-
August 7th, 2012, 04:13 AM
#31
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.src=ym&.done=http%3A%2F%2Fus.mc598.mail.yahoo.com%2Fmc%2Flaunch|http://sports.betfair.com/|http://www.betdaq.co.uk/UI/|http://www.bbc.co.uk/sport/0/football/|http://www.bbc.co.uk/weather/2646914|http://liveonsat.com/indaily6.php|http://www.satpimps.com/index.php|http://alsatforum.com/forum.php|http://rocksoff.org/messageboard/YaBB.pl?board=general|http://www.iorr.org/news.htm|http://blog.beefheart.com/|http://www.onepoll.com/your-account|http://www.bbc.co.uk/news/|https://twitter.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {841468a1-d7f4-4bd3-84e6-bb0f13a06c64}:1.300.346
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.src=ym&.done=http%3A%2F%2Fuk.mc865.mail.yahoo.com%2Fmc%2Fwelcome%3F.partner%3Dbt-1%26amp%3B.gx%3D1%26amp%3B.tm%3D1312102997%26amp%3B.rand%3D5kj7veej1t4g9|http://sports.betfair.com/|http://www.satpimps.com/index.php|http://alsatforum.com/forum.php|https://twitter.com/#!/|http://www.bbc.co.uk/sport/0/football/|http://www.betdaq.co.uk/UI/|http://www.bbc.co.uk/weather/2646914|http://liveonsat.com/live2day.php|http://www.topcashback.co.uk/NoLogin?PageRequested=%2faccount%2foverview%2f|http://rocksoff.org/messageboard/YaBB.pl?board=general|http://www.iorr.org/news.htm|http://blog.beefheart.com/|http://www.onepoll.com/your-account|http://www.canalplus.no/schedule|http://spiderboxforum.com/forum/|http://www.bbc.co.uk/news/uk/"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Main User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Main User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/26 23:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/08 10:22:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/27 20:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/06 13:16:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/27 20:52:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/06 13:16:08 | 000,000,000 | ---D | M]
[2010/12/29 23:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main User\AppData\Roaming\Mozilla\Extensions
[2010/12/29 23:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main User\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/08/05 23:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main User\AppData\Roaming\Mozilla\Firefox\Profiles\elecoeq3.default\extensions
[2012/04/16 12:31:18 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Main User\AppData\Roaming\Mozilla\Firefox\Profiles\elecoeq3.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/03/29 20:06:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Main User\AppData\Roaming\Mozilla\Firefox\Profiles\elecoeq3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/04 11:05:51 | 000,001,386 | ---- | M] () -- C:\Users\Main User\AppData\Roaming\Mozilla\Firefox\Profiles\elecoeq3.default\searchplugins\yahoo-zugo.xml
[2012/08/06 12:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/21 22:13:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/12 20:16:13 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{c3de70e1-f1d0-f0f0-75ad-5fc8012b3106}
[2012/07/06 13:16:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/05/08 10:22:52 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video> -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/21 22:26:48 | 000,553,809 | ---- | M] () (No name found) -- C:\USERS\MAIN USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ELECOEQ3.DEFAULT\EXTENSIONS\{841468A1-D7F4-4BD3-84E6-BB0F13A06C64}.XPI
[2012/07/27 20:52:08 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/02 10:48:42 | 000,083,456 | ---- | M] (StartSearch ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/03/13 05:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 05:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://home.sweetim.com/?crg=4.0002002&barid={21280749-7D0D-11E1-99F3-20CF30C9E425}
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://www.buzqo.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=232&product_id=687&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.1.0&install_country=GB&install_date=20110804&user_guid=9F3E156ACD3E42C6A68E9B5C5C00F86D&machine_id=22dacc470dc9a121b7e77f86eac86fa0&browser=CR&os=win&os_version=6.1-x64-SP1
CHR - default_search_provider: suggest_url =
CHR - homepage: http://home.sweetim.com/?crg=4.0002002&barid={21280749-7D0D-11E1-99F3-20CF30C9E425}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Main User\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Main User\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Main User\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Webmail Ad Blocker = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp\2.30_0\
CHR - Extension: Google Search = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Motive Extension = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Skype Click to Call = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Webmail Ad Blocker = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp\2.30_0\
CHR - Extension: Google Search = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Motive Extension = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Skype Click to Call = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/06 10:51:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Main User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Main User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Main User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Main User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E5D20E-C66D-4840-8A9F-FE21C79E85DA}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\599\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/06 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help
[2012/08/06 12:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
[2012/08/06 12:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2012/08/06 11:05:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/06 10:58:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 22:46:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 22:46:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 22:46:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/05 22:43:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 22:42:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/05 13:25:14 | 000,000,000 | ---D | C] -- C:\Users\Main User\Desktop\RK_Quarantine
[2012/08/05 12:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/04 13:28:14 | 000,000,000 | ---D | C] -- C:\Users\Main User\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/04 13:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/04 13:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/04 13:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/28 19:56:47 | 000,000,000 | ---D | C] -- C:\Users\Main User\Desktop\Your completed ticket EuroMillions The National Lottery Tues_files
[2012/07/11 15:16:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 15:16:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 15:16:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 15:16:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 15:16:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 15:16:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 15:16:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 15:16:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 15:16:37 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 15:16:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 15:16:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 15:16:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 15:16:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 15:10:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 15:10:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 15:10:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 15:10:36 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 15:10:34 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 16:57:14 | 000,000,000 | ---D | C] -- C:\Users\Main User\Documents\FreeRapid-0.86u1
[2012/01/18 10:27:00 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe
[2011/10/31 16:01:41 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Main User\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/07 09:02:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2943826578-3450129591-3070821910-1000UA.job
[2012/08/07 09:02:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2943826578-3450129591-3070821910-1000Core.job
[2012/08/07 08:47:56 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 08:47:56 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 08:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 08:40:51 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 08:40:47 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\SKDXOXMB.job
[2012/08/07 08:40:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 08:40:34 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 02:34:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/07 02:00:00 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 367c320a-d7b9-4d50-8428-a6d2a5d790cd.job
[2012/08/06 21:28:00 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fc48bdbe-1795-4f17-b278-bc7961dab225.job
[2012/08/06 14:47:17 | 000,782,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/06 14:47:17 | 000,666,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/06 14:47:17 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/06 12:15:31 | 000,001,450 | ---- | M] () -- C:\Users\Public\Desktop\BT Desktop Help.lnk
[2012/08/06 10:51:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/06 10:42:30 | 000,000,787 | ---- | M] () -- C:\Users\Main User\Desktop\ComboFix - Shortcut.lnk
[2012/08/05 23:43:14 | 000,001,620 | ---- | M] () -- C:\Users\Main User\Desktop\DivX Movies.lnk
[2012/08/05 23:43:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/04 20:19:33 | 000,001,319 | ---- | M] () -- C:\Users\Main User\Desktop\Install Norman Malware Cleaner.lnk
[2012/08/04 15:16:48 | 000,001,035 | ---- | M] () -- C:\Users\Main User\Desktop\Free Window Registry Repair.lnk
[2012/08/04 13:27:48 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/04 11:35:17 | 000,000,512 | ---- | M] () -- C:\Users\Main User\Desktop\MBR.dat
[2012/08/02 21:34:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 21:34:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 11:31:50 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/08/01 13:15:31 | 000,110,592 | RHS- | M] () -- C:\Windows\SysWow64\Ribbonse.dll
[2012/08/01 10:03:36 | 000,002,476 | ---- | M] () -- C:\Users\Main User\Desktop\Google Chrome.lnk
[2012/07/29 14:45:23 | 000,547,051 | ---- | M] () -- C:\Users\Main User\Desktop\2 pics.pdf
[2012/07/28 19:56:47 | 000,031,678 | ---- | M] () -- C:\Users\Main User\Desktop\Your completed ticket EuroMillions The National Lottery Tues.htm
[2012/07/27 20:36:14 | 000,198,421 | ---- | M] () -- C:\Users\Main User\Documents\Nessim sale agreemnet P20.pdf
[2012/07/27 12:30:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/26 12:54:39 | 000,277,986 | ---- | M] () -- C:\Users\Main User\Documents\12-07-26 FIF SICAV 25k to Sedlan.pdf
[2012/07/13 20:35:42 | 000,263,085 | ---- | M] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P10.pdf
[2012/07/13 20:29:08 | 000,518,052 | ---- | M] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P9.pdf
[2012/07/13 20:28:03 | 000,494,030 | ---- | M] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P8.pdf
[2012/07/13 20:26:47 | 000,376,917 | ---- | M] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P7.pdf
[2012/07/13 20:25:46 | 000,502,768 | ---- | M] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P6.pdf
[2012/07/13 20:23:10 | 000,441,246 | ---- | M] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P1.pdf
[2012/07/13 19:27:16 | 000,272,882 | ---- | M] () -- C:\Users\Main User\Documents\12-07-13 FAL # 5440 ,5516, FCSL 5654 $ 41,412.24.pdf
[2012/07/11 15:32:14 | 000,434,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 11:24:16 | 000,014,336 | ---- | M] () -- C:\Users\Main User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/10 16:21:45 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Tucan Manager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/06 12:15:31 | 000,001,450 | ---- | C] () -- C:\Users\Public\Desktop\BT Desktop Help.lnk
[2012/08/06 10:42:30 | 000,000,787 | ---- | C] () -- C:\Users\Main User\Desktop\ComboFix - Shortcut.lnk
[2012/08/05 22:46:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 22:46:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 22:46:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 22:46:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 22:46:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 20:19:33 | 000,001,319 | ---- | C] () -- C:\Users\Main User\Desktop\Install Norman Malware Cleaner.lnk
[2012/08/04 13:28:27 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fc48bdbe-1795-4f17-b278-bc7961dab225.job
[2012/08/04 13:28:26 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 367c320a-d7b9-4d50-8428-a6d2a5d790cd.job
[2012/08/04 13:27:48 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/04 11:35:17 | 000,000,512 | ---- | C] () -- C:\Users\Main User\Desktop\MBR.dat
[2012/08/01 13:15:31 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\SKDXOXMB.job
[2012/08/01 13:15:30 | 000,110,592 | RHS- | C] () -- C:\Windows\SysWow64\Ribbonse.dll
[2012/07/29 14:45:22 | 000,547,051 | ---- | C] () -- C:\Users\Main User\Desktop\2 pics.pdf
[2012/07/28 19:56:44 | 000,031,678 | ---- | C] () -- C:\Users\Main User\Desktop\Your completed ticket EuroMillions The National Lottery Tues.htm
[2012/07/27 20:36:14 | 000,198,421 | ---- | C] () -- C:\Users\Main User\Documents\Nessim sale agreemnet P20.pdf
[2012/07/26 12:54:39 | 000,277,986 | ---- | C] () -- C:\Users\Main User\Documents\12-07-26 FIF SICAV 25k to Sedlan.pdf
[2012/07/13 20:35:41 | 000,263,085 | ---- | C] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P10.pdf
[2012/07/13 20:29:08 | 000,518,052 | ---- | C] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P9.pdf
[2012/07/13 20:28:03 | 000,494,030 | ---- | C] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P8.pdf
[2012/07/13 20:26:47 | 000,376,917 | ---- | C] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P7.pdf
[2012/07/13 20:25:46 | 000,502,768 | ---- | C] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P6.pdf
[2012/07/13 20:23:10 | 000,441,246 | ---- | C] () -- C:\Users\Main User\Documents\FirstMerit Wire Agreement P1.pdf
[2012/07/13 19:27:16 | 000,272,882 | ---- | C] () -- C:\Users\Main User\Documents\12-07-13 FAL # 5440 ,5516, FCSL 5654 $ 41,412.24.pdf
[2012/06/25 18:41:02 | 000,001,302 | ---- | C] () -- C:\Users\Main User\AppData\Roaming\Horse Racing Fantasy Online Community.lnk
[2012/03/06 21:24:37 | 000,000,218 | ---- | C] () -- C:\Users\Main User\.recently-used.xbel
[2012/02/29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/31 16:01:41 | 000,007,859 | ---- | C] () -- C:\Users\Main User\AppData\Roaming\pcouffin.cat
[2011/10/31 16:01:41 | 000,001,167 | ---- | C] () -- C:\Users\Main User\AppData\Roaming\pcouffin.inf
[2011/09/07 12:33:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/01/14 15:24:10 | 000,004,096 | -H-- | C] () -- C:\Users\Main User\AppData\Local\keyfile3.drm
[2010/12/30 00:00:02 | 000,014,336 | ---- | C] () -- C:\Users\Main User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/29 16:29:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/29 13:28:24 | 000,788,144 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/13 14:30:22 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/13 14:30:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2010/12/13 14:30:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2010/12/13 14:21:06 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/12/13 14:21:06 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/12/13 14:21:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/12/13 14:21:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/12/13 14:15:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/12/13 14:15:02 | 000,026,966 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
========== Custom Scans ==========
< :OTL >
< O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >
< DRV:64bit: - [2011/11/28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) >
Invalid Switch: 28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
< DRV:64bit: - [2011/11/28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) >
Invalid Switch: 28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/26 23:24:05 | 000,000,000 | ---D | M] >
Invalid Switch: 26 23:24:05 | 000,000,000 | ---D | M]
< CHR - Extension: avast! WebRep = C:\Users\Main User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ >
< O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) >
< O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) >
< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)
< @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34 >
< FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" >
< FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" >
< FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" >
< FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo.co.uk" >
< CHR - homepage: http://home.sweetim.com/?crg=4.0002002&barid={21280749-7D0D-11E1-99F3-20CF30C9E425} >
Invalid Switch: ?crg=4.0002002&barid={21280749-7D0D-11E1-99F3-20CF30C9E425}
< >
< >
< :Services >
< >
< :Reg >
< >
< :Files >
< C:\Program Files\AVAST Software >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [emptyjava] >
< [emptyflash] >
< [Reboot] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
-
August 7th, 2012, 04:26 AM
#32
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 33
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Emsisoft Anti-Malware a2service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
August 7th, 2012, 04:31 AM
#33
Farbar Service Scanner Version: 06-08-2012
Ran by Main User (administrator) on 07-08-2012 at 09:29:49
Running from "G:\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
August 7th, 2012, 11:29 AM
#34
Please note....G is my external drive.
G:\MAINUSER-PC\Backup Set 2011-11-20 190005\Backup Files 2011-12-18 190005\Backup files 2.zip a variant of Win32/Somoto.A application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-01-08 190005\Backup Files 2012-01-08 190005\Backup files 22.zip a variant of Win32/Somoto.A application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-02-20 082303\Backup Files 2012-02-20 082303\Backup files 21.zip a variant of Win32/Somoto.A application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-02-20 082303\Backup Files 2012-02-26 190006\Backup files 2.zip a variant of Win32/Somoto.A application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-03-04 190001\Backup Files 2012-03-04 190001\Backup files 22.zip a variant of Win32/Somoto.A application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-04-15 190001\Backup Files 2012-04-15 190001\Backup files 5.zip Win32/Toolbar.SearchSuite application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-04-15 190001\Backup Files 2012-04-15 190001\Backup files 23.zip Win32/Toolbar.SearchSuite application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-04-22 190006\Backup Files 2012-04-22 190006\Backup files 22.zip Win32/Toolbar.SearchSuite application deleted - quarantined
G:\MAINUSER-PC\Backup Set 2012-06-17 190005\Backup Files 2012-06-17 190005\Backup files 24.zip Win32/Toolbar.SearchSuite application deleted - quarantined
-
August 7th, 2012, 05:21 PM
#35
OTL log is incorrect.
You clicked on "Scan" button instead of "Fix" button.
Redo.
==============================
Make sure to re-enable MSE.
=============================
Go Start and in "Start search: type in:
services.msc
Press Enter.
Scroll down to Security Center service.
Right click on it, click "Properties".
Under "Startup type" select "Automatic" from drop-down menu.
Restart computer and see id Security Center is running.
-
August 7th, 2012, 05:52 PM
#36
Ahhh! Apologies Broni.
Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\AVAST Software\Avast scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVAST Software\Avast scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVAST Software scheduled to be moved on reboot.
C:\Users\Main User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Main User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{619C9CEA-29A5-42D7-B969-336A43FDC4AD}.tmp moved successfully.
C:\Users\Main User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8B70AF6F-8CA0-4866-95C2-DEDAF1DAC879}.tmp moved successfully.
PendingFileRenameOperations files...
File C:\Program Files\AVAST Software\Avast not found!
File C:\Program Files\AVAST Software not found!
File C:\Users\Main User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Main User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{619C9CEA-29A5-42D7-B969-336A43FDC4AD}.tmp not found!
File C:\Users\Main User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8B70AF6F-8CA0-4866-95C2-DEDAF1DAC879}.tmp not found!
Registry entries deleted on Reboot...
-
August 7th, 2012, 05:54 PM
#37
-
August 7th, 2012, 06:09 PM
#38
Went through the switch MSE on procedure. Restarted. The warning didn't pop up in the system tray but the MSE icon was not there either. So I went into progs. Tried to start MSE from there. No response but interestingly not even the MSE box flashing up for less than a second. After about 2 mins the 'solve PC issues' 'x' appeared in the system tray. I went back in via 'services.msc' to find it disabled again!!
-
August 7th, 2012, 06:26 PM
#39
Security Center is disabled?
Reinstall MSE.
-
August 7th, 2012, 10:41 PM
#40
Thanks for continued support Broni. Yes Security Center is disabled. Tried to install but it said that MSE was already present. Could not find it listed in Revo so uninstalled via Control Panel. Installed. Same! Security Center disabled. Trying to run MSE from progs produces the same error box flashing up for less than a second so cannot read it! Rebooted. Same!
-
August 7th, 2012, 11:23 PM
#41
Did you set Security Center to automatic startup?
Download and run this MSE uninstaller: http://go.microsoft.com/?linkid=9748340
-
August 8th, 2012, 05:33 AM
#42
Hello Broni. Yes I did select 'automatic', (Apply...OK). Have just used your uninstaller and mseinstall.exe 3 times while repeatedly going in to services to reset to automatic, (from Disabled). I can get MSE to install but when I hit the Finish button, (with option ticked to look for updates and then scan), the box closes and nothing happens. I then go into Security Center and find an extra box to switch MSE on and when I do that I get the 2 microsoft looking windows that flash extremely briefly with warning Xs in.
-
August 8th, 2012, 11:59 AM
#43
Let's forget about MSE.
Uninstall it again using provided uninstaller.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/w...ity-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-.../antivirus.php
Update, run full scan, report on any findings.
-
August 8th, 2012, 03:13 PM
#44
Thanks Broni. I tried a prog this AM called 'Trojan Remover' and it certainly stirred things up! I don't know whether anything got deleted but I can now run scans and have been doing so all day and will carry on for another couple of days. I am also deleting a lot of backup stuff. Have downloaded Avast and it found nothing BUT I started a Bootscan and that was finding odd old bits. I will run a full Bootscan overnight. I will report back in a couple of days. Your help is greatly appreciated.
-
August 8th, 2012, 03:26 PM
#45
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|