PC non responsive, slow, self rebooting.....
#46
Posted 26 July 2012 - 10:10 AM
Register to Remove
#47
Posted 26 July 2012 - 03:10 PM
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#48
Posted 26 July 2012 - 03:50 PM
#49
Posted 26 July 2012 - 03:56 PM
Type the following into the address box of your browser:
chrome:extensions
This will show all of the installed extensions in Chrome. Please find the extension for Remote Viewer and uninstall it. You can then close Chrome.
If you are not able to find and remove the extension by doing this, please let me know and we will handle it via another method.
Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services :OTL IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT3072253 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}...000701a04ecee4d IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT3072253 [2012/05/27 22:32:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Babylon [2012/06/04 12:31:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Finder :Files C:\ProgramData\TEMP:EFC181EC C:\Users\Lisa\AppData\Roaming\Media Finder C:\Users\Lisa\AppData\Roaming\Babylon :Commands [purity] [emptytemp] [emptyflash] [createrestorepoint] [reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, part of this fix will automatically reboot the computer when the script is done so please don't be alarmed.
- Then post the resulting OTL log
Please let me know if the unwanted search bars are gone and how the computer is behaving now.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#50
Posted 26 July 2012 - 04:46 PM
#51
Posted 26 July 2012 - 04:52 PM
chrome:plugins
This will show all of the installed plugins in Chrome. Please find the plugin for Remote Viewer and disable it. You can then close Chrome.
Let me know if you are able to do that successfully please.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#52
Posted 26 July 2012 - 05:24 PM
This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.
Go here to run an online scannner from ESET.
- Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#53
Posted 27 July 2012 - 10:01 AM
#54
Posted 27 July 2012 - 02:59 PM
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#55
Posted 29 July 2012 - 03:39 AM
Register to Remove
#56
Posted 29 July 2012 - 12:16 PM
The following will implement some cleanup procedures as well as reset System Restore points:
- Click the Windows Key + R to open the Run box.
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Now to remove most of the tools that we have used in fixing your machine:
- Run OTL.exe by right-clicking on the icon and choosing Run as Administrator
- This time, click on the CleanUp button.
If you notice any remaining tools or files you can delete them by right clicking and choosing delete. You should keep Malwarebytes as it is a program you'll want to run regularly.
ON THE DESKTOP:
Please run a fresh OTL log and post the results so I can re-analyze them.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#57
Posted 31 July 2012 - 02:26 PM
#58
Posted 31 July 2012 - 02:46 PM
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#59
Posted 03 August 2012 - 12:32 PM
OTL logfile created on: 03/08/2012 18:51:11 - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Access Granted\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 266.20 Mb Available Physical Memory | 26.01% Memory free
2.40 Gb Paging File | 1.35 Gb Available in Paging File | 56.04% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 79.05 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Computer Name: SN048919120306 | User Name: Access Granted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Access Granted\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oahlp.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
PRC - C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
PRC - C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe ()
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdncoms.exe ( )
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\12080300\algo.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdndrs.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdnscw.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdncaps.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll ()
MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdndatr.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdncats.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\APPS\SKYPE\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (lxdnCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe ()
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (lxdn_device) -- C:\WINDOWS\system32\lxdncoms.exe ( )
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ACCESS~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (vcsmpdrv) -- C:\WINDOWS\system32\drivers\vcsmpdrv.sys (H+H Software GmbH)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 2C 29 F7 5E 1A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...amp;Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/26 13:01:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/08 17:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/01 21:19:19 | 000,000,000 | ---D | M]
[2012/07/08 22:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/24 11:18:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/07/19 22:22:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\Access Granted\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342555031671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A5780F9-9298-4B3F-BBAD-FA85CF37EE1F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/27 12:08:36 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/08/03 18:42:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Access Granted\Desktop\OTL.exe
[2012/07/27 12:44:06 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Access Granted\Desktop\TDSSKiller.exe
[2012/07/27 12:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Access Granted\Desktop\my sounds
[2012/07/27 12:08:36 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012/07/20 11:03:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/19 23:57:33 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds1.scr
[2012/07/19 23:47:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds.scr
[2012/07/19 16:01:24 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Access Granted\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/17 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/07/17 21:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/07/15 16:51:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/15 16:51:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/15 16:51:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/15 16:51:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/15 16:51:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/15 16:46:23 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\ComboFix.exe
[2012/07/15 13:33:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/08 07:19:18 | 000,065,752 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/07/07 15:57:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Access Granted\Recent
[2012/07/05 20:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/04 20:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Access Granted\Desktop\New Folder (2)
========== Files - Modified Within 30 Days ==========
[2012/08/03 19:12:19 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1491025595-1780334667-4173316225-1006UA.job
[2012/08/03 18:57:09 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/03 18:42:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Access Granted\Desktop\OTL.exe
[2012/08/03 18:32:50 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Access Granted\Desktop\OTL.url
[2012/08/03 17:12:08 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1491025595-1780334667-4173316225-1006Core.job
[2012/08/03 17:01:35 | 000,000,332 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/03 16:58:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/03 16:58:23 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 15:31:58 | 000,000,016 | ---- | M] () -- C:\InjectIntoProcess crash
[2012/08/03 14:57:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/03 14:57:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/03 14:22:45 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Access Granted\Desktop\Google Chrome.lnk
[2012/08/03 14:22:45 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/03 02:00:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SN048919120306-Access Granted.job
[2012/08/02 11:38:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/31 12:55:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/29 11:11:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Access Granted\Desktop\TDSSKiller.exe
[2012/07/20 10:04:51 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/20 10:04:51 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 23:57:43 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds1.scr
[2012/07/19 23:48:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds.scr
[2012/07/19 22:22:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/19 21:58:46 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\ComboFix.exe
[2012/07/19 14:49:41 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Access Granted\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/14 23:56:41 | 003,723,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/14 23:51:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 14:18:13 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/07/09 14:18:13 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/07/09 14:17:26 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/07/08 07:19:18 | 000,065,752 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/07/04 20:37:43 | 000,043,604 | ---- | M] () -- C:\Documents and Settings\Access Granted\Desktop\toilet in the desert.jpg
========== Files Created - No Company Name ==========
[2012/08/03 18:32:50 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Access Granted\Desktop\OTL.url
[2012/07/16 18:16:33 | 000,000,016 | ---- | C] () -- C:\InjectIntoProcess crash
[2012/07/15 16:51:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/15 16:51:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/15 16:51:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/15 16:51:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/15 16:51:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/14 23:22:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 14:14:05 | 000,010,264 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/07/04 20:37:40 | 000,043,604 | ---- | C] () -- C:\Documents and Settings\Access Granted\Desktop\toilet in the desert.jpg
[2012/07/04 19:34:51 | 000,035,363 | ---- | C] () -- C:\Documents and Settings\Access Granted\Desktop\Copy of spiderman.jpg
[2012/06/30 21:55:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2012/06/30 21:54:56 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoin.dll
[2012/06/30 21:53:13 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2012/06/30 21:53:13 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2012/06/30 21:53:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2012/06/30 21:51:37 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2012/06/30 21:51:36 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2012/06/30 21:51:36 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2012/06/30 21:51:36 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2012/06/30 21:51:36 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2012/06/30 21:51:35 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2012/06/30 21:51:35 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2012/06/30 21:51:34 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2012/06/30 21:51:34 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2012/06/30 21:51:31 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2012/06/30 21:51:30 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2012/06/30 21:51:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2012/06/30 21:51:25 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2012/06/30 21:51:24 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2012/06/30 21:51:23 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2012/06/30 21:51:23 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2012/04/25 16:14:36 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012/03/29 22:17:54 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Access Granted\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 13:34:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/10 15:58:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 18:40:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/22 10:45:18 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/10/22 10:45:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/10/22 10:45:15 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/10/22 10:45:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/10/22 10:45:13 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/09/18 15:00:39 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Access Granted\ntuser.bak
[2011/08/08 11:34:01 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Access Granted\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/07/04 23:27:06 | 000,057,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/15 22:18:30 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/15 22:18:30 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/15 22:18:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/15 22:16:07 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/09 11:48:13 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/06/09 11:48:12 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/27 20:05:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2011/02/15 22:15:37 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Access Granted\Application Data\wklnhst.dat
[2011/01/21 18:41:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2011/01/19 17:36:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/13 15:49:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/01/13 15:46:06 | 000,003,439 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/01/13 15:42:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/13 15:39:24 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011/01/13 15:33:42 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011/01/13 15:32:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/13 15:17:47 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
========== LOP Check ==========
[2011/11/05 21:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Ashampoo
[2011/06/20 14:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Audacity
[2011/06/03 12:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Auslogics
[2011/08/28 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Boolat Games
[2012/07/19 21:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Canon
[2011/07/04 23:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/04 18:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/08 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\DDMSettings
[2011/10/19 19:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\ElevatedDiagnostics
[2011/08/23 16:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\go
[2011/05/26 19:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\GrabPro
[2011/03/26 13:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Leadertech
[2012/06/30 22:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Lexmark Productivity Studio
[2011/10/23 22:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\LibreOffice
[2011/06/20 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\NCH Swift Sound
[2011/01/20 22:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OD2
[2011/07/15 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OnlineArmor
[2011/06/23 12:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OpenCandy
[2011/10/23 22:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OpenOffice.org
[2012/02/16 18:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Oracle
[2012/06/24 10:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Orbit
[2011/09/16 22:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\PhotoScape
[2011/05/26 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\ProgSense
[2011/09/18 08:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\QuickScan
[2012/07/01 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\RoboForm
[2011/10/17 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Spotify
[2011/10/17 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Systweak
[2011/02/15 22:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Template
[2011/09/14 21:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\TP
[2011/06/20 10:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Trusteer
[2011/01/19 22:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Ulead Systems
[2011/05/31 12:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\WinPatrol
[2011/09/14 21:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\{90140011-0061-0409-0000-0000000FF1CE}
[2011/02/18 16:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/11/05 21:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/07/01 21:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/24 18:17:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/14 21:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2012/07/02 12:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series
[2011/06/09 11:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/20 17:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/01/13 15:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2011/06/09 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/11/01 19:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/01 21:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/06/20 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/01/13 15:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/13 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/14 21:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2011/04/25 22:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/08/07 22:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/01/30 15:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/03 17:01:35 | 000,000,332 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/01/13 15:28:50 | 000,000,210 | RHS- | M] () -- C:\BOOT.BAK
[2011/06/15 21:47:21 | 000,000,281 | -HS- | M] () -- C:\BOOT.INI
[2004/08/04 15:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/07/19 22:29:00 | 000,022,385 | ---- | M] () -- C:\ComboFix.txt
[2011/09/21 09:53:43 | 000,509,099 | ---- | M] () -- C:\DeQuarantine.txt
[2011/01/13 16:07:20 | 000,006,569 | ---- | M] () -- C:\DWNLOG.TXT
[2011/11/02 20:51:55 | 000,011,149 | ---- | M] () -- C:\HCT.Log
[2012/08/03 16:58:23 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 15:31:58 | 000,000,016 | ---- | M] () -- C:\InjectIntoProcess crash
[2011/01/13 15:31:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/13 15:33:19 | 000,000,886 | -H-- | M] () -- C:\IPH.PH
[2011/09/19 13:39:24 | 000,026,004 | ---- | M] () -- C:\JavaRa.log
[2011/04/27 23:55:48 | 005,748,345 | ---- | M] () -- C:\Lemmings.log
[2011/01/13 16:07:20 | 000,006,569 | ---- | M] () -- C:\MCDLOG.TXT
[2011/01/13 15:31:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 15:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2011/01/29 20:01:49 | 000,250,048 | ---- | M] () -- C:\NTLDR
[2012/08/03 16:58:18 | 1609,801,728 | -HS- | M] () -- C:\pagefile.sys
[2012/07/04 21:46:45 | 000,011,614 | ---- | M] () -- C:\profile_43.txt
[2012/06/24 18:39:38 | 000,016,234 | ---- | M] () -- C:\RootRepeal report 06-24-12 (18-39-38).txt
[2012/07/27 12:48:10 | 000,186,006 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_27.07.2012_12.45.26_log.txt
[2011/01/13 16:07:20 | 000,000,000 | ---- | M] () -- C:\UPDFLOP.TAG
< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2004/08/10 17:58:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/09/13 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006/09/13 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/08/13 07:02:22 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2012/06/28 13:52:20 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2004/08/10 17:46:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 17:46:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 17:46:06 | 000,847,872 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/01/29 20:05:59 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/29 20:18:17 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 18:04:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2012/07/19 21:58:46 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\ComboFix.exe
[2011/09/19 19:43:21 | 016,897,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Access Granted\Desktop\jre-6u27-windows-i586.exe
[2012/07/19 14:49:41 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Access Granted\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/03 18:42:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Access Granted\Desktop\OTL.exe
[2011/01/19 17:29:52 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Access Granted\Desktop\SkypeSetup.exe
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Access Granted\Desktop\TDSSKiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-14 22:51:49
< >
< End of report >
#60
Posted 03 August 2012 - 04:49 PM
Type the following into the address box of your browser:
chrome:plugins
This will show all of the installed plugins in Chrome. Please find the plugin for Remote Viewer and disable it. You can then close Chrome.
Let me know if you are able to do that successfully and if that helps at all with your browsing please.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users