Thank you askey 127 for the very detailed instructions.
Everything went fine, when I began the installation of Avira the program warned me to close down Windows defender to prevent a conflict, so I did.
The rest of the instructions caused no problems but OTL only created one file ( No Extras.text ) so I ran it again with the same results.
I had a copy of DDS on my computer so I ran that. That too only created one file.
I enclose the three files which I have created
Avira AntiVir Personal
Report file date: 16 May 2011 15:50
Scanning for 2739162 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Eric
Computer name : ERIC-PC
Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 01/04/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 01/04/2011 16:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2011 16:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 01/04/2011 16:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 15:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 15:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 14:39:02
VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 14:39:03
VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 14:39:03
VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 14:39:03
VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 14:39:03
VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 14:39:03
VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 14:39:03
VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 14:39:03
VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 14:39:03
VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 14:39:04
VBASE013.VDF : 7.11.6.28 158208 Bytes 11/04/2011 14:39:12
VBASE014.VDF : 7.11.6.74 116224 Bytes 13/04/2011 14:39:18
VBASE015.VDF : 7.11.6.113 137728 Bytes 14/04/2011 14:39:22
VBASE016.VDF : 7.11.6.150 146944 Bytes 18/04/2011 14:39:28
VBASE017.VDF : 7.11.6.192 138240 Bytes 20/04/2011 14:39:31
VBASE018.VDF : 7.11.6.237 156160 Bytes 22/04/2011 14:39:36
VBASE019.VDF : 7.11.7.45 427520 Bytes 27/04/2011 14:39:53
VBASE020.VDF : 7.11.7.64 192000 Bytes 28/04/2011 14:39:58
VBASE021.VDF : 7.11.7.97 182272 Bytes 02/05/2011 14:40:09
VBASE022.VDF : 7.11.7.127 467968 Bytes 04/05/2011 14:40:23
VBASE023.VDF : 7.11.7.183 185856 Bytes 09/05/2011 14:40:32
VBASE024.VDF : 7.11.7.218 133120 Bytes 11/05/2011 14:40:37
VBASE025.VDF : 7.11.7.234 139776 Bytes 11/05/2011 14:40:41
VBASE026.VDF : 7.11.8.16 147456 Bytes 13/05/2011 14:40:45
VBASE027.VDF : 7.11.8.17 2048 Bytes 13/05/2011 14:40:45
VBASE028.VDF : 7.11.8.18 2048 Bytes 13/05/2011 14:40:45
VBASE029.VDF : 7.11.8.19 2048 Bytes 13/05/2011 14:40:46
VBASE030.VDF : 7.11.8.20 2048 Bytes 13/05/2011 14:40:49
VBASE031.VDF : 7.11.8.31 110592 Bytes 16/05/2011 14:40:52
Engineversion : 8.2.4.236
AEVDF.DLL : 8.1.2.1 106868 Bytes 28/03/2011 15:15:27
AESCRIPT.DLL : 8.1.3.63 1601915 Bytes 16/05/2011 14:42:40
AESCN.DLL : 8.1.7.2 127349 Bytes 28/03/2011 15:15:27
AESBX.DLL : 8.1.3.2 254324 Bytes 28/03/2011 15:15:26
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 11:21:38
AEPACK.DLL : 8.2.6.8 557430 Bytes 16/05/2011 14:42:26
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 16/05/2011 14:42:11
AEHEUR.DLL : 8.1.2.118 3469687 Bytes 16/05/2011 14:42:05
AEHELP.DLL : 8.1.16.1 246134 Bytes 28/03/2011 15:15:20
AEGEN.DLL : 8.1.5.5 401780 Bytes 16/05/2011 14:41:08
AEEMU.DLL : 8.1.3.0 393589 Bytes 28/03/2011 15:15:19
AECORE.DLL : 8.1.20.4 196983 Bytes 16/05/2011 14:41:02
AEBB.DLL : 8.1.1.0 53618 Bytes 28/03/2011 15:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 28/03/2011 15:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 01/04/2011 16:07:42
AVREP.DLL : 10.0.0.9 174120 Bytes 16/05/2011 14:42:42
AVREG.DLL : 10.0.3.2 53096 Bytes 01/04/2011 16:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 01/04/2011 16:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 01/04/2011 16:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 01/04/2011 16:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 28/03/2011 15:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 28/03/2011 15:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 01/04/2011 16:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 28/03/2011 15:15:52
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, G:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 16 May 2011 15:50
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows CE Services\symboliclinkvalue
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '114' Module(s) have been scanned
Scan process 'avgnt.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'datamngrUI.exe' - '47' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'Dropbox.exe' - '68' Module(s) have been scanned
Scan process 'TomTomHOMERunner.exe' - '34' Module(s) have been scanned
Scan process 'PrintScreen.exe' - '34' Module(s) have been scanned
Scan process 'TomTomHOMEService.exe' - '12' Module(s) have been scanned
Scan process 'GFIHSC~1.EXE' - '26' Module(s) have been scanned
Scan process 'GFIHInst.exe' - '21' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '41' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1370' files ).
Starting the file scan:
Begin scan in 'C:\' <Corsair 60G>
Begin scan in 'D:\' <Vertex 30G>
D:\Users\Eric\AppData\Local\Mozilla\SeaMonkey\Profiles\rq987n7b.default\Cache\5138EB05d01
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!
D:\Users\Eric\AppData\Local\Opera\Opera\temporary_downloads\Opera_1101_int_Setup.exe
[WARNING] The file could not be read!
Begin scan in 'G:\' <1 Terabyte>
G:\Backup Of 100 Gig Drive\Earlier Vertex Backup\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26NERKV5\Firefox%20Setup%203.5.7[1].exe
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!
G:\Backup Of 100 Gig Drive\Earlier Vertex Backup\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTC9ZMTY\Firefox%20Setup%203.5.7[2].exe
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!
End of the scan: 16 May 2011 18:21
Used time: 2:30:32 Hour(s)
The scan has been done completely.
59090 Scanned directories
1401310 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1401310 Files not concerned
19793 Archives were scanned
7 Warnings
3 Notes
409196 Objects were scanned with rootkit scan
3 Hidden objects were found
OTL logfile created on: 16/05/2011 19:25:39 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): c:\pagefile.sys 1000 1000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 18.34 Gb Free Space | 32.82% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 4.00 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 518.41 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/05/03 21:22:21 | 012,594,352 | ---- | M] (Mozilla Messaging) -- D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/21 18:13:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011/04/21 18:13:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/24 13:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/12/17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/10/14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
========== Modules (SafeList) ========== MOD - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/11/20 13:18:27 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/10/07 00:36:08 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\msvcp71.dll
MOD - [2010/10/07 00:36:00 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MOD - [2008/03/04 01:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\msvcr71.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/01/17 21:20:04 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:
64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:
64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:
64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:
64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:
64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:
64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2010/01/21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:
64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:
64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:
64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:
64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:
64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:
64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:
64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:
64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:
64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:
64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2006/06/07 17:34:12 | 000,063,744 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://uk.msn.com/?ocid=iehpIE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 9C D1 F9 B8 CB CB 01 [binary data]
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/04/21 18:13:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/03 21:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/27 13:48:59 | 000,000,000 | ---D | M]
[2011/05/11 18:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/01/05 23:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/06 17:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/05/16 15:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions
[2011/01/07 10:03:03 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/03/21 20:06:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/21 20:06:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\engine@conduit.com
[2011/02/24 22:56:15 | 000,002,569 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\askcom.xml
[2011/03/21 16:12:42 | 000,000,863 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\conduit.xml
[2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\iMeshWebSearch.xml
[2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\SearchquWebSearch.xml
[2011/04/05 10:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/07 10:00:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/25 17:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWZTWYKJ.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWZTWYKJ.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O3:
64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:
64bit: - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3:
64bit: - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:
64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:
64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 1
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:
64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:
64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20:
64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:
64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/05/16 15:45:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Avira
[2011/05/16 15:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/16 15:36:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/16 15:36:16 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/14 13:19:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/13 23:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/13 23:07:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2011/05/13 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 23:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 23:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/11 18:22:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Ilivid Player
[2011/05/11 18:22:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
[2011/05/11 18:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2011/05/11 18:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/05/11 17:54:46 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 17:54:43 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 17:54:42 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/11 17:54:36 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/11 17:54:35 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/05/11 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/05/03 18:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/03 18:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/03 16:41:37 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/05/03 16:41:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/05/03 16:41:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/05/03 16:41:36 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/05/03 16:41:36 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/05/03 16:41:35 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/05/03 16:41:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 15:49:07 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 15:49:07 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 15:49:05 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 15:49:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 15:48:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 15:48:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Justin Guitar
[2011/04/23 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/04/23 19:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 3.0
[2011/04/23 19:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILEminimizer Pictures
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/05/16 19:10:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 18:47:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000UA.job
[2011/05/16 15:37:38 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 15:37:38 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 15:36:22 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:34:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/16 15:34:46 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/16 15:34:46 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/16 15:30:27 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 15:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 15:30:14 | 2213,941,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 15:21:34 | 052,676,424 | ---- | M] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/16 13:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000Core.job
[2011/05/15 16:36:35 | 000,002,179 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/05/14 16:48:09 | 000,002,407 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/14 11:31:46 | 000,625,664 | ---- | M] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/13 23:45:47 | 000,002,971 | ---- | M] () -- C:\Users\Eric\Desktop\HiJackThis.lnk
[2011/05/03 18:29:28 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/03 17:03:36 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:23 | 000,000,752 | ---- | M] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | M] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/05/16 15:36:22 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:22:02 | 052,676,424 | ---- | C] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/14 15:31:53 | 000,625,664 | ---- | C] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/13 23:45:47 | 000,002,971 | ---- | C] () -- C:\Users\Eric\Desktop\HiJackThis.lnk
[2011/05/03 18:29:28 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/25 07:59:18 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:37 | 000,000,752 | ---- | C] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | C] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[2011/03/14 18:15:53 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/17 18:23:49 | 000,004,608 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/14 12:59:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/02/14 12:59:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/01/10 15:04:29 | 000,000,017 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/01/06 10:57:14 | 000,000,079 | ---- | C] () -- C:\Users\Eric\AppData\Local\CrystalDiskMark30.ini
[2011/01/05 23:05:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
========== LOP Check ========== [2011/04/26 22:46:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2011/03/02 09:48:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG10
[2011/01/10 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Canon
[2011/01/10 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CheckPoint
[2011/05/16 15:30:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2011/04/23 20:29:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/05/13 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FreeCommander
[2011/02/25 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/02/10 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LibreOffice
[2011/04/12 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MAGIX
[2011/02/14 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ML
[2011/01/06 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org
[2011/01/06 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2011/01/06 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Satmap
[2011/05/13 23:20:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/01/05 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird
[2011/01/06 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TomTom
[2011/05/03 17:03:36 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\My Backup(5) xml.job
[2011/04/20 18:44:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0FD841FF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Eric at 19:32:12.00 on 16/05/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2815.1296 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchProtocolHost.exe
D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eric\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Google Update] "C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAVolume = 1 (0x1)
uPolicies-explorer: HideSCABattery = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send to &Bluetooth Device... - C:\Program Files (x86)\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabAppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage -
hxxp://www.searchqu.com/406FF - prefs.js: keyword.URL -
hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\TalkTalk\DigitalHome r59\npDigitalHome59.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-16 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-16 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-5-16 83120]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe [2011-3-26 858480]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE [2011-3-26 2324848]
R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-1-17 301720]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-6 136176]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-6 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-2 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-6 1255736]
.
=============== Created Last 30 ================
.
2011-05-16 14:45:33 -------- d-----w- C:\Users\Eric\AppData\Roaming\Avira
2011-05-16 14:36:16 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-16 14:36:14 -------- d-----w- C:\Program Files (x86)\Avira
2011-05-16 14:36:14 -------- d-----w- C:\PROGRA~3\Avira
2011-05-13 22:59:34 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-05-13 22:45:47 388096 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-13 22:45:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-13 22:07:38 -------- d-----w- C:\Users\Eric\AppData\Roaming\Malwarebytes
2011-05-13 22:07:30 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-13 22:07:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-11 17:22:59 -------- d-----w- C:\Users\Eric\AppData\Local\Ilivid Player
2011-05-11 17:22:55 -------- d--h--w- C:\PROGRA~3\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
2011-05-11 17:22:42 -------- d-----w- C:\Program Files (x86)\iLivid
2011-05-11 17:22:08 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2011-05-11 16:54:46 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 16:54:43 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:54:42 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 16:54:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 16:54:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 16:54:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 16:54:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 16:54:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 16:54:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 16:29:16 -------- d-----w- C:\Users\Eric\AppData\Roaming\TalkTalk
2011-05-03 17:28:57 -------- d-----w- C:\Program Files\iPod
2011-05-03 17:28:56 -------- d-----w- C:\Program Files\iTunes
2011-05-03 17:28:56 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-03 17:26:00 -------- d-----w- C:\Program Files\Bonjour
2011-05-03 17:26:00 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-03 15:41:37 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-05-03 15:41:37 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-05-03 15:41:37 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-05-03 15:41:36 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-05-03 15:41:36 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-05-03 15:41:36 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-05-03 15:41:36 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-05-03 15:41:36 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-05-03 15:41:35 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-05-03 15:41:35 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-05-03 15:41:35 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-04-27 14:49:07 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 14:49:07 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 14:49:05 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 14:49:05 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 14:48:37 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 14:48:37 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-23 18:11:37 -------- d-----w- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
2011-04-23 18:11:24 -------- d-----w- C:\Program Files (x86)\FILEminimizer Pictures
2011-04-20 12:25:55 159080 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
.
==================== Find3M ====================
.
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-16 20:11:33 351 ----a-w- C:\DelUS.bat
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 10:19:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-02 10:19:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 19:33:05.13 ===============