Solved System Check removal
- Thread starter Andrew1234
- Start date
Andrew1234
Posts: 113 +0
OTL.txt
OTL logfile created on: 2/3/2012 10:53:50 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.66% Memory free
8.10 Gb Paging File | 6.76 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.17 Gb Total Space | 407.24 Gb Free Space | 69.83% Space Free | Partition Type: NTFS
Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2009/02/26 15:11:34 | 000,045,056 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 16:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/12 05:42:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 05:36:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 05:36:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 05:36:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 05:35:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 05:35:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/26 15:11:32 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/02/26 15:11:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 11:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2008/08/26 01:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/20 20:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/10/29 02:55:52 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/09/21 16:49:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/09/12 15:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ????????;127.0.0.1:9421;
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2786678&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems:
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 20:00:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/27 20:00:47 | 000,000,000 | ---D | M]
[2009/11/27 00:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Extensions
[2012/02/01 19:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions
[2009/11/27 00:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/19 09:10:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/30 06:11:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/30 06:11:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\engine@conduit.com
[2011/03/30 06:11:46 | 000,000,863 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\searchplugins\conduit.xml
[2012/01/31 00:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/19 09:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/03 19:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/31 00:02:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2010/05/30 14:20:11 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol308.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2012/01/27 22:40:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/22 08:35:35 | 000,091,464 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/08/25 01:14:07 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/03 00:38:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/03 00:37:51 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/03 00:32:26 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2012/02/03 00:20:12 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
[2012/02/02 00:07:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/01 22:20:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/31 23:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/31 00:23:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
[2012/01/31 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\JavaRa
[2012/01/29 16:13:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/28 16:18:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2012/01/28 16:17:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
[2012/01/28 15:31:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 22:46:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/27 19:07:37 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
[2012/01/27 17:06:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 17:06:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 17:06:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 17:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/27 17:03:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\bootkit_remover
[2012/01/27 15:11:28 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
[2012/01/26 15:57:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
[2012/01/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Malwarebytes
[2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/25 20:06:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/25 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/25 19:39:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/03 22:55:00 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 22:55:00 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 22:55:00 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/03 22:47:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 22:47:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 22:47:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 22:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 22:44:07 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 00:32:26 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2012/02/03 00:20:12 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
[2012/02/02 00:23:53 | 000,800,211 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts64.exe
[2012/02/02 00:23:27 | 000,303,059 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts.exe
[2012/02/02 00:07:36 | 431,684,341 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/01 23:12:07 | 000,000,680 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012/01/31 00:23:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
[2012/01/31 00:18:15 | 000,334,429 | ---- | M] () -- C:\Users\Mary\Desktop\FSS.exe
[2012/01/31 00:12:51 | 000,869,194 | ---- | M] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
[2012/01/31 00:04:50 | 000,160,350 | ---- | M] () -- C:\Users\Mary\Desktop\JavaRa.zip
[2012/01/29 21:21:15 | 000,000,000 | ---- | M] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
[2012/01/28 19:33:05 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe
[2012/01/28 19:32:51 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
[2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2012/01/28 16:17:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
[2012/01/27 22:40:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/27 19:07:37 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
[2012/01/27 15:44:06 | 000,044,607 | ---- | M] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
[2012/01/27 15:41:46 | 000,000,512 | ---- | M] () -- C:\Users\Mary\Desktop\MBR.dat
[2012/01/27 15:11:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
[2012/01/26 15:57:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
[2012/01/25 20:09:01 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 20:44:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/18 13:00:18 | 000,024,064 | ---- | M] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 16:53:22 | 000,000,104 | ---- | M] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
[1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/03 19:15:01 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/02/02 00:23:53 | 000,800,211 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts64.exe
[2012/02/02 00:23:27 | 000,303,059 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts.exe
[2012/02/02 00:07:36 | 431,684,341 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/01 23:11:49 | 000,000,680 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012/01/31 00:18:15 | 000,334,429 | ---- | C] () -- C:\Users\Mary\Desktop\FSS.exe
[2012/01/31 00:12:51 | 000,869,194 | ---- | C] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
[2012/01/31 00:04:49 | 000,160,350 | ---- | C] () -- C:\Users\Mary\Desktop\JavaRa.zip
[2012/01/28 19:33:05 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe
[2012/01/28 19:32:51 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
[2012/01/27 17:06:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 17:06:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 17:06:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 17:06:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 17:06:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 15:44:06 | 000,044,607 | ---- | C] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
[2012/01/27 15:41:46 | 000,000,512 | ---- | C] () -- C:\Users\Mary\Desktop\MBR.dat
[2012/01/25 20:09:01 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 20:44:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/17 16:53:22 | 000,000,104 | ---- | C] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
[2011/05/07 09:17:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
[2011/03/27 20:22:25 | 000,000,556 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\wklnhst.dat
[2010/12/26 14:21:30 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/26 14:21:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/06 10:09:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 10:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 10:32:57 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 10:32:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/27 00:38:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/05 08:01:35 | 000,024,064 | ---- | C] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 22:16:08 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/04/02 03:22:25 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2009/04/02 03:22:25 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/04/02 03:22:25 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2009/04/02 03:22:25 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2009/04/02 02:26:19 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/04/02 02:02:11 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ==========
[2010/04/27 22:03:38 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Amazon
[2010/03/06 10:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Canon
[2010/03/12 17:43:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/23 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Flip Video
[2011/03/27 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Template
[2012/01/07 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\uTorrent
[2009/09/05 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\WildTangent
[2012/02/03 22:45:57 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL logfile created on: 2/3/2012 10:53:50 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.97 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.66% Memory free
8.10 Gb Paging File | 6.76 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.17 Gb Total Space | 407.24 Gb Free Space | 69.83% Space Free | Partition Type: NTFS
Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe
PRC - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2009/02/26 15:11:34 | 000,045,056 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 16:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/12 05:42:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 05:36:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 05:36:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 05:36:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 05:35:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 05:35:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/26 15:11:32 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/02/26 15:11:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 11:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2008/08/26 01:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/15 12:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 12:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/12 16:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/20 20:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/10/29 02:55:52 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/09/21 16:49:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/09/12 15:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ????????;127.0.0.1:9421;
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2786678&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems:
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 20:00:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/27 20:00:47 | 000,000,000 | ---D | M]
[2009/11/27 00:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Extensions
[2012/02/01 19:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions
[2009/11/27 00:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/19 09:10:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/30 06:11:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/30 06:11:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\engine@conduit.com
[2011/03/30 06:11:46 | 000,000,863 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\searchplugins\conduit.xml
[2012/01/31 00:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/19 09:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/03 19:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/31 00:02:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2010/05/30 14:20:11 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol308.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2012/01/27 22:40:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mary\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/22 08:35:35 | 000,091,464 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/08/25 01:14:07 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/03 00:38:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/03 00:37:51 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/03 00:32:26 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2012/02/03 00:20:12 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
[2012/02/02 00:07:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/01 22:20:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/31 23:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/31 00:23:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
[2012/01/31 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\JavaRa
[2012/01/29 16:13:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/28 16:18:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2012/01/28 16:17:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
[2012/01/28 15:31:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 22:46:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/27 19:07:37 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
[2012/01/27 17:06:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 17:06:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 17:06:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 17:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/27 17:03:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\Desktop\bootkit_remover
[2012/01/27 15:11:28 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
[2012/01/26 15:57:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
[2012/01/25 20:07:14 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Malwarebytes
[2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/25 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/25 20:06:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/25 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/25 19:39:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/03 22:55:00 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 22:55:00 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 22:55:00 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/03 22:47:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 22:47:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 22:47:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 22:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 22:44:07 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 00:32:26 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\ComboFix.exe
[2012/02/03 00:20:12 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe
[2012/02/02 00:23:53 | 000,800,211 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts64.exe
[2012/02/02 00:23:27 | 000,303,059 | ---- | M] () -- C:\Users\Mary\Desktop\ListParts.exe
[2012/02/02 00:07:36 | 431,684,341 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/01 23:12:07 | 000,000,680 | ---- | M] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012/01/31 00:23:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\TFC.exe
[2012/01/31 00:18:15 | 000,334,429 | ---- | M] () -- C:\Users\Mary\Desktop\FSS.exe
[2012/01/31 00:12:51 | 000,869,194 | ---- | M] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
[2012/01/31 00:04:50 | 000,160,350 | ---- | M] () -- C:\Users\Mary\Desktop\JavaRa.zip
[2012/01/29 21:21:15 | 000,000,000 | ---- | M] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
[2012/01/28 19:33:05 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe
[2012/01/28 19:32:51 | 000,684,297 | ---- | M] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
[2012/01/28 16:18:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2012/01/28 16:17:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe.lr6tyx5.partial
[2012/01/27 22:40:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/27 19:07:37 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Mary\Desktop\AppRemover.exe
[2012/01/27 15:44:06 | 000,044,607 | ---- | M] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
[2012/01/27 15:41:46 | 000,000,512 | ---- | M] () -- C:\Users\Mary\Desktop\MBR.dat
[2012/01/27 15:11:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe
[2012/01/26 15:57:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mary\Desktop\dds.scr
[2012/01/25 20:09:01 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 20:44:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/18 13:00:18 | 000,024,064 | ---- | M] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 16:53:22 | 000,000,104 | ---- | M] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
[1 C:\Users\Mary\AppData\Local\*.tmp files -> C:\Users\Mary\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/03 19:15:01 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/02/02 00:23:53 | 000,800,211 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts64.exe
[2012/02/02 00:23:27 | 000,303,059 | ---- | C] () -- C:\Users\Mary\Desktop\ListParts.exe
[2012/02/02 00:07:36 | 431,684,341 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/01 23:11:49 | 000,000,680 | ---- | C] () -- C:\Users\Mary\AppData\Local\d3d9caps.dat
[2012/01/31 00:18:15 | 000,334,429 | ---- | C] () -- C:\Users\Mary\Desktop\FSS.exe
[2012/01/31 00:12:51 | 000,869,194 | ---- | C] () -- C:\Users\Mary\Desktop\SecurityCheck.exe
[2012/01/31 00:04:49 | 000,160,350 | ---- | C] () -- C:\Users\Mary\Desktop\JavaRa.zip
[2012/01/28 19:33:05 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe
[2012/01/28 19:32:51 | 000,684,297 | ---- | C] () -- C:\Users\Mary\Desktop\unhide.exe.eaajcmq.partial
[2012/01/27 17:06:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 17:06:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 17:06:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 17:06:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 17:06:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 15:44:06 | 000,044,607 | ---- | C] () -- C:\Users\Mary\Desktop\bootkit_remover.zip
[2012/01/27 15:41:46 | 000,000,512 | ---- | C] () -- C:\Users\Mary\Desktop\MBR.dat
[2012/01/25 20:09:01 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 20:44:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/17 16:53:22 | 000,000,104 | ---- | C] () -- C:\Users\Mary\Desktop\Internet - Shortcut.lnk
[2011/05/07 09:17:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary\AppData\Local\prvlcl.dat
[2011/03/27 20:22:25 | 000,000,556 | ---- | C] () -- C:\Users\Mary\AppData\Roaming\wklnhst.dat
[2010/12/26 14:21:30 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/26 14:21:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/06 10:09:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 10:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 10:32:57 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 10:32:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/27 00:38:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/05 08:01:35 | 000,024,064 | ---- | C] () -- C:\Users\Mary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 22:16:08 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/04/02 03:22:25 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2009/04/02 03:22:25 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/04/02 03:22:25 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2009/04/02 03:22:25 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2009/04/02 02:26:19 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/04/02 02:02:11 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ==========
[2010/04/27 22:03:38 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Amazon
[2010/03/06 10:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Canon
[2010/03/12 17:43:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/23 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Flip Video
[2011/03/27 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Template
[2012/01/07 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\uTorrent
[2009/09/05 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\WildTangent
[2012/02/03 22:45:57 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Broni
Posts: 56,041 +516
Please click HERE to download Kaspersky Virus Removal Tool.
- Double click on the file you just downloaded and let it install.
- It will install to your desktop (be patient; it may take a while).
- Accept license agreement and click "Start" button.
- Click on Settings button
- In Scan scope leave pre-checked items as they're and also checkmark My Computer
- In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
- Click on Automatic Scan tab and then click on Start scanning button.
- Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
- When the scan is done NO log will be produced.
- Click on Report button then on Automatic Scan report tab.
- Right click anywhere within right pane, click Select All then right click again and click Copy.
- This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
- You can save this on the desktop.
- Post the contents of the document in your next reply.
Andrew1234
Posts: 113 +0
Kaspersky as running for 19 hours and says it has 1 day left. I don't have a problem with waiting that long but I was wondering if this is normal and ok for it to run this long?
Andrew1234
Posts: 113 +0
Has about three hours left
Andrew1234
Posts: 113 +0
Kaspersky momentarily froze once I attempted to copy the automatic scan report and then closed out. I reopened the program and it no longer had any record of the detected threats or the scan, and closed out again.
Andrew1234
Posts: 113 +0
Other then windows icons on the desktop items nothing much. Although Kaspersky said there was nine infections and malicious files but didn't get to see what they were. Only other thing I can think of is when the computer is starting up, it makes a little noise repeatedly until it reaches the log in screen which started a day or two before I started the kaspersky scan.
Andrew1234
Posts: 113 +0
Ok. What should I think about the infections kaspersky found?
Andrew1234
Posts: 113 +0
As I was trying to copy the report it said that I should neutralize all threats but obviously never got past copying the report so I never was able to click "neutralize".
Andrew1234
Posts: 113 +0
Ok. I very much appreciate your help. Thank you, Broni
Andrew1234
Posts: 113 +0
Forgot about this post. I only did step 1 should I complete the list?
Andrew1234
Posts: 113 +0
Broni, I went on to the Kaspersky forums and found out that you have to manually neutralize the detections. So I'm running it again using the instructions you gave me for the first one. Just to be sure, I'm suppose to do this with AVG uninstalled correct? This is actually my second attempt at re-scanning, my computer froze in sleep mode which is something it does very seldom. The first caught a Trojan so I neutralized it.
Andrew1234
Posts: 113 +0
It found HEUR:Trojan.Script.Generic
Andrew1234
Posts: 113 +0
Kaspersky is running extremely slow compared to the other scans. Estimated finish is in 21 days. Any suggestions?
Broni
Posts: 56,041 +516
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
- This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, select Complete scan.
- Click the green arrow at the right, and the scan will start.
- Click Yes to all if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click File and choose Save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
Latest posts
-
The Best Phones: Top Picks for Every Price Range- DanteSmith replied
-
Russia-backed hacking group suspected of attack on US water system- PurpaFur replied
