Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87605 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

~DF929C.TMP continued [Solved]


  • This topic is locked This topic is locked
33 replies to this topic

#1 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 20 February 2013 - 01:33 AM

I have just started seeing a new .tmp file in my %temp% directory that I cannot delete. I first noticed ~dff7e7.tmp. If I shut down and restart computer the same .tmp file is there but when I open IE a new tmp is created, eg ~DFF8EC.TMP that cannot be deleted but the older .tmp can be deleted. The ~.tmp contiually changes in this manner. Norton has not been helpful and I was recommended to try you guys. First OTL report:
OTL Extras logfile created on: 20/02/2013 6:12:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nigel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.31% Memory free
6.20 Gb Paging File | 4.79 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.19 Gb Total Space | 248.25 Gb Free Space | 76.10% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 1.22 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 257.62 Gb Free Space | 27.66% Space Free | Partition Type: NTFS

Computer Name: NIGEL-PC | User Name: Nigel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E178537-7061-40DE-900C-A7BFC5BF002B}" = rport=137 | protocol=17 | dir=out | app=system |
"{4FF8AA6B-E0A1-45F5-87AA-38A976F76F72}" = rport=138 | protocol=17 | dir=out | app=system |
"{6BBB7363-2E2A-4040-ADC3-B20F16A3485C}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A650818-3E43-40B2-B9A0-DA0EC188FC43}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8F8DBE3D-A86D-4897-A6E2-73B5BBD0195D}" = lport=445 | protocol=6 | dir=in | app=system |
"{92873141-9459-4A97-83A0-98071EE1B393}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9C3DCB02-20DB-4555-8BC6-24672E3CC0A1}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1E1B407-FDB7-4499-A703-681837E0B300}" = rport=139 | protocol=6 | dir=out | app=system |
"{D7CE0BAD-2D3F-4AF1-BEA0-CB9F7A097D31}" = lport=139 | protocol=6 | dir=in | app=system |
"{E024BEB3-4932-4A69-83F5-D40E122C36E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFFDB088-D21F-4FBF-8CDD-D027BD3E14AB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1738EAA3-FD6D-4538-8EDE-9AC45836ECD6}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{40D1CE73-616E-4E82-A178-A14B1B93826C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4CBD925D-DD37-4270-9731-9B015E4BA377}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5ABD32EB-1ACD-4799-9EE8-AF48F810E511}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5FCA9E69-7B94-4F5E-9BD5-E22B95B0B730}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{91480BF4-C907-40A8-9079-542744397BFD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4C2C8E5-8343-4B7C-A4F8-254918FA339C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E27B6314-73F5-45F0-933D-487215E0BA55}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E442788B-00DA-4D69-9C72-B790508F2B41}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E8BA4296-2E68-43F6-B9F8-7E5204B4FB20}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FEB16121-1372-4477-B223-3825B87B8F9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3143EA86-CF89-4E22-91BB-25B28CE23AED}" = 2350_Help
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6FC405C-6C58-4ACF-AC41-E999261E76E9}" = 2350Trb
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3757C8B-6552-4EA5-9451-B933A55170BC}" = 2350
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Toolbar" = AOL Toolbar 5.0
"CCleaner" = CCleaner
"FileASSASSIN" = FileASSASSIN
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Magic DVD Copier_is1" = Magic DVD Copier V7.1.2
"Magic DVD Ripper_is1" = Magic DVD Ripper V7.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NIS" = Norton Internet Security
"Norton Utilities 16_is1" = Norton Utilities 16
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PROHYBRIDR" = 2007 Microsoft Office system
"WildTangent hp Master Uninstall" = My HP Games

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/02/2013 10:51:24 PM | Computer Name = Nigel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/02/2013 10:51:24 PM | Computer Name = Nigel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8144

Error - 17/02/2013 10:51:24 PM | Computer Name = Nigel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8144

Error - 18/02/2013 12:10:59 AM | Computer Name = Nigel-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/02/2013 12:30:48 AM | Computer Name = Nigel-PC | Source = Windows Search Service | ID = 3026
Description =

Error - 18/02/2013 7:19:35 AM | Computer Name = Nigel-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/02/2013 5:14:14 AM | Computer Name = Nigel-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/02/2013 5:45:23 AM | Computer Name = Nigel-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 19/02/2013 5:49:33 AM | Computer Name = Nigel-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/02/2013 6:12:38 AM | Computer Name = Nigel-PC | Source = Windows Search Service | ID = 3038
Description =

[ System Events ]
Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 19/01/2013 1:42:23 AM | Computer Name = Nigel-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =


< End of report >

#2 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 20 February 2013 - 01:34 AM

Second OTL file:
OTL logfile created on: 20/02/2013 6:12:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nigel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.31% Memory free
6.20 Gb Paging File | 4.79 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.19 Gb Total Space | 248.25 Gb Free Space | 76.10% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 1.22 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 257.62 Gb Free Space | 27.66% Space Free | Partition Type: NTFS

Computer Name: NIGEL-PC | User Name: Nigel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nigel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (Symantec)
PRC - C:\Program Files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Symantec)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\86365ae159cb808d52a7e3ba2700ea6c\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\59cd8889b26ea43d59660e906049b2b3\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\acb7c68a72b712e8c235b04ee7d4d569\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()


========== Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SpeedDiskService) -- C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe (Symantec Corporation)
SRV - (DiskDoctorService) -- C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe (Symantec Corporation)
SRV - (NU16StartManagerSvc) -- C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (Symantec)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EraserUtilDrv10741) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130219.017\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130219.017\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1403000.024\symtdiv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1403000.024\symds.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130216.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1403000.024\ironx86.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1403000.024\ccsetx86.sys (Symantec Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (BENDER) -- C:\Windows\System32\drivers\bender.sys (Pinnacle Systems)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}: "URL" = http://slirsredirect...hpcndtie7-en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}: "URL" = http://slirsredirect...hpcndtie7-en-au
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...E...b&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2013/01/18 23:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013/02/20 18:00:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: Gmail = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/19 08:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Symantec)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{597BC9DE-F5A4-4598-8270-C560D3F36C4F}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/18 21:31:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/20 18:09:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nigel\Desktop\OTL.exe
[2013/02/20 17:23:17 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\DriverCure
[2013/02/20 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\SparkTrust
[2013/02/20 17:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/02/19 22:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013/02/19 22:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2013/02/19 22:42:41 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Malwarebytes
[2013/02/19 22:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/19 22:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/19 22:42:31 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/19 22:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/19 22:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/02/19 22:18:20 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/19 22:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/19 22:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/19 22:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/19 22:02:03 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/02/19 22:02:03 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/02/19 22:02:02 | 008,944,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/02/19 22:02:02 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220294.dll
[2013/02/19 22:02:02 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3220162.dll
[2013/02/19 22:02:01 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/02/19 22:02:01 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/02/19 22:02:01 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/02/19 22:02:01 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/02/19 20:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013/02/19 20:40:57 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/19 20:40:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/19 20:40:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/19 20:40:33 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/17 17:46:44 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Documents\My Scans
[2013/02/17 17:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013/02/17 17:20:03 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\HP
[2013/02/17 17:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013/02/17 17:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2013/02/17 17:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2013/02/17 17:09:52 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/02/17 17:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/02/17 17:06:00 | 000,258,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2013/02/13 17:18:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/13 17:18:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/13 17:18:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/13 17:18:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/13 17:18:12 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/13 17:18:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/13 17:18:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 17:18:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/13 14:31:06 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 14:31:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/02/13 14:31:01 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 14:31:01 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/09 20:08:08 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\NPE
[2013/02/09 20:07:30 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\Nigel\Desktop\NPE.exe
[2013/02/02 23:07:20 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/02/02 23:07:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/02/02 23:07:20 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/02/02 23:07:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/02/02 23:07:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/02/02 23:07:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/02/02 23:07:19 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/02/02 23:07:19 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/02/02 23:07:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/02/02 23:07:19 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/02/02 23:07:19 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/02/02 23:07:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/02/02 23:07:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/02/02 23:07:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/02/02 23:07:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/02/02 23:07:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/02/02 23:07:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/02/02 23:07:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/02/02 23:07:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/02/02 23:07:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/02/02 23:07:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/02/02 23:07:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/02/02 23:07:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/02/02 23:07:18 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/02/02 23:07:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/02/02 23:07:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/02/02 23:07:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/02/02 23:07:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/02/02 23:07:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/02/02 22:30:42 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\FixItCenter
[2013/02/02 22:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2013/02/02 22:27:59 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2013/01/28 20:02:40 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Apple Computer
[2013/01/28 20:02:40 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Apple Computer
[2013/01/28 20:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/28 20:01:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013/01/28 20:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/28 20:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/28 20:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/28 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/01/28 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Apple
[2013/01/28 19:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/01/28 19:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/28 19:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/01/28 19:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/28 19:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2013/01/28 16:58:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/28 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
[2013/01/28 16:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic DVD Copier
[2013/01/28 16:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDCopier
[2013/01/28 16:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MagicSoftware
[2013/01/28 16:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic DVD Ripper
[2013/01/28 16:47:22 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\MagicSoftware
[2013/01/28 16:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2013/01/26 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/01/25 20:53:37 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Norton Utilities 16
[2013/01/25 20:49:39 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Documents\Norton Utilities 16
[2013/01/25 20:47:34 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2013/01/25 20:47:34 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2013/01/25 20:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
[2013/01/25 20:47:32 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2013/01/25 20:47:32 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2013/01/25 20:47:32 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2013/01/25 20:47:32 | 000,512,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2013/01/25 20:47:32 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2013/01/25 20:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/25 20:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/01/25 20:47:19 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Product_NU16
[2013/01/25 20:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/25 20:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2013/02/20 18:09:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nigel\Desktop\OTL.exe
[2013/02/20 18:05:18 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/20 18:05:18 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/20 18:02:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/20 18:00:26 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\NUAutoUpdate.job
[2013/02/20 17:59:42 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/02/20 17:59:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/20 17:59:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 17:59:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 17:59:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/20 17:59:06 | 001,942,061 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013/02/20 17:58:45 | 3219,316,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/20 17:57:47 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\VT20130115.021
[2013/02/20 17:25:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/20 06:31:05 | 000,410,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/19 23:43:08 | 000,001,356 | ---- | M] () -- C:\Users\Nigel\AppData\Local\d3d9caps.dat
[2013/02/19 23:39:40 | 000,004,246 | ---- | M] () -- C:\Users\Nigel\Documents\cc_20130219_233933.reg
[2013/02/19 22:55:25 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/02/19 22:42:36 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/19 22:18:14 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2013/02/19 22:13:10 | 000,002,096 | ---- | M] () -- C:\{8BD0711E-48E2-4137-A9E3-CFDF96B22BD2}
[2013/02/19 20:40:12 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/19 20:40:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/19 20:40:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/19 20:40:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/19 20:40:09 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/19 20:40:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/17 23:47:25 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/17 23:47:25 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/17 17:21:45 | 000,148,891 | ---- | M] () -- C:\Windows\hpoins19.dat
[2013/02/17 17:17:13 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2013/02/17 17:16:41 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2013/02/17 17:14:58 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013/02/17 17:14:14 | 000,001,980 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/02/15 04:39:41 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\isolate.ini
[2013/02/10 14:20:39 | 020,534,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/02/10 14:20:39 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/02/10 14:20:39 | 015,038,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/02/10 14:20:39 | 012,862,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/02/10 14:20:39 | 008,944,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/02/10 14:20:39 | 007,964,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/02/10 14:20:39 | 006,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/02/10 14:20:39 | 002,726,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/02/10 14:20:39 | 002,528,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/02/10 14:20:39 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/02/10 14:20:39 | 001,012,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220294.dll
[2013/02/10 14:20:39 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3220162.dll
[2013/02/10 14:20:39 | 000,013,625 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013/02/10 11:35:07 | 004,115,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013/02/10 11:35:07 | 003,010,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013/02/10 11:35:02 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013/02/10 11:35:02 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013/02/09 20:07:34 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\Nigel\Desktop\NPE.exe
[2013/02/02 23:07:26 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2013/02/02 23:07:26 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2013/02/02 23:07:20 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/02/02 23:07:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/02/02 23:07:20 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/02/02 23:07:20 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/02/02 23:07:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/02/02 23:07:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/02/02 23:07:19 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/02/02 23:07:19 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/02/02 23:07:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/02/02 23:07:19 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/02/02 23:07:19 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/02/02 23:07:19 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/02/02 23:07:19 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/02/02 23:07:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/02/02 23:07:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/02/02 23:07:19 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/02/02 23:07:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/02/02 23:07:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/02/02 23:07:19 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/02/02 23:07:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/02/02 23:07:19 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/02/02 23:07:19 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/02/02 23:07:19 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/02/02 23:07:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/02/02 23:07:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/02/02 23:07:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/02/02 23:07:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/02/02 23:07:18 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/02/02 23:07:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/02/02 23:07:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/02/02 22:28:01 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2013/02/02 18:58:19 | 000,002,571 | ---- | M] () -- C:\Users\Nigel\Desktop\Microsoft Excel 2010.lnk
[2013/02/02 18:30:32 | 000,175,743 | ---- | M] () -- C:\Users\Nigel\Documents\dha_stocklist[1].pdf
[2013/02/01 18:27:29 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities 16.lnk
[2013/02/01 14:55:06 | 000,007,581 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.cat
[2013/02/01 14:55:06 | 000,007,577 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.cat
[2013/01/31 14:18:18 | 000,350,368 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\symtdiv.sys
[2013/01/31 14:18:18 | 000,338,592 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys
[2013/01/31 14:18:11 | 000,001,468 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\symnetv.inf
[2013/01/31 14:18:11 | 000,001,440 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\symnet.inf
[2013/01/31 14:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.sys
[2013/01/31 14:18:06 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\symvtcer.dat
[2013/01/31 14:18:06 | 000,007,583 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.cat
[2013/01/31 14:18:06 | 000,003,434 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.inf
[2013/01/31 14:17:58 | 000,007,577 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\symds.cat
[2013/01/29 12:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys
[2013/01/29 12:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys
[2013/01/29 12:45:18 | 000,001,389 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.inf
[2013/01/29 12:45:18 | 000,001,389 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.inf
[2013/01/28 20:02:37 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/28 19:36:45 | 000,000,940 | ---- | M] () -- C:\Users\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/28 16:59:43 | 000,000,134 | ---- | M] () -- C:\Users\Nigel\Desktop\Microsoft Fix it.url
[2013/01/28 16:53:59 | 000,001,716 | ---- | M] () -- C:\Users\Nigel\Desktop\Magic DVD Copier.lnk
[2013/01/28 16:47:55 | 000,001,716 | ---- | M] () -- C:\Users\Nigel\Desktop\Magic DVD Ripper.lnk
[2013/01/27 18:02:47 | 000,000,460 | ---- | M] () -- C:\Users\Nigel\Documents\cc_20130127_180244.reg
[2013/01/25 20:41:23 | 000,649,718 | ---- | M] () -- C:\Users\Nigel\Documents\cc_20130125_204111.reg
[2013/01/25 20:35:29 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/25 20:30:54 | 000,001,997 | ---- | M] () -- C:\Users\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/22 13:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\symds.sys
[2013/01/22 13:15:32 | 000,002,852 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\symds.inf

========== Files Created - No Company Name ==========

[2013/02/20 06:30:24 | 3219,316,736 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/19 23:39:39 | 000,004,246 | ---- | C] () -- C:\Users\Nigel\Documents\cc_20130219_233933.reg
[2013/02/19 22:55:25 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2013/02/19 22:42:35 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/19 22:18:13 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2013/02/19 22:13:10 | 000,002,096 | ---- | C] () -- C:\{8BD0711E-48E2-4137-A9E3-CFDF96B22BD2}
[2013/02/19 22:02:02 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/02/17 17:17:13 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2013/02/17 17:16:53 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2013/02/17 17:16:41 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2013/02/17 17:14:58 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013/02/17 17:14:13 | 000,001,980 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/02/17 17:06:17 | 000,148,891 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/02/17 17:05:58 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/02/02 23:07:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/02/02 22:28:01 | 000,000,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2013/02/02 22:28:00 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2013/02/02 18:30:32 | 000,175,743 | ---- | C] () -- C:\Users\Nigel\Documents\dha_stocklist[1].pdf
[2013/02/02 09:41:10 | 000,002,571 | ---- | C] () -- C:\Users\Nigel\Desktop\Microsoft Excel 2010.lnk
[2013/02/01 18:27:29 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities 16.lnk
[2013/01/28 20:02:36 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/28 19:58:34 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/01/28 19:36:45 | 000,000,940 | ---- | C] () -- C:\Users\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/28 16:53:59 | 000,001,716 | ---- | C] () -- C:\Users\Nigel\Desktop\Magic DVD Copier.lnk
[2013/01/28 16:47:55 | 000,001,716 | ---- | C] () -- C:\Users\Nigel\Desktop\Magic DVD Ripper.lnk
[2013/01/28 16:41:43 | 000,000,134 | ---- | C] () -- C:\Users\Nigel\Desktop\Microsoft Fix it.url
[2013/01/27 18:02:46 | 000,000,460 | ---- | C] () -- C:\Users\Nigel\Documents\cc_20130127_180244.reg
[2013/01/25 20:49:39 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\NUAutoUpdate.job
[2013/01/25 20:47:32 | 000,037,920 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2013/01/25 20:41:15 | 000,649,718 | ---- | C] () -- C:\Users\Nigel\Documents\cc_20130125_204111.reg
[2013/01/25 20:35:29 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/19 11:17:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/01/19 11:17:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/01/19 09:37:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/01/18 23:36:27 | 000,001,356 | ---- | C] () -- C:\Users\Nigel\AppData\Local\d3d9caps.dat
[2013/01/18 21:17:39 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2013/01/18 21:17:39 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

========== ZeroAccess Check ==========

[2006/11/02 23:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 17:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 17:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/20 17:23:17 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\DriverCure
[2013/01/25 20:47:19 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Product_NU16
[2013/02/20 17:23:16 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\SparkTrust
[2013/01/19 20:19:59 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/10/29 17:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 17:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 14:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 13:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 13:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 23:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 23:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/04/11 17:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2008/01/21 13:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2013/01/09 09:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/01/09 09:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_58815877ebc7c9af\iexplore.exe
[2011/04/22 01:34:57 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=6C93AC7C0A8718E2A1543DB1B1B3B19F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22905_none_2ff0ad763317887e\iexplore.exe
[2011/04/22 02:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=77B9A891222FB46B13E414B99E1AF842 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\iexplore.exe
[2013/02/02 23:07:20 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16457_none_588f2941ebbcf9c3\iexplore.exe
[2013/01/09 08:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20573_none_58ff250d04ee6c13\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 23:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2013/02/02 23:07:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/02/02 23:07:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-1B894AFB.PF >
[2013/02/20 18:08:43 | 000,353,858 | ---- | M] () MD5=C91B99955D389A6186FB417788727506 -- C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf

< MD5 for: SERVICES >
[2006/09/19 08:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 08:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/21 13:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 17:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 17:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 23:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 23:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 13:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 13:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/19 08:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 08:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 08:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 23:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 08:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 23:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 08:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.PNG >
[2008/03/27 05:02:52 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img16_16\services.png
[2008/03/27 05:03:00 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PC-Doctor 5 for Windows\Images\img32_32\services.png
[2008/03/27 05:03:08 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img64_64\services.png
[2008/03/27 05:03:04 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img48_48\services.png
[2008/03/27 05:02:56 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PC-Doctor 5 for Windows\Images\img24_24\services.png

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 17:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 17:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 13:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2008/01/21 13:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/21 13:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 23:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.MOF >
[2006/09/19 08:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/19 08:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013/01/18 21:31:57 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 17:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2013/01/19 16:08:55 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 08:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/01/19 20:39:19 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2013/02/20 17:58:45 | 3219,316,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/20 17:58:43 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
[2013/02/19 22:13:10 | 000,002,096 | ---- | M] () -- C:\{8BD0711E-48E2-4137-A9E3-CFDF96B22BD2}

< %systemroot%\Fonts\*.com >
[2006/11/02 23:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 23:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 23:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2013/01/19 14:42:58 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 08:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/21 13:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 23:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 13:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 14:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 14:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 14:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 21:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 21:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/01/28 19:36:45 | 000,000,286 | -HS- | M] () -- C:\Users\Nigel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/02/09 20:07:34 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\Nigel\Desktop\NPE.exe
[2013/02/20 18:09:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nigel\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011/12/19 03:04:46 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-02-13 06:23:01

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:792D4CF1

< End of report >

#3 Tomk

Tomk

    White Board Moderator

  • Classroom Teacher
  • 18,362 posts
  • MVP

Posted 21 February 2013 - 12:06 AM

Hi nigel1,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

That file can be an indication of a trojan. That is probably why the people at the Norton forum sent you over here. This particular trojan can block you from accessing regedit and has been known to modify system policies. We'll work through a couple of tools/logs to make sure it doesn't take control of your system.

Double click on OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}: "URL" = http://slirsredirect.search.aol.com/slirs_...hpcndtie7-en-au
IE - HKCU\..\SearchScopes,DefaultScope = {8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}: "URL" = http://slirsredirect.search.aol.com/slirs_...hpcndtie7-en-au
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SE...b&qsrc=2869
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 10.13.2)
O32 - AutoRun File - [2013/01/18 21:31:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.

Again, there will be more steps to take after this one.

#4 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 February 2013 - 02:06 AM

Hi Tomk. Thanks for helping. New log: All processes killed ========== PROCESSES ========== ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B517CEB-DBBF-472D-8ADF-7839ABCCB5E3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. C:\autoexec.bat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nigel ->Temp folder emptied: 349312 bytes ->Temporary Internet Files folder emptied: 5656004 bytes ->Java cache emptied: 1876 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 506 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8674 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02212013_183224 Files\Folders moved on Reboot... C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QQ8VKDCS\index[1].htm moved successfully. C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMWVZAM6\iframe[1].htm moved successfully. C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

#5 Tomk

Tomk

    White Board Moderator

  • Classroom Teacher
  • 18,362 posts
  • MVP

Posted 21 February 2013 - 09:24 AM

Good. Now I'd like you to run a different tool.

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#6 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 22 February 2013 - 04:55 AM

ComboFix 13-02-22.01 - Nigel 22/02/2013 21:32:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3069.1921 [GMT 11:00]
Running from: c:\users\Nigel\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))
.
.
2013-02-22 10:43 . 2013-02-22 10:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-22 10:43 . 2013-02-22 10:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-21 07:32 . 2013-02-21 07:32 -------- d-----w- C:\_OTL
2013-02-20 09:43 . 2013-02-20 10:55 -------- d-----w- c:\users\Nigel\AppData\Local\CrashDumps
2013-02-20 09:20 . 2013-02-20 09:52 -------- d-----w- c:\program files\McAfee
2013-02-20 09:02 . 2012-11-08 19:53 167344 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-20 09:02 . 2013-02-20 09:52 -------- d-----w- c:\program files\Common Files\McAfee
2013-02-20 09:02 . 2013-02-20 09:52 -------- d-----w- c:\programdata\McAfee
2013-02-20 06:23 . 2013-02-20 06:23 -------- d-----w- c:\users\Nigel\AppData\Roaming\DriverCure
2013-02-20 06:23 . 2013-02-20 06:23 -------- d-----w- c:\users\Nigel\AppData\Roaming\SparkTrust
2013-02-20 06:23 . 2013-02-20 06:27 -------- d-----w- c:\programdata\SparkTrust
2013-02-20 01:04 . 2013-02-20 06:57 -------- d-----w- c:\windows\system32\drivers\NIS\1403000.024
2013-02-19 11:55 . 2013-02-19 11:55 -------- d-----w- c:\program files\FileASSASSIN
2013-02-19 11:42 . 2013-02-19 11:42 -------- d-----w- c:\users\Nigel\AppData\Roaming\Malwarebytes
2013-02-19 11:42 . 2013-02-19 11:42 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 11:38 . 2013-02-19 11:38 -------- d-----w- c:\programdata\SUPERSetup
2013-02-19 11:18 . 2013-02-19 11:18 -------- d-----w- c:\users\Nigel\AppData\Roaming\SUPERAntiSpyware.com
2013-02-19 11:18 . 2013-02-19 11:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-19 11:18 . 2013-02-19 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-19 11:02 . 2013-02-10 03:20 6267240 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 11:02 . 2013-02-10 03:20 20534560 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-19 11:02 . 2013-02-10 03:20 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 11:02 . 2013-02-10 03:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-19 11:02 . 2013-02-10 03:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-19 11:02 . 2013-02-10 03:20 7964680 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 11:02 . 2013-02-10 03:20 2726176 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 11:02 . 2013-02-10 03:20 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 11:02 . 2013-02-10 03:20 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 09:45 . 2013-02-19 09:45 -------- d-----w- c:\programdata\HP Product Assistant
2013-02-19 09:40 . 2013-02-19 09:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-17 06:21 . 2013-02-17 06:21 -------- d-----w- c:\programdata\WEBREG
2013-02-17 06:20 . 2013-02-17 06:45 -------- d-----w- c:\users\Nigel\AppData\Roaming\HP
2013-02-17 06:13 . 2013-02-17 06:13 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-02-17 06:13 . 2013-02-17 06:16 -------- d-----w- c:\program files\Common Files\HP
2013-02-17 06:06 . 2013-02-17 06:45 -------- d-----w- c:\programdata\HP
2013-02-17 06:06 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
2013-02-13 06:17 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 03:31 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 03:31 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 03:31 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 03:31 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 03:31 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-09 09:08 . 2013-02-19 10:20 -------- d-----w- c:\users\Nigel\AppData\Local\NPE
2013-02-02 11:30 . 2013-02-02 11:30 -------- d-----w- c:\users\Nigel\AppData\Local\FixItCenter
2013-02-02 11:27 . 2013-02-02 11:28 -------- d-----w- c:\program files\Microsoft Fix it Center
2013-02-02 11:27 . 2013-02-02 11:27 -------- d-----w- c:\windows\MATS
2013-01-28 09:02 . 2013-01-28 09:09 -------- d-----w- c:\users\Nigel\AppData\Roaming\Apple Computer
2013-01-28 09:02 . 2013-01-28 09:02 -------- d-----w- c:\users\Nigel\AppData\Local\Apple Computer
2013-01-28 09:01 . 2013-02-20 09:42 -------- dc----w- c:\windows\system32\DRVSTORE
2013-01-28 09:01 . 2012-08-21 02:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-28 09:00 . 2013-01-28 09:00 -------- d-----w- c:\program files\iPod
2013-01-28 09:00 . 2013-01-28 09:01 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-28 09:00 . 2013-01-28 09:01 -------- d-----w- c:\program files\iTunes
2013-01-28 09:00 . 2013-01-28 09:00 -------- d-----w- c:\programdata\Apple Computer
2013-01-28 08:58 . 2013-01-28 08:58 -------- d-----w- c:\users\Nigel\AppData\Local\Apple
2013-01-28 08:58 . 2013-01-28 08:58 -------- d-----w- c:\program files\Apple Software Update
2013-01-28 08:55 . 2013-01-28 08:55 -------- d-----w- c:\program files\Bonjour
2013-01-28 08:55 . 2013-01-28 09:00 -------- d-----w- c:\program files\Common Files\Apple
2013-01-28 08:55 . 2013-01-28 08:58 -------- d-----w- c:\programdata\Apple
2013-01-28 08:02 . 2013-01-28 08:02 -------- d-----w- c:\programdata\vsosdk
2013-01-28 05:58 . 2013-02-02 02:45 -------- d-----w- c:\users\Nigel\AppData\Local\ElevatedDiagnostics
2013-01-28 05:53 . 2013-01-28 06:00 -------- d-----w- c:\program files\MagicDVDCopier
2013-01-28 05:47 . 2013-01-28 05:54 -------- d-----w- c:\programdata\MagicSoftware
2013-01-28 05:47 . 2013-01-28 05:53 -------- d-----w- c:\users\Nigel\AppData\Local\MagicSoftware
2013-01-28 05:47 . 2013-01-28 05:47 -------- d-----w- c:\program files\MagicDVDRipper
2013-01-26 10:54 . 2013-01-26 10:54 -------- d-----w- c:\program files\MSXML 4.0
2013-01-25 09:53 . 2013-01-25 09:53 -------- d-----w- c:\users\Nigel\AppData\Roaming\Norton Utilities 16
2013-01-25 09:47 . 2011-07-26 05:15 82432 ----a-w- c:\windows\system32\msxml4r.dll
2013-01-25 09:47 . 2011-07-26 05:15 44544 ----a-w- c:\windows\system32\msxml4a.dll
2013-01-25 09:47 . 2012-09-29 11:50 512544 ----a-w- c:\windows\system32\msxml.dll
2013-01-25 09:47 . 2012-09-29 11:49 37920 ----a-w- c:\windows\system32\CleanMFT32.exe
2013-01-25 09:47 . 2008-09-17 10:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-01-25 09:47 . 2008-04-02 04:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2013-01-25 09:47 . 2008-04-02 04:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2013-01-25 09:47 . 2008-04-02 04:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2013-01-25 09:47 . 2013-01-25 09:47 -------- d-----w- c:\programdata\Symantec
2013-01-25 09:47 . 2013-01-25 09:47 -------- d-----w- c:\users\Nigel\AppData\Roaming\Product_NU16
2013-01-25 09:35 . 2013-01-25 09:35 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 09:40 . 2013-01-19 09:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-19 09:40 . 2013-01-19 09:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-17 12:47 . 2013-01-19 10:30 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-17 12:47 . 2013-01-19 10:30 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 03:20 . 2013-01-19 09:07 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-10 03:20 . 2013-01-18 10:20 2528840 ----a-w- c:\windows\system32\nvapi.dll
2013-02-10 03:20 . 2013-01-18 10:20 15038296 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-10 00:35 . 2013-01-18 10:20 3010336 ----a-w- c:\windows\system32\nvsvc.dll
2013-02-10 00:35 . 2013-01-18 10:20 4115232 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:35 . 2013-01-18 10:20 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 00:35 . 2013-01-19 08:38 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-02-10 00:35 . 2013-01-18 10:20 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-19 06:23 . 2013-01-19 06:23 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-01-19 06:23 . 2013-01-19 06:23 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2013-01-19 06:23 . 2013-01-19 06:23 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2013-01-19 06:23 . 2013-01-19 06:23 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-01-19 06:23 . 2013-01-19 06:23 98816 ----a-w- c:\windows\system32\mfps.dll
2013-01-19 06:23 . 2013-01-19 06:23 586240 ----a-w- c:\windows\system32\stobject.dll
2013-01-19 06:23 . 2013-01-19 06:23 2873344 ----a-w- c:\windows\system32\mf.dll
2013-01-19 06:23 . 2013-01-19 06:23 209920 ----a-w- c:\windows\system32\mfplat.dll
2013-01-19 06:23 . 2013-01-19 06:23 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-19 06:23 . 2013-01-19 06:23 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-01-19 06:23 . 2013-01-19 06:23 847360 ----a-w- c:\windows\system32\OpcServices.dll
2013-01-19 06:23 . 2013-01-19 06:23 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2013-01-19 06:23 . 2013-01-19 06:23 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-01-19 06:23 . 2013-01-19 06:23 478720 ----a-w- c:\windows\system32\dxgi.dll
2013-01-19 06:23 . 2013-01-19 06:23 37376 ----a-w- c:\windows\system32\cdd.dll
2013-01-19 06:23 . 2013-01-19 06:23 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2013-01-19 06:23 . 2013-01-19 06:23 258048 ----a-w- c:\windows\system32\winspool.drv
2013-01-19 06:23 . 2013-01-19 06:23 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-19 06:23 . 2013-01-19 06:23 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2013-01-19 06:23 . 2013-01-19 06:23 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-01-19 06:22 . 2013-01-19 06:22 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-01-19 06:22 . 2013-01-19 06:22 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-01-19 06:22 . 2013-01-19 06:22 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-19 06:22 . 2013-01-19 06:22 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-01-19 06:22 . 2013-01-19 06:22 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-01-19 06:22 . 2013-01-19 06:22 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-19 06:22 . 2013-01-19 06:22 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-01-19 06:22 . 2013-01-19 06:22 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-18 12:38 . 2013-01-18 12:38 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-18 10:21 . 2013-01-18 10:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-01-18 10:21 . 2013-01-18 10:21 315392 ----a-w- c:\windows\HideWin.exe
2012-12-29 10:26 . 2013-01-19 09:07 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26 . 2012-03-06 14:06 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-16 13:12 . 2013-01-19 06:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2013-01-19 06:04 293376 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SSDMonitor"="c:\program files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe" [2012-09-29 104480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-02-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 06:55 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 12:47]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-19 10:30]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-19 10:30]
.
2013-02-22 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2013-01-25 11:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page =
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-22 21:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-02-22 21:46:17
ComboFix-quarantined-files.txt 2013-02-22 10:46
.
Pre-Run: 261,841,002,496 bytes free
Post-Run: 261,757,358,080 bytes free
.
- - End Of File - - 53F5541979650FDE07EE2C8C03BDBD17

#7 Tomk

Tomk

    White Board Moderator

  • Classroom Teacher
  • 18,362 posts
  • MVP

Posted 22 February 2013 - 09:25 AM

Nothing interesting really showing there.

Let's get an online scan.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#8 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 22 February 2013 - 09:39 PM

Hi. I tried but had trouble getting a log. At end of scan there was no option to creat or find a get a log as you indicated: •When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! •Now click on: •Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. •Copy and paste that log as a reply to this topic. I have copied what I could find at C:\Program Files\ESET\EsetOnlineScanner\log.txt. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK These are the threats it found: K:\BackupDec2012\download programs\powersuite.exe multiple threats K:\BackupDec2012\download programs\paid for programs\powersuite.exe multiple threats K:\BackupDec2012\download programs\paid for programs\registrybooster.exe multiple threats K:\BackupDec2012\Joshua backup\Me !\Space_Travel_Screensaver.exe a variant of Win32/Toolbar.Babylon.A application K:\BackupDec2012\Joshua backup\Me !\Tube Catcher\aTube_Catcher.exe multiple threats

#9 Tomk

Tomk

    White Board Moderator

  • Classroom Teacher
  • 18,362 posts
  • MVP

Posted 22 February 2013 - 10:33 PM

Apparently all of those are in a backup that you made in December.

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    K:\BackupDec2012\download programs\powersuite.exe 
    K:\BackupDec2012\download programs\paid for programs\powersuite.exe 
    K:\BackupDec2012\download programs\paid for programs\registrybooster.exe 
    K:\BackupDec2012\Joshua backup\Me !\Space_Travel_Screensaver.exe 
    K:\BackupDec2012\Joshua backup\Me !\Tube Catcher\aTube_Catcher.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

#10 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 23 February 2013 - 12:22 AM

Hi, sorry to be painful but I missed your last request hence have not yet done it. During that time I ran the ESET again and worked out how to get the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a79cdd23179ccb4987de2ce680d749b4 # engine=13225 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-02-23 06:13:07 # local_time=2013-02-23 05:13:07 (+1000, AUS Eastern Daylight Time) # country="Australia" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=3591 16777213 100 93 0 124192972 0 0 # compatibility_mode=5122 16777214 33 6 0 110643145 0 0 # compatibility_mode=5892 16776574 100 95 2196822 199129115 0 0 # scanned=209651 # found=5 # cleaned=0 # scan_time=8967 sh=C95FBDA598C51101972D0697244D8FB4FFBB67EA ft=1 fh=317dc7c53b707d7c vn="multiple threats" ac=I fn="K:\BackupDec2012\download programs\powersuite.exe" sh=C95FBDA598C51101972D0697244D8FB4FFBB67EA ft=1 fh=317dc7c53b707d7c vn="multiple threats" ac=I fn="K:\BackupDec2012\download programs\paid for programs\powersuite.exe" sh=28444C1DDABF080E2558F3F5AB12E9A5F4353B20 ft=1 fh=9f9540a76a7e132d vn="multiple threats" ac=I fn="K:\BackupDec2012\download programs\paid for programs\registrybooster.exe" sh=CE967BA8514488B5FE21B90DBBAD4EFE81559A8C ft=1 fh=7a9454180e30f47a vn="a variant of Win32/Toolbar.Babylon.A application" ac=I fn="K:\BackupDec2012\Joshua backup\Me !\Space_Travel_Screensaver.exe" sh=3DC2837E9E894C9B971C4DAC9F27C43561C49738 ft=1 fh=f4e11a8294dd61e1 vn="multiple threats" ac=I fn="K:\BackupDec2012\Joshua backup\Me !\Tube Catcher\aTube_Catcher.exe"

#11 Tomk

Tomk

    White Board Moderator

  • Classroom Teacher
  • 18,362 posts
  • MVP

Posted 23 February 2013 - 12:27 AM

It's the same list so go ahead and run the script.

#12 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 23 February 2013 - 06:17 AM

Note the %temp% directory ~.tmp file is still there and is currently ~DF246B.tmp. I did as you asked and here is the log.


ComboFix 13-02-23.01 - Nigel 23/02/2013 22:58:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3069.1848 [GMT 11:00]
Running from: c:\users\Nigel\Desktop\ComboFix.exe
Command switches used :: c:\users\Nigel\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"k:\backupdec2012\download programs\paid for programs\powersuite.exe"
"k:\backupdec2012\download programs\paid for programs\registrybooster.exe"
"k:\backupdec2012\download programs\powersuite.exe"
"k:\backupdec2012\Joshua backup\Me !\Space_Travel_Screensaver.exe"
"k:\backupdec2012\Joshua backup\Me !\Tube Catcher\aTube_Catcher.exe"
.
.
((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 )))))))))))))))))))))))))))))))
.
.
2013-02-23 12:09 . 2013-02-23 12:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-23 12:09 . 2013-02-23 12:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-23 00:55 . 2013-02-23 00:55 -------- d-----w- c:\program files\ESET
2013-02-21 07:32 . 2013-02-21 07:32 -------- d-----w- C:\_OTL
2013-02-20 09:43 . 2013-02-20 10:55 -------- d-----w- c:\users\Nigel\AppData\Local\CrashDumps
2013-02-20 09:20 . 2013-02-20 09:52 -------- d-----w- c:\program files\McAfee
2013-02-20 09:02 . 2012-11-08 19:53 167344 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-20 09:02 . 2013-02-20 09:52 -------- d-----w- c:\program files\Common Files\McAfee
2013-02-20 09:02 . 2013-02-20 09:52 -------- d-----w- c:\programdata\McAfee
2013-02-20 06:23 . 2013-02-20 06:23 -------- d-----w- c:\users\Nigel\AppData\Roaming\DriverCure
2013-02-20 06:23 . 2013-02-20 06:23 -------- d-----w- c:\users\Nigel\AppData\Roaming\SparkTrust
2013-02-20 06:23 . 2013-02-20 06:27 -------- d-----w- c:\programdata\SparkTrust
2013-02-20 01:04 . 2013-02-20 06:57 -------- d-----w- c:\windows\system32\drivers\NIS\1403000.024
2013-02-19 11:55 . 2013-02-19 11:55 -------- d-----w- c:\program files\FileASSASSIN
2013-02-19 11:42 . 2013-02-19 11:42 -------- d-----w- c:\users\Nigel\AppData\Roaming\Malwarebytes
2013-02-19 11:42 . 2013-02-19 11:42 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 11:38 . 2013-02-19 11:38 -------- d-----w- c:\programdata\SUPERSetup
2013-02-19 11:18 . 2013-02-19 11:18 -------- d-----w- c:\users\Nigel\AppData\Roaming\SUPERAntiSpyware.com
2013-02-19 11:18 . 2013-02-19 11:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-19 11:18 . 2013-02-19 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-19 11:02 . 2013-02-10 03:20 6267240 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 11:02 . 2013-02-10 03:20 20534560 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-19 11:02 . 2013-02-10 03:20 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 11:02 . 2013-02-10 03:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-19 11:02 . 2013-02-10 03:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-19 11:02 . 2013-02-10 03:20 7964680 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 11:02 . 2013-02-10 03:20 2726176 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 11:02 . 2013-02-10 03:20 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 11:02 . 2013-02-10 03:20 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 09:45 . 2013-02-19 09:45 -------- d-----w- c:\programdata\HP Product Assistant
2013-02-19 09:40 . 2013-02-19 09:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-17 06:21 . 2013-02-17 06:21 -------- d-----w- c:\programdata\WEBREG
2013-02-17 06:20 . 2013-02-17 06:45 -------- d-----w- c:\users\Nigel\AppData\Roaming\HP
2013-02-17 06:13 . 2013-02-17 06:13 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-02-17 06:13 . 2013-02-17 06:16 -------- d-----w- c:\program files\Common Files\HP
2013-02-17 06:06 . 2013-02-17 06:45 -------- d-----w- c:\programdata\HP
2013-02-17 06:06 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
2013-02-13 06:17 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 03:31 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 03:31 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 03:31 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 03:31 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 03:31 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-09 09:08 . 2013-02-19 10:20 -------- d-----w- c:\users\Nigel\AppData\Local\NPE
2013-02-02 11:30 . 2013-02-02 11:30 -------- d-----w- c:\users\Nigel\AppData\Local\FixItCenter
2013-02-02 11:27 . 2013-02-02 11:28 -------- d-----w- c:\program files\Microsoft Fix it Center
2013-02-02 11:27 . 2013-02-02 11:27 -------- d-----w- c:\windows\MATS
2013-01-28 09:02 . 2013-01-28 09:09 -------- d-----w- c:\users\Nigel\AppData\Roaming\Apple Computer
2013-01-28 09:02 . 2013-01-28 09:02 -------- d-----w- c:\users\Nigel\AppData\Local\Apple Computer
2013-01-28 09:01 . 2013-02-20 09:42 -------- dc----w- c:\windows\system32\DRVSTORE
2013-01-28 09:01 . 2012-08-21 02:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-28 09:00 . 2013-01-28 09:00 -------- d-----w- c:\program files\iPod
2013-01-28 09:00 . 2013-01-28 09:01 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-28 09:00 . 2013-01-28 09:01 -------- d-----w- c:\program files\iTunes
2013-01-28 09:00 . 2013-01-28 09:00 -------- d-----w- c:\programdata\Apple Computer
2013-01-28 08:58 . 2013-01-28 08:58 -------- d-----w- c:\users\Nigel\AppData\Local\Apple
2013-01-28 08:58 . 2013-01-28 08:58 -------- d-----w- c:\program files\Apple Software Update
2013-01-28 08:55 . 2013-01-28 08:55 -------- d-----w- c:\program files\Bonjour
2013-01-28 08:55 . 2013-01-28 09:00 -------- d-----w- c:\program files\Common Files\Apple
2013-01-28 08:55 . 2013-01-28 08:58 -------- d-----w- c:\programdata\Apple
2013-01-28 08:02 . 2013-01-28 08:02 -------- d-----w- c:\programdata\vsosdk
2013-01-28 05:58 . 2013-02-02 02:45 -------- d-----w- c:\users\Nigel\AppData\Local\ElevatedDiagnostics
2013-01-28 05:53 . 2013-01-28 06:00 -------- d-----w- c:\program files\MagicDVDCopier
2013-01-28 05:47 . 2013-01-28 05:54 -------- d-----w- c:\programdata\MagicSoftware
2013-01-28 05:47 . 2013-01-28 05:53 -------- d-----w- c:\users\Nigel\AppData\Local\MagicSoftware
2013-01-28 05:47 . 2013-01-28 05:47 -------- d-----w- c:\program files\MagicDVDRipper
2013-01-26 10:54 . 2013-01-26 10:54 -------- d-----w- c:\program files\MSXML 4.0
2013-01-25 09:53 . 2013-01-25 09:53 -------- d-----w- c:\users\Nigel\AppData\Roaming\Norton Utilities 16
2013-01-25 09:47 . 2011-07-26 05:15 82432 ----a-w- c:\windows\system32\msxml4r.dll
2013-01-25 09:47 . 2011-07-26 05:15 44544 ----a-w- c:\windows\system32\msxml4a.dll
2013-01-25 09:47 . 2012-09-29 11:50 512544 ----a-w- c:\windows\system32\msxml.dll
2013-01-25 09:47 . 2012-09-29 11:49 37920 ----a-w- c:\windows\system32\CleanMFT32.exe
2013-01-25 09:47 . 2008-09-17 10:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-01-25 09:47 . 2008-04-02 04:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2013-01-25 09:47 . 2008-04-02 04:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2013-01-25 09:47 . 2008-04-02 04:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2013-01-25 09:47 . 2013-01-25 09:47 -------- d-----w- c:\programdata\Symantec
2013-01-25 09:47 . 2013-01-25 09:47 -------- d-----w- c:\users\Nigel\AppData\Roaming\Product_NU16
2013-01-25 09:35 . 2013-01-25 09:35 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 09:40 . 2013-01-19 09:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-19 09:40 . 2013-01-19 09:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-17 12:47 . 2013-01-19 10:30 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-17 12:47 . 2013-01-19 10:30 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 03:20 . 2013-01-19 09:07 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-10 03:20 . 2013-01-18 10:20 2528840 ----a-w- c:\windows\system32\nvapi.dll
2013-02-10 03:20 . 2013-01-18 10:20 15038296 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-10 00:35 . 2013-01-18 10:20 3010336 ----a-w- c:\windows\system32\nvsvc.dll
2013-02-10 00:35 . 2013-01-18 10:20 4115232 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:35 . 2013-01-18 10:20 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 00:35 . 2013-01-19 08:38 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-02-10 00:35 . 2013-01-18 10:20 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-19 06:23 . 2013-01-19 06:23 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-01-19 06:23 . 2013-01-19 06:23 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2013-01-19 06:23 . 2013-01-19 06:23 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2013-01-19 06:23 . 2013-01-19 06:23 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-01-19 06:23 . 2013-01-19 06:23 98816 ----a-w- c:\windows\system32\mfps.dll
2013-01-19 06:23 . 2013-01-19 06:23 586240 ----a-w- c:\windows\system32\stobject.dll
2013-01-19 06:23 . 2013-01-19 06:23 2873344 ----a-w- c:\windows\system32\mf.dll
2013-01-19 06:23 . 2013-01-19 06:23 209920 ----a-w- c:\windows\system32\mfplat.dll
2013-01-19 06:23 . 2013-01-19 06:23 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-19 06:23 . 2013-01-19 06:23 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-01-19 06:23 . 2013-01-19 06:23 847360 ----a-w- c:\windows\system32\OpcServices.dll
2013-01-19 06:23 . 2013-01-19 06:23 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2013-01-19 06:23 . 2013-01-19 06:23 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-01-19 06:23 . 2013-01-19 06:23 478720 ----a-w- c:\windows\system32\dxgi.dll
2013-01-19 06:23 . 2013-01-19 06:23 37376 ----a-w- c:\windows\system32\cdd.dll
2013-01-19 06:23 . 2013-01-19 06:23 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2013-01-19 06:23 . 2013-01-19 06:23 258048 ----a-w- c:\windows\system32\winspool.drv
2013-01-19 06:23 . 2013-01-19 06:23 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-19 06:23 . 2013-01-19 06:23 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2013-01-19 06:23 . 2013-01-19 06:23 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-01-19 06:22 . 2013-01-19 06:22 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-01-19 06:22 . 2013-01-19 06:22 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-01-19 06:22 . 2013-01-19 06:22 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-19 06:22 . 2013-01-19 06:22 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-01-19 06:22 . 2013-01-19 06:22 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-01-19 06:22 . 2013-01-19 06:22 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-19 06:22 . 2013-01-19 06:22 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-01-19 06:22 . 2013-01-19 06:22 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-18 12:38 . 2013-01-18 12:38 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-18 10:21 . 2013-01-18 10:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-01-18 10:21 . 2013-01-18 10:21 315392 ----a-w- c:\windows\HideWin.exe
2012-12-29 10:26 . 2013-01-19 09:07 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26 . 2012-03-06 14:06 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-16 13:12 . 2013-01-19 06:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2013-01-19 06:04 293376 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SSDMonitor"="c:\program files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe" [2012-09-29 104480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-02-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 06:55 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 12:47]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-19 10:30]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-19 10:30]
.
2013-02-23 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2013-01-25 11:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page =
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-23 23:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-02-23 23:11:19
ComboFix-quarantined-files.txt 2013-02-23 12:11
ComboFix2.txt 2013-02-22 10:46
.
Pre-Run: 261,084,528,640 bytes free
Post-Run: 261,053,767,680 bytes free
.
- - End Of File - - C3087A7BEDF09C257CD0835E3B9D1F1B

#13 Tomk

Tomk

    White Board Moderator

  • Classroom Teacher
  • 18,362 posts
  • MVP

Posted 23 February 2013 - 09:37 PM

Let's get another look:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *java*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 nigel1

nigel1

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 24 February 2013 - 01:41 AM

SystemLook 30.07.11 by jpshortstuff Log created at 18:39 on 24/02/2013 by Nigel Administrator - Elevation successful ========== filefind ========== Searching for "*java*" C:\hp\bin\logs\java.log --a---- 22004 bytes [10:32 18/01/2013] [10:32 18/01/2013] BA1B9E283DBE827A5554E5692AAF48B9 C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.dll --a---- 1444752 bytes [03:13 28/11/2012] [03:13 28/11/2012] F5B0ACAD51C5F38C8CECD89CCACFEDB0 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\JavaScriptContextManager.js --a---- 4084 bytes [03:13 28/11/2012] [03:13 28/11/2012] 805258622F24CF59C16033A5BA4FA7EF C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\JavaScriptFormatter.js --a---- 28579 bytes [03:13 28/11/2012] [03:13 28/11/2012] 63E70154C396A18579F1A3CF5F43890D C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\JavaScriptSource.js --a---- 2750 bytes [03:13 28/11/2012] [03:13 28/11/2012] C45F9A12C99424E410BD9E1EFC6ADD97 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\JavaScriptSourceFrame.js --a---- 25122 bytes [03:13 28/11/2012] [03:13 28/11/2012] 5CFC6516C3474F22AE006D0AA51C3575 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\SourceJavaScriptTokenizer.js --a---- 99573 bytes [03:13 28/11/2012] [03:13 28/11/2012] 025F99FBEDC381C17212138906EB86AF C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\SourceJavaScriptTokenizer.re2js --a---- 9491 bytes [03:13 28/11/2012] [03:13 28/11/2012] D8CD8A0FE2ADF20FE74A6224AE8AADEC C:\Program Files\Common Files\System\ado\adojavas.inc --a---- 14610 bytes [08:11 02/11/2006] [06:47 02/11/2006] 398FD657D8EA0BD77325E6BAEEA25090 C:\Program Files\Common Files\System\msadc\adcjavas.inc --a---- 630 bytes [08:11 02/11/2006] [06:47 02/11/2006] 8B9319B9C5043CF0EFE0AF3483DC069B C:\Program Files\Java\jre1.6.0_01\bin\java-rmi.exe --a---- 25088 bytes [10:32 18/01/2013] [13:38 06/04/2007] 74364A2E252C6C7CFBFAB10A8E6CCC13 C:\Program Files\Java\jre1.6.0_01\bin\java.dll --a---- 126976 bytes [10:32 18/01/2013] [15:56 06/04/2007] 1BCD88F73CF5B3179385A1B23A56DFE4 C:\Program Files\Java\jre1.6.0_01\bin\java.exe --a---- 135168 bytes [10:32 18/01/2013] [13:15 06/04/2007] 452DA4F4A04092BB7F6ECD73167811E5 C:\Program Files\Java\jre1.6.0_01\bin\javacpl.cpl --a---- 69632 bytes [10:32 18/01/2013] [14:16 06/04/2007] 8E826ED25E05B4172DEC8AE2E17D86AC C:\Program Files\Java\jre1.6.0_01\bin\javacpl.exe --a---- 37376 bytes [10:32 18/01/2013] [14:16 06/04/2007] D5F9C4DCEC30D46E62E65F6FF3AAE70A C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe --a---- 135168 bytes [10:32 18/01/2013] [13:15 06/04/2007] F90629D7E68A09E284FEF0278307B0D0 C:\Program Files\Java\jre1.6.0_01\bin\javaws.exe --a---- 139264 bytes [10:32 18/01/2013] [14:16 06/04/2007] E3AB0C85E6DCA2994CF099D4EF8AB2B7 C:\Program Files\Java\jre1.6.0_01\bin\java_crw_demo.dll --a---- 14336 bytes [10:32 18/01/2013] [15:56 06/04/2007] E49184935F8D6C93C078F4074E9767A8 C:\Program Files\Java\jre1.6.0_01\bin\npjava11.dll --a---- 126976 bytes [10:32 18/01/2013] [15:56 06/04/2007] 6EFCB24AD14D2A3F07ECFBC2125C349C C:\Program Files\Java\jre1.6.0_01\bin\npjava12.dll --a---- 126976 bytes [10:32 18/01/2013] [15:56 06/04/2007] 39127A943E16EC9B60F09A6EB5ADB962 C:\Program Files\Java\jre1.6.0_01\bin\npjava13.dll --a---- 126976 bytes [10:32 18/01/2013] [15:56 06/04/2007] E5B4A830163C9126D543A999AC671F39 C:\Program Files\Java\jre1.6.0_01\bin\npjava14.dll --a---- 126976 bytes [10:32 18/01/2013] [15:56 06/04/2007] B1026798B7A661F496EA31678ACDDB76 C:\Program Files\Java\jre1.6.0_01\bin\npjava32.dll --a---- 126976 bytes [10:32 18/01/2013] [15:56 06/04/2007] D0FD652ABC32641DE1E98EB1669D0237 C:\Program Files\Java\jre1.6.0_01\lib\javaws.jar --a---- 646988 bytes [10:32 18/01/2013] [15:51 06/04/2007] EA0C0CCBD532ECBCD4DC2725A778911D C:\Program Files\Java\jre1.6.0_01\lib\security\java.policy --a---- 2221 bytes [10:32 18/01/2013] [10:32 18/01/2013] 28A85BEFF3EF87D4F0C643C52F183A3D C:\Program Files\Java\jre1.6.0_01\lib\security\java.security --a---- 9910 bytes [10:32 18/01/2013] [10:32 18/01/2013] 68C4C73CE7649675A62704F7D5D54AD6 C:\Program Files\Java\jre1.6.0_01\lib\security\javaws.policy --a---- 132 bytes [10:32 18/01/2013] [10:32 18/01/2013] 921F971B69450756EFDD5E14322E1037 C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt --a---- 125105 bytes [09:40 19/02/2013] [09:40 19/02/2013] 6244D967C77B9A009E1DB06F160F96AB C:\Program Files\Java\jre7\bin\java-rmi.exe --a---- 15264 bytes [09:05 19/01/2013] [09:40 19/02/2013] 8AF062A4564F2528555C483D5CDD5D0E C:\Program Files\Java\jre7\bin\java.dll --a---- 119712 bytes [09:05 19/01/2013] [09:40 19/02/2013] 83C2FB83FB69C91A495EB867E5C06A06 C:\Program Files\Java\jre7\bin\java.exe --a---- 174496 bytes [09:40 19/02/2013] [09:40 19/02/2013] 4951D2D49B400A1A722BC48FADEBD6F4 C:\Program Files\Java\jre7\bin\JavaAccessBridge.dll --a---- 123808 bytes [09:40 19/02/2013] [09:40 19/02/2013] 70B5F4D1E4C05A038D22C53A54E3E8DC C:\Program Files\Java\jre7\bin\javacpl.exe --a---- 65440 bytes [09:05 19/01/2013] [09:40 19/02/2013] FA2382A926D5F94CD4EE3512595A45C4 C:\Program Files\Java\jre7\bin\javafx-font.dll --a---- 241568 bytes [09:05 19/01/2013] [09:40 19/02/2013] 576326DD323097FED9A489EBEF1CB745 C:\Program Files\Java\jre7\bin\javafx-iio.dll --a---- 187808 bytes [09:05 19/01/2013] [09:40 19/02/2013] 4AB7DE219B477FF0D2D0E20580424E7B C:\Program Files\Java\jre7\bin\javaw.exe --a---- 174496 bytes [09:40 19/02/2013] [09:40 19/02/2013] ABC4230E67C8E68E070A22C1E4A8F673 C:\Program Files\Java\jre7\bin\javaws.exe --a---- 262560 bytes [09:40 19/02/2013] [09:40 19/02/2013] FBE59F564DFEEBBFCDBBDFAB54C64501 C:\Program Files\Java\jre7\bin\java_crw_demo.dll --a---- 23456 bytes [09:05 19/01/2013] [09:40 19/02/2013] F51850C0CB0E1F5F49DF1161D46DDF1B C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll --a---- 782240 bytes [09:40 19/02/2013] [09:40 19/02/2013] BB8996FE972847B5879FDE24F24F034E C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll --a---- 861088 bytes [09:40 19/02/2013] [09:40 19/02/2013] 2616B4D6D04F18C579B7861F02B0B592 C:\Program Files\Java\jre7\lib\javafx.properties --a---- 28 bytes [09:40 19/02/2013] [09:40 19/02/2013] 8AB3EC31E7FD27A846D5520E03C92794 C:\Program Files\Java\jre7\lib\javaws.jar --a---- 897652 bytes [09:40 19/02/2013] [09:40 19/02/2013] 5A6E268984597E297F9CAFA76630B939 C:\Program Files\Java\jre7\lib\security\java.policy --a---- 2254 bytes [09:40 19/02/2013] [09:40 19/02/2013] B883BBFB01434A8B5421124F7C58A026 C:\Program Files\Java\jre7\lib\security\java.security --a---- 15894 bytes [09:40 19/02/2013] [09:40 19/02/2013] 20B39EE1B0533086993B444C7F78DF1A C:\Program Files\Java\jre7\lib\security\javafx.policy --a---- 158 bytes [09:40 19/02/2013] [09:40 19/02/2013] 410E12D6DB06500FDEA4B60D814CD98C C:\Program Files\Java\jre7\lib\security\javaws.policy --a---- 98 bytes [09:40 19/02/2013] [09:40 19/02/2013] 9107D028BD329DBFE4C1F19015ED6D80 C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID --a---- 9797 bytes [14:00 07/12/1997] [14:00 07/12/1997] 1972574D57B331DF75E3039F22754284 C:\Program Files\PC-Doctor 5 for Windows\AsapiJava.dll --a---- 1219584 bytes [18:02 26/03/2008] [18:02 26/03/2008] DEC14BFA99E8122C9AA83724FB133210 C:\Program Files\PC-Doctor 5 for Windows\SisapiJava.dll --a---- 256000 bytes [18:02 26/03/2008] [18:02 26/03/2008] 603DF525E59EBBF257C88BC7EA44942B C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L49Q2H9P\lang_javascript[1].js --a---- 1854 bytes [07:37 24/02/2013] [07:37 24/02/2013] D0DE3EB7A4FB09929D6D1D9024F775CB C:\Windows\Prefetch\JAVA.EXE-872FBD82.pf --a---- 17522 bytes [08:09 21/02/2013] [08:09 21/02/2013] 23F25E5E2AA0043C9C733830488B8528 C:\Windows\Prefetch\JAVAW.EXE-59CBCAE5.pf --a---- 131906 bytes [08:09 21/02/2013] [08:09 21/02/2013] C247C3E9D6D38BF7A127573BB2A731D3 C:\Windows\Prefetch\JAVAWS.EXE-50F8773C.pf --a---- 22024 bytes [08:09 21/02/2013] [08:09 21/02/2013] 4262E95356C396803C3111DAEE174DAC C:\Windows\System32\deployJava1.dll --a---- 782240 bytes [09:06 19/01/2013] [09:40 19/02/2013] BB8996FE972847B5879FDE24F24F034E C:\Windows\System32\java.exe --a---- 174496 bytes [09:40 19/02/2013] [09:40 19/02/2013] 4951D2D49B400A1A722BC48FADEBD6F4 C:\Windows\System32\javaw.exe --a---- 174496 bytes [09:40 19/02/2013] [09:40 19/02/2013] ABC4230E67C8E68E070A22C1E4A8F673 C:\Windows\System32\javaws.exe --a---- 262560 bytes [09:40 19/02/2013] [09:40 19/02/2013] FBE59F564DFEEBBFCDBBDFAB54C64501 C:\Windows\System32\npDeployJava1.dll --a---- 861088 bytes [09:06 19/01/2013] [09:40 19/02/2013] 2616B4D6D04F18C579B7861F02B0B592 C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-ado15-jvs_31bf3856ad364e35_6.0.6000.16386_none_0c3e2e6c725083f7\adojavas.inc --a---- 14610 bytes [08:11 02/11/2006] [06:47 02/11/2006] 398FD657D8EA0BD77325E6BAEEA25090 C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-jvs_31bf3856ad364e35_6.0.6000.16386_none_5f82b67b44fc7755\adcjavas.inc --a---- 630 bytes [08:11 02/11/2006] [06:47 02/11/2006] 8B9319B9C5043CF0EFE0AF3483DC069B -= EOF =-

#15 Tomk

Tomk

    White Board Moderator

  • Classroom Teacher
  • 18,362 posts
  • MVP

Posted 24 February 2013 - 10:09 AM

I apologize. That was a complete waste of time as I gave you the wrong information to put in the program. I wanted to look at .tmp files. :blush:

Would you please try it again but this time we'll use the correct script.

:filefind
*.tmp




Similar Topics: ~DF929C.TMP continued [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users