16:40:50 | 000,916,992 | ---- | C] () -- C:\Users\David\Desktop\RogueKiller.exe
[2013/08/02 23:44:20 | 000,437,660 | ---- | C] () -- C:\Users\David\Desktop\HitmanPro 3.7.7 - Scan Results Friday 2 August 2013.jpg
[2013/07/31 10:48:01 | 019,630,852 | ---- | C] () -- C:\Users\David\Desktop\Legs & Co - How Can This Be Love - TOTP TX 27071978 - Video Dailymotion.flv
[2013/07/31 10:48:01 | 018,164,148 | ---- | C] () -- C:\Users\David\Desktop\Legs & Co - Don't Stop Now - TOTP TX 03081978 - Video Dailymotion.flv
[2013/07/31 10:48:01 | 012,467,822 | ---- | C] () -- C:\Users\David\Desktop\Legs & Co - Come on Dance, Dance - TOTP TX 20071978 - Video Dailymotion.flv
[2013/07/31 10:48:01 | 011,064,397 | ---- | C] () -- C:\Users\David\Desktop\Legs & Co - Come Back And Finish What You Started - TOTP TX 27071978 - Video Dailymotion.flv
[2013/07/31 10:47:57 | 018,722,222 | ---- | C] () -- C:\Users\David\Desktop\Legs & Co - Baby Stop Crying - TOTP TX 10081978 - Video Dailymotion.flv
[2013/07/29 17:43:53 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/29 17:43:52 | 000,000,545 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/07/29 01:15:03 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/07/29 01:02:25 | 000,000,660 | ---- | C] () -- C:\Windows\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2013/07/28 23:13:56 | 000,002,216 | ---- | C] () -- C:\Users\David\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/28 23:13:56 | 000,002,112 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller PRO 11.lnk
[2013/07/28 23:13:56 | 000,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/07/28 23:13:53 | 000,042,496 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl
[2013/07/23 17:34:50 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/07/23 17:16:23 | 000,000,346 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/04/23 20:25:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/11/13 01:16:37 | 000,038,444 | ---- | C] () -- C:\Users\David\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/02/12 22:31:20 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2012/02/12 22:31:20 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012/02/12 22:31:20 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012/02/12 22:31:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011/02/15 18:46:07 | 000,000,552 | ---- | C] () -- C:\Users\David\AppData\Local\d3d8caps.dat
[2011/02/15 18:41:44 | 000,000,194 | ---- | C] () -- C:\Users\David\AppData\Roaming\default.rss
[2010/05/05 12:19:31 | 000,000,036 | ---- | C] () -- C:\Users\David\AppData\Local\housecall.guid.cache
[2009/11/27 16:44:04 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\prvlcl.dat
[2008/07/29 13:11:09 | 000,061,952 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/18 00:24:49 | 000,001,356 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/01/25 10:22:38 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\aAvgApi
[2013/07/28 23:41:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG
[2011/06/28 08:44:17 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG9
[2013/02/02 01:28:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GlarySoft
[2013/04/23 07:38:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Image Zone Express
[2011/05/24 13:03:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LogSys
[2012/10/21 00:43:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\NerdoftheHerd.com
[2012/12/17 09:45:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Orbit
[2010/04/04 23:54:25 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Printer Info Cache
[2013/06/10 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TuneUp Software
[2012/01/07 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\www.nerdoftheherd.com
[2013/01/30 23:27:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/30 23:27:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:73E95297

< End of report >

 

[NCISabbyfan]

OTL Extras logfile created on: 04/08/2013 18:26:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.38% Memory free
4.22 Gb Paging File | 3.10 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 119.42 Gb Free Space | 51.28% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1078621116-359186801-1165392699-1000\SOFTWARE\Classes\<extension>]
.html [@ = IceDragonHTML] -- C:\Program Files\Comodo\IceDragon\icedragon.exe (COMODO Security Solutions)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D13ACCE-8090-4921-88C6-952F700AE2B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21ED8254-94ED-42DA-B65B-C1D32A88FE36}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{529F8E9B-825E-4B64-922F-4AFC90921048}" = protocol=17 | dir=in | app=c:\program files\thomson\st330\service\st330service.exe |
"{8A7E76EC-1597-4B92-8B7E-9155EA942690}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C9426F3-94CF-4E6E-AC85-09228AF7AB4C}" = protocol=6 | dir=in | app=c:\program files\thomson\st330\service\st330service.exe |
"{DA7D2934-4AE6-46BF-B1A1-3789C7EB5F8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F763454C-D084-49F3-B729-5F42718F3D1B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{05E12187-7BB5-4B78-AFE9-63904F7B96FA}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7D329F87-BD0B-42B0-8AAB-600B9B5A598A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FF2654BE-1F01-46BF-B323-D35868D1C355}C:\program files\comodo\icedragon\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\comodo\icedragon\plugin-container.exe |
"UDP Query User{68A0175B-886D-46CB-B42C-CA320A887898}C:\program files\comodo\icedragon\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\comodo\icedragon\plugin-container.exe |
"UDP Query User{7166E409-7B3F-4582-B733-2F269D3AA7ED}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B2DB8D85-5817-4296-9BA2-1911620196DB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{016A5051-8705-44BB-8A83-770E2BC3781D}" = Radio Downloader
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Internet Security Premium
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CDD76AEA-C445-4B46-92E4-5E471E8783FE}" = PowerAdapter
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{dcda0e2b-0075-43fd-8b94-7b363e33b133}" = Nero 9
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E14B8A08-42B3-4676-9E91-1D39F8158DA1}" = HP Print Diagnostic Utility
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo IceDragon" = Comodo IceDragon
"Defraggler" = Defraggler
"Glary Utilities_is1" = Glary Utilities 2.53.0.1726
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROR" = Microsoft Office Professional 2007
"Speccy" = Speccy
"SpeedTouch 330" = SpeedTouch 330
"Tracks Eraser Pro_is1" = Tracks Eraser Pro v8.0 build 1000
"Works" = Microsoft Works 4.5

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 19/12/2008 14:29:22 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4374
seconds with 780 seconds of active time. This session ended with a crash.

Error - 19/12/2008 20:34:38 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12043
seconds with 4740 seconds of active time. This session ended with a crash.

Error - 22/12/2008 10:19:55 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4797
seconds with 420 seconds of active time. This session ended with a crash.

Error - 02/02/2009 14:27:10 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1555
seconds with 60 seconds of active time. This session ended with a crash.

Error - 07/02/2009 20:12:39 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43099
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 20/04/2011 14:38:01 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2135
seconds with 300 seconds of active time. This session ended with a crash.

Error - 17/05/2011 17:48:40 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 53622
seconds with 4080 seconds of active time. This session ended with a crash.

Error - 11/06/2011 06:48:41 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15433
seconds with 3600 seconds of active time. This session ended with a crash.

Error - 11/06/2011 07:50:21 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3683
seconds with 540 seconds of active time. This session ended with a crash.

Error - 28/05/2012 17:34:45 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13150
seconds with 3060 seconds of active time. This session ended with a crash.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O3 - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O18 - Protocol\Handler\linkscanner - No CLSID value found
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:73E95297

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[NCISabbyfan]

HitmanPro has stated that JRT.exe is a Trojan.

Is this a false positive?, as this sounds like the Junkware Removal Tool that I used earlier.

It sounds like HitmanPro varies in its scan results as to whether they're accurate or false positives, as my first day of my free trial of this program had definite junk removed, then just a few days ago, it said I had several Trojans, which you dismissed. Although this could be another false positive, I felt it best to check this with you first before deleting or ignoring the JRT.exe removal request.

I don't know if all scans should be done concurrently on the same day, but I'll start on the first one and continue with the rest tomorrow, posting results as and when completed.

In the event, I didn't get around to reinstalling Spyware Blaster (as I couldn't find a way to disable it), as I believe it runs in real-time. As far as I know, this is a safe program, so in that case, I'll reinstall it as soon as I've completed all the results and you've given me the all clear.

 

[NCISabbyfan]

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service FXDrv32 stopped successfully!
Service FXDrv32 deleted successfully!
File D:\FXDrv32.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\David\AppData\Local\Temp\catchme.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078621116-359186801-1165392699-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10CECF4F-A96E-4803-8AC2-F565FB29FF47} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10CECF4F-A96E-4803-8AC2-F565FB29FF47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
Unable to delete ADS C:\ProgramData\TEMP:73E95297 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 2515622 bytes
->Temporary Internet Files folder emptied: 3753798 bytes
->Flash cache emptied: 666 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21055 bytes
RecycleBin emptied: 2136040 bytes

Total Files Cleaned = 8.00 mb


[EMPTYJAVA]

User: All Users

User: David

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08042013_222826

Files\Folders moved on Reboot...
File\Folder C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3A37E235-13C2-4298-8A84-257A2320847D}.tmp not found!
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{47BA42E2-960C-4737-B814-CBD78774864A}.tmp moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5E7F108F-166D-4BB1-AA61-338B739C56E5}.tmp moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{706481EF-0AA4-4D3E-8F58-E36A3563F8C0}.tmp moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7BE1F827-9B80-4C77-BCF1-10ED4E6478D3}.tmp moved successfully.
File\Folder C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{80D53946-1D3B-420C-9DFA-FC9598881FFA}.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[NCISabbyfan]

Results of screen317's Security Check version 0.99.71
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

 

[Broni]

Is this a false positive?

Absolutely.

 

[NCISabbyfan]

Farbar Service Scanner Version: 04-08-2013
Ran by David (administrator) on 04-08-2013 at 22:54:39
Running from "C:\Users\David\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[NCISabbyfan]

Eset has found no viruses.

I was going to do most of these scans what is now later today here, but thought I'd complete them all so they're concurrent.

However, during its scan it found AVG anti-virus, Comodo Geek Buddy and Dragon, so there must still be some traces of these, and Comodo anti-virus (even though this is temporarily disabled).

I've also noticed on the Desktop that "Internet Explorer" has been renamed "The Internet" for some reason. Not sure how that's happened, but it takes me to IE as before.

It looks like a few programs have removed junk and that my computer may possibly have been damaged, as you asked me to add in some files into OTL's Custom Scans/Fixes.

What are those files I copied and pasted?

As HitmanPro keeps coming up with false positives, I'll uninstall this completely tomorrow. It's not worth the risk. The information I read online about its modern version improvements is clearly misleading.

I'll come back to you shortly on the Desktop folder dilemma which opens up various folders from App Data to Videos including Documents and below these are several 2007 NTUser.dat files (2013 ones, but they were listed under LogMeIn).

 

[Broni]

during its scan it found AVG anti-virus

The only leftovers I can see are three folders:

-- C:\Users\David\AppData\Roaming\aAvgApi
-- C:\Users\David\AppData\Roaming\AVG
--C:\Users\David\AppData\Roaming\AVG9
They really don't matter but you can delete them manually.

As for Comodo, you use it so it'll show no matter disabled or not.

I've also noticed on the Desktop that "Internet Explorer" has been renamed "The Internet" for some reason

You can easily rename it back.

What are those files I copied and pasted?

I simply don't have time to explain every step we went through. In short there were leftovers or dead entries.

As HitmanPro keeps coming up with false positives, I'll uninstall this completely tomorrow.

Good move.

As for "Desktop" folder....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:

:folderfind
desktop

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[NCISabbyfan]

Outstanding AVG folders now deleted. Thanks.

As to Comodo, I can't trace Geekbuddy or Dragon, even though they have come up on scans, so they’re lingering around somewhere, but they're not in the Roaming folder.

I accidentally installed those components initially, uninstalled the Suite then reinstalled it minus them, but there are at least some traces still around and I want to remove them. I just can't find them, as scans are very fast giving little time to spot where things are.

One of the test programs must have renamed "Internet Explorer" to "The Internet". I'm puzzled why this happened but not bothered about it, provided any changes don't add malware to my computer. It's just that I've never had programs Automatically renamed before.

Those files I was enquiring for further details about are these only. All I understand is the latter information that 3 folders were being emptied and the program was being rebooted:

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O3 - HKU\S-1-5-21-1078621116-359186801-1165392699-1000\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O18 - Protocol\Handler\linkscanner - No CLSID value found
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:73E95297

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

It turns out I did the right thing not to include the word "Code" in the pasting, going by your underlining of your latest task referring to just content.

Good to see the Yahoo toolbar deleted among other junk that I didn’t know were in my computer. It thankfully sounds as though my computer wasn’t infested with malware after all or not as much as I thought, despite strange happenings, but the tests programs have put it in better shape.

HitManPro is now uninstalled and Spyware Blaster is re-installed.

 

[NCISabbyfan]

Here are the results of SystemLook.

The automatically added Desktop folder in question is “David”, which is identical to the folder that’s found through “Start” – “David”. It’s just that, prior to a few days ago when I uninstalled the remains of LogMeIn, the only way to access these folders and files was via the Start menu.

The Desktop folder has somehow mirrored its original location, but if I try to remove the Desktop folder, as it's identical, it takes everything with it to the Recycle Bin, which removes virtually every Desktop icon and would lose the entire contents of my folders and files.

When I formerly had a “LogMeIn Mirror Driver”, when I checked Malwarebytes’ Readme.rtf file, it said this, but as I couldn’t highlight “Y”, I still don’t know if the DDA driver was installed.

DDA driver was not installed which may be caused by rootkit activity.
Do you want to reboot the computer to install DDA driver (Scan will continue after reboot) (Y/N)?
Do I have or need the DDA driver installed?


SystemLook 30.07.11 by jpshortstuff
Log created at 12:13 on 05/08/2013 by David
Administrator - Elevation successful

========== folderfind ==========

Searching for "desktop"
C:\ProgramData\Desktop d--hs-- [13:02 02/11/2006]
C:\Users\All Users\Desktop d--hs-- [13:02 02/11/2006]
C:\Users\David\Desktop dr----- [22:01 03/08/2013]
C:\Users\Default\Desktop dr----- [11:18 02/11/2006]
C:\Users\Public\Desktop dr-h--- [11:18 02/11/2006]
C:\Windows\ServiceProfiles\LocalService\Desktop dr----- [12:47 02/11/2006]
C:\Windows\ServiceProfiles\NetworkService\Desktop dr----- [12:47 02/11/2006]

-= EOF =-

 

[Broni]

I don't see any traces of Geekbuddy.
Comodo IceDragon is listed in your list of installed programs. You can uninstall it if you don't use it.

One of the test programs must have renamed "Internet Explorer" to "The Internet". I'm puzzled why this happened but not bothered about it, provided any changes don't add malware to my computer. It's just that I've never had programs Automatically renamed before.

I already did comment on the above as well as on:

Those files I was enquiring for further details

The automatically added Desktop folder in question is “David”

I thought it was called "Desktop".
Re-run SystemLook with this code:

:folderfind
david

 

[NCISabbyfan]

I don't see any traces of Geekbuddy.​

​

I uninstalled the program itself, so there are traces only lingering around somewhere after the uninstallation, according to one of the scan programs, very likely OTL.​

​

Comodo IceDragon is listed in your list of installed programs. You can uninstall it if you don't use it.​

​

I use IceDragon (equivalent to Firefox) and wish to delete the traces of Dragon (equivalent to Internet Explorer). OTL was very likely the program that displayed the latter during its scan. All I can assume is that the traces of the two uninstalled programs are located somewhere in the registry.​

​

The automatically added Desktop folder in question is “David”​

I thought it was called "Desktop".

​

No. The duplicate folder is situated on the Desktop under my name.​

​

I've re-run SystemLook with the new code and here are the results:​

​

SystemLook 30.07.11 by jpshortstuff​

Log created at 21:02 on 05/08/2013 by David​

Administrator - Elevation successful​

​

========== folderfind ==========​

​

Searching for "david"​

C:\Qoobox\Quarantine\C\Users\David d------ [10:12 04/08/2013]​

C:\Users\David d------ [23:24 17/09/2007]​

C:\_OTL\MovedFiles\08042013_222826\C_Users\David d------ [21:31 04/08/2013]​

​

-= EOF =-​

 

[Broni]

If you show me GeekBuddy or Dragon traces in OTL log I'll be glad to take a look.
I don't see any.

SystemLook doesn't show any folder named "David" on your Desktop.

 

[NCISabbyfan]

If you show me GeekBuddy or Dragon traces in OTL log I'll be glad to take a look.
I don't see any.

Although I felt sure it was OTL, maybe it wasn't after all. It was definitely one of the scans, as it spun through several directory entries including "GeekBuddy" and "Dragon". I've since checked all the logs and only "IceDragon" appears on some, so I don't know where the other two are, but if they're miniscule space leftover folders, like AVG, and as we can't locate their remaining traces, I'll put them aside.

As to the "David" folder on the Desktop, it's definitely there. I'm not sure why SystemLook hasn't detected it.

Upon attempting to delete the Desktop folder (which I won't delete, as otherwise I'd lose all my programs, which I had to restore back from the Recycle Bin), this message comes up:

Confirm Delete

Are you sure you want to delete the David icon from your desktop?

The contents of this folder will not be deleted. You can restore this icon to the desktop by right-clicking on its icon in the start menu.

Yes No

This is very puzzling, as it says the contents of the folder won't be deleted, yet when I deleted this folder a few days ago, (as I've removed other folder icons from the Desktop previously without any repercussions), all but 3 icons vanished unexpectedly from the desktop and I quickly restored the folder back from the Recycle Bin to the Desktop upon discovering what happened, which reintroduced all the desktop icons prior to the deletion.

There were two folders in the Recycle Bin, as when I tried to restore both back to the Desktop, I got a prompt asking me if I wished to merge them, as the Desktops overlapped, one current, one from 2007.

I took up the Merge, but it then started saying “Are you sure you wish to merge...” some system file, might have been “Desktop.ini”. I then cancelled it, to play safe, and left the active Desktop contents intact. During one of the test programs’ scans, the contents of the Recycle Bin including the other Desktop were removed, but without any fatal results. However, the unwanted Desktop folder still remains, which I would delete, if it didn’t do the above.

All this has only happened since I uninstalled the last remnants of LogMeIn (the "LogMeInRemoteUser" folder), as when I still had LMI, it attached several files and folders under it like a magnet. During that time, there was no duplicate folder on the desktop of what is normally only under the Start menu – my “David” folder which comprises various applications from “App Data” through to “Videos” plus NTuser.dat files below them. My folder automatically created itself on the Desktop upon uninstalling the LMIRU folder, as I wanted to get shut of LMI, not realizing the problems it would add upon removing it. If it wasn’t for the Recycle Bin “Restore” option, I would have lost all my documents.

 

[Broni]

Can you post a screenshot showing "David" folder on your desktop?

 

[NCISabbyfan]

OK. Here's a screenshot of part of my Desktop with the "David" folder.

 

[Broni]

Re-run SystemLook with this code:

:dir
C:\Users\David\Desktop
C:\Windows\ServiceProfiles\NetworkService\Desktop
C:\Windows\ServiceProfiles\LocalService\Desktop
C:\Users\Public\Desktop
C:\Users\Default\Desktop
C:\Users\All Users\Desktop
C:\ProgramData\Desktop

 

[NCISabbyfan]

Thanks.

Here are the new SystemLook results:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:28 on 06/08/2013 by David
Administrator - Elevation successful

========== dir ==========

C:\Users\David\Desktop - Parameters: "(none)"

---Files---
100 off our Nostalgic Music Centres and Express delivery guaranteed - o... (8.69 KB).msg --a---- 27136 bytes [16:36 28/09/2009] [16:36 28/09/2009]
Access 2007.lnk --a---- 2609 bytes [00:25 28/07/2008] [08:38 14/07/2010]
Advanced Uninstaller PRO 11.lnk --a---- 2216 bytes [22:13 28/07/2013] [22:13 28/07/2013]
adwcleaner.exe --a---- 666633 bytes [17:06 04/08/2013] [17:06 04/08/2013]
attach.txt --a---- 9832 bytes [14:00 03/08/2013] [14:00 03/08/2013]
Audacity.aup --a---- 856 bytes [15:15 21/09/2008] [15:15 21/09/2008]
Audacity.lnk --a---- 752 bytes [12:08 29/07/2008] [12:08 29/07/2008]
Character Map.lnk --a---- 1643 bytes [14:04 08/09/2008] [14:04 08/09/2008]
ComboFix.exe -r----- 5099708 bytes [09:49 04/08/2013] [09:50 04/08/2013]
dds.com -ra---- 688992 bytes [13:30 03/08/2013] [13:30 03/08/2013]
dds.txt --a---- 10252 bytes [14:00 03/08/2013] [14:00 03/08/2013]
Desktop Screenshot - Duplicate Folder.jpg --a---- 1415161 bytes [21:27 06/08/2013] [21:27 06/08/2013]
desktop.ini --ahs-- 282 bytes [22:01 03/08/2013] [22:01 03/08/2013]
DNSBench.ini --a---- 2114 bytes [17:02 21/01/2013] [17:02 21/01/2013]
Documents.lnk --a---- 373 bytes [15:51 29/07/2008] [15:51 29/07/2008]
Excel 2007.lnk --a---- 2585 bytes [11:53 29/07/2008] [18:21 25/07/2013]
Extras.Txt --a---- 44162 bytes [17:33 04/08/2013] [17:33 04/08/2013]
FSS.exe --a---- 357143 bytes [21:51 04/08/2013] [21:51 04/08/2013]
FSS.txt --a---- 2626 bytes [21:54 04/08/2013] [21:54 04/08/2013]
Glary Utilities.lnk --a---- 863 bytes [22:37 01/02/2013] [21:08 06/02/2013]
HP Print Diagnostic Utility.lnk --a---- 1938 bytes [21:24 10/09/2009] [21:24 10/09/2009]
JavaRa-2.1.zip --a---- 143072 bytes [13:54 04/04/2013] [13:54 04/04/2013]
JRT.exe --a---- 561889 bytes [17:14 04/08/2013] [17:15 04/08/2013]
JRT.txt --a---- 634 bytes [17:23 04/08/2013] [17:23 04/08/2013]
Legs & Co - Baby Stop Crying - TOTP TX 10081978 - Video Dailymotion.flv --a---- 18722222 bytes [09:47 31/07/2013] [09:50 31/07/2013]
Legs & Co - Come Back And Finish What You Started - TOTP TX 27071978 - Video Dailymotion.flv --a---- 11064397 bytes [09:48 31/07/2013] [09:51 31/07/2013]
Legs & Co - Come on Dance, Dance - TOTP TX 20071978 - Video Dailymotion.flv --a---- 12467822 bytes [09:48 31/07/2013] [09:51 31/07/2013]
Legs & Co - Don't Stop Now - TOTP TX 03081978 - Video Dailymotion.flv --a---- 18164148 bytes [09:48 31/07/2013] [09:50 31/07/2013]
Legs & Co - How Can This Be Love - TOTP TX 27071978 - Video Dailymotion.flv --a---- 19630852 bytes [09:48 31/07/2013] [09:51 31/07/2013]
mbam-log-2013-08-03 (14-06-48).txt --a---- 1860 bytes [13:16 03/08/2013] [13:16 03/08/2013]
mbar-1.06.0.1004.zip --a---- 13399154 bytes [16:21 03/08/2013] [16:21 03/08/2013]
Microsoft Office Outlook.lnk --a---- 938 bytes [09:21 06/10/2012] [09:21 06/10/2012]
Microsoft Office PowerPoint 2007.lnk --a---- 2595 bytes [13:10 19/08/2008] [11:48 10/01/2010]
MicrosoftFixit50267.msi --a---- 980480 bytes [09:10 27/01/2013] [09:11 27/01/2013]
msert.exe --a---- 88373520 bytes [17:12 02/08/2013] [17:14 02/08/2013]
Nero Express.lnk --a---- 2319 bytes [15:12 12/03/2009] [15:12 12/03/2009]
Notepad.lnk --a---- 1699 bytes [15:16 31/07/2008] [15:16 31/07/2008]
OTL.exe --a---- 602112 bytes [17:25 04/08/2013] [17:25 04/08/2013]
OTL.Txt --a---- 58916 bytes [17:33 04/08/2013] [17:33 04/08/2013]
Publisher 2007.lnk --a---- 2555 bytes [00:25 28/07/2008] [06:40 27/08/2009]
Radio_Downloader-win32.msi --a---- 10174464 bytes [15:52 07/01/2012] [15:52 07/01/2012]
RKreport[0]_D_08032013_164805.txt --a---- 1651 bytes [15:48 03/08/2013] [15:48 03/08/2013]
RKreport[0]_S_08032013_164703.txt --a---- 1600 bytes [15:47 03/08/2013] [15:47 03/08/2013]
RogueKiller.exe --a---- 916992 bytes [15:40 03/08/2013] [15:40 03/08/2013]
SecurityCheck.exe --a---- 891098 bytes [21:36 04/08/2013] [21:36 04/08/2013]
SystemLook.exe --a---- 139264 bytes [10:48 05/08/2013] [10:48 05/08/2013]
SystemLook.txt --a---- 0 bytes [10:52 05/08/2013] [22:28 06/08/2013]
TFC.exe --a---- 448512 bytes [21:55 04/08/2013] [21:55 04/08/2013]
Top of the Pops - TOTP 2 Database 2006 Revised version - Shortcut.lnk --a---- 972 bytes [09:00 24/04/2010] [09:00 24/04/2010]
Tracks Eraser Pro.lnk --a---- 949 bytes [10:44 17/04/2010] [10:44 17/04/2010]
VundoFix - Shortcut.lnk --a---- 540 bytes [17:23 16/02/2010] [17:23 16/02/2010]
Windows Update.lnk --a---- 1641 bytes [12:50 02/11/2006] [12:50 02/11/2006]
Word 2007.lnk --a---- 2627 bytes [00:25 28/07/2008] [21:39 06/08/2013]

---Folders---
.exe Files d------ [09:30 07/04/2013]
JavaRa-2.1 d------ [13:54 04/04/2013]
mbar-1.06.0.1004 d------ [16:39 03/08/2013]
Registry Back Up files d------ [19:38 03/04/2013]
RK_Quarantine d------ [15:41 03/08/2013]

C:\Windows\ServiceProfiles\NetworkService\Desktop - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Windows\ServiceProfiles\LocalService\Desktop - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Users\Public\Desktop - Parameters: "(none)"

---Files---
Acrobat.com.lnk --a---- 874 bytes [09:13 25/08/2008] [09:13 25/08/2008]
Adobe Reader X.lnk --a---- 1892 bytes [12:59 16/09/2011] [12:59 16/09/2011]
Bitdefender Safepay.lnk --a---- 1854 bytes [15:56 06/08/2013] [15:56 06/08/2013]
Bitdefender Total Security.lnk --a---- 1902 bytes [15:56 06/08/2013] [15:56 06/08/2013]
CCleaner.lnk --a---- 804 bytes [16:00 03/04/2013] [16:13 18/07/2013]
Comodo IceDragon.lnk --a---- 927 bytes [07:49 01/02/2013] [07:36 04/03/2013]
Defraggler.lnk --a---- 1702 bytes [09:36 06/04/2013] [22:43 27/07/2013]
desktop.ini ---hs-- 174 bytes [12:50 02/11/2006] [02:43 21/01/2008]
HP Photosmart Essential.lnk --a---- 2027 bytes [11:56 29/07/2008] [11:56 29/07/2008]
iTunes.lnk --a---- 1664 bytes [14:52 06/06/2013] [14:52 06/06/2013]
Malwarebytes Anti-Malware.lnk --a---- 906 bytes [12:37 30/12/2011] [18:30 10/04/2013]
Nero BackItUp.lnk --a---- 2274 bytes [13:54 15/02/2011] [13:54 15/02/2011]
Nero StartSmart.lnk --a---- 2485 bytes [19:08 11/03/2009] [13:24 15/02/2011]
Power Adapter.lnk --a---- 669 bytes [14:45 15/10/2008] [14:45 15/10/2008]
QuickTime Player.lnk --a---- 1726 bytes [15:54 30/05/2013] [15:54 30/05/2013]
Speccy.lnk --a---- 776 bytes [16:24 04/04/2013] [16:24 04/04/2013]
SpeedTouch 330 diagnostics.lnk --a---- 747 bytes [11:37 29/07/2008] [11:37 29/07/2008]
SpywareBlaster.lnk --a---- 876 bytes [10:23 05/08/2013] [10:23 05/08/2013]
SUPERAntiSpyware Free Edition.lnk --a---- 1800 bytes [20:39 24/01/2013] [20:39 24/01/2013]
Windows 7 Upgrade Advisor.lnk --a---- 1984 bytes [16:03 04/05/2013] [16:03 04/05/2013]

---Folders---
None found.

C:\Users\Default\Desktop - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Users\All Users\Desktop - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\ProgramData\Desktop - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-