Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Received call offering help re virus...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Received call offering help re virus...

Unread postby johnnybgoode » January 31st, 2012, 5:18 pm

My wife received a call today from someone offering to fix a virus on our computer (wisely she refused to give him any information); I received a dodgy email last week and clicked on the link whilst distracted. I immediately deleted the email once I realised. Today our internet connection is constantly going up and down. I have downloaded TrendMicro tools and removed a file using HijackThis (O1 - Hosts: ::1 localhost), but I'm still experiencing problems. Any help would be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jonathan Hinsull at 20:59:21 on 2012-01-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.916 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\i-sure business\i-surestat.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\i-sure business\i-surebackup.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\i-sure business\i-surebackup.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\INTEL\INTEL MATRIX STORAGE MANAGER\IAANOTIF.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\HP\QUICKPLAY\QPSERVICE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE
C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.watchtower.org/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\jonathan hinsull\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0gtNElKTUg"&"inst=NzctNjg5NzU2NzgzLVU4NSsxLUtWMys3LUJBKzEtWEwrMS1RSVgxKzQtWDIwMTArMi1GMTBNMTBDKzItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCswLUZPSSsxMQ"&"prod=90"&"ver=10.0.1391
StartupFolder: c:\users\jonath~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher\MailWasherPro.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\i-sure~1.lnk - c:\program files\i-sure business\i-surestat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software ... oader4.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9CFF570F-9BA6-4E2D-B262-7FB6DE0994AA} : NameServer = 212.139.132.44,212.139.132.43
TCP: Interfaces\{F3B589C0-6988-4DAD-A386-F92FABE2B3D8} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
IFEO: googleupdater.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: khost.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: onplay.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: pdr.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: presentationhost.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 i-sureFilter;i-sureFilter;c:\windows\system32\drivers\i-sure.sys [2011-10-12 54776]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-14 21504]
R2 i-surebackup;i-sure business Backup Service;c:\program files\i-sure business\i-surebackup.exe [2010-11-22 78160]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2008-7-27 34712]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-1-31 439632]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-12 29472]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-25 6628352]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-31 10064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-30 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-30 135664]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-26 2253120]
.
=============== Created Last 30 ================
.
2012-01-31 18:35:08 -------- d-----w- c:\programdata\Trend Micro
2012-01-31 17:42:54 -------- d-----w- c:\program files\WinPcap
2012-01-31 17:38:48 -------- d-----w- c:\program files\Trend Micro
2012-01-23 17:55:45 -------- d-----r- c:\program files\Skype
2012-01-13 19:03:41 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 19:03:41 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 19:03:40 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 19:03:40 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 19:03:40 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-13 19:03:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 21:25:39 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 21:25:38 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 21:25:38 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 21:25:37 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 21:25:35 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 21:25:18 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 21:25:18 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 21:25:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-04 21:56:21 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-04 18:00:05 -------- d-----w- c:\users\jonathan hinsull\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-01-02 21:19:35 -------- d-----w- c:\program files\Adobe Download Assistant
2012-01-02 00:37:53 -------- d-----w- c:\program files\Canon
2012-01-02 00:37:09 -------- d-----w- c:\program files\common files\Canon
2012-01-02 00:06:06 -------- d-----w- c:\windows\en
2012-01-02 00:00:36 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-01-01 23:59:41 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-01 23:59:41 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-01 23:59:40 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-01 23:57:19 -------- d-----w- c:\users\jonathan hinsull\appdata\local\{692A6241-5893-499F-B94F-E12370CC3CB9}
2012-01-01 23:55:29 -------- d-----w- c:\users\jonathan hinsull\appdata\local\{B7411ECA-6987-49FB-B524-10D42E769AB2}
2012-01-01 23:55:16 -------- d-----w- c:\users\jonathan hinsull\appdata\local\{A95CEB66-BFA4-41E4-AEA7-CB3571A00A80}
2012-01-01 23:46:12 -------- d-----w- c:\users\jonathan hinsull\appdata\local\{5F2F4531-445A-40B9-966D-C858489682CF}
2012-01-01 23:42:54 -------- d-----w- c:\users\jonathan hinsull\appdata\local\Windows Live
2012-01-01 23:42:35 -------- d-----w- c:\users\jonathan hinsull\appdata\local\{C173FE0B-EE19-4C8F-8EEB-E291DD3C9194}
2012-01-01 23:42:35 -------- d-----w- c:\users\jonathan hinsull\appdata\local\{90C86E3A-1D05-4208-9282-F9BBA89ABD43}
.
==================== Find3M ====================
.
2012-01-30 20:36:14 0 ----a-w- c:\programdata\Tempi-sure-autoupdate-8fe359c2c544a6786918631b4898e19c.exe
2011-12-19 22:06:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-08 16:38:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-12-08 16:31:42 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-12-08 16:31:34 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:00:45.20 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/03/2008 15:58:24
System Uptime: 31/01/2012 18:20:34 (3 hours ago)
.
Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 800/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 82.463 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.093 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP997: 23/01/2012 22:04:34 - Scheduled Checkpoint
RP998: 25/01/2012 15:01:08 - Scheduled Checkpoint
RP999: 25/01/2012 19:49:28 - Installed MailWasherPro
RP1000: 26/01/2012 14:25:02 - Scheduled Checkpoint
RP1001: 27/01/2012 10:45:54 - Scheduled Checkpoint
RP1002: 29/01/2012 00:00:06 - Scheduled Checkpoint
RP1003: 31/01/2012 16:19:32 - Scheduled Checkpoint
RP1004: 31/01/2012 17:32:43 - Installed HiJackThis
RP1005: 31/01/2012 17:37:11 - Installed HiJackThis
RP1006: 31/01/2012 20:23:41 - Removed YouTube Downloader Toolbar v4.9.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.57
ABattleMap 0.79f
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 10
Adobe Reader X (10.1.1)
Adobe Shockwave Player
µTorrent
AVG 2012
BBC iPlayer Download Manager
Camera RAW Plug-In for EPSON Creativity Suite
Canon MP495 series MP Drivers
Canon RAW Codec
CDDRV_Installer
Command & Conquer 3
Command & Conquer™ 3: Kane's Wrath
Command & Conquer™ 4 Tiberian Twilight
Compatibility Pack for the 2007 Office system
CX4300_5500_DX4400 manual
CyberLink YouCam
D3DX10
Defraggler
DVD Suite
EA Link
Elements 10 Organizer
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
ESU for Microsoft Vista
FLAC 1.2.1b (remove only)
Football Manager 2010
Football Manager 2011 Demo
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hornby Virtual Railway
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
i-sure business
ImagXpress
Info Center 1.0.0.5
inSSIDer
Instant
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 29
Karaoke Builder CD+G Player
KhalInstallWrapper
KODAK Gallery Upload Software
LEGO Universe
LightScribe System Software 1.14.17.1
Logitech SetPoint
MailWasherPro
MediaBar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Motorola SM56 Speakerphone Modem
MP3+G Toolz
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
neroxml
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Origin
Paint.NET v3.5.10
PENTAX Digital Camera Utility
Power2Go
PowerDirector
Prism Video Converter
PSE10 STI Installer
Quicken 2002
QuickPlay SlingPlayer 0.4.4
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RuneScape Launcher 1.0.2
Sage Instant Accounts V11.01
Sage Instant Accounts v15
Sage MIS 3.01
SageInst
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Segoe UI
Skype Click to Call
Skype™ 5.5
SmartSound Quicktracks for Premiere Elements
Steam
Superscape 3D Control
swMSM
Synaptics Pointing Device Driver
System Requirements Lab
Trend Micro RUBotted 2.0 Beta
TripleA Version 1_0_0_3
TripleA Version 1_2_5_4
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
VLC media player 1.1.11
Watchtower Library 2010 - English
Wave MP3 Editor v15.2 - Fully Functional Evaluation Version
WIDCOMM Bluetooth Software
Winamp
Winamp Application Detect
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPatrol
WinPatrol 2008
WinPcap 4.1.1
WinRAR 4.01 (32-bit)
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
31/01/2012 18:24:22, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
31/01/2012 18:22:35, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
31/01/2012 17:53:19, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Alison Hinsull\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
31/01/2012 14:24:45, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001F3B348BE3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
27/01/2012 09:27:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
27/01/2012 09:27:25, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/01/2012 09:27:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
25/01/2012 19:43:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxTuneUp service.
24/01/2012 20:38:45, Error: Microsoft-Windows-PrintSpooler [6161] - The document Flash, owned by Alison Hinsull, failed to print on printer EPSON Stylus DX4400 Series. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client computer: \\HOMELAPTOP. Win32 error code returned by the print processor: 259. No more data is available.
24/01/2012 20:35:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:01, on 31/01/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\i-sure business\i-surestat.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watchtower.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0gtNElKTUg"&"inst=NzctNjg5NzU2NzgzLVU4NSsxLUtWMys3LUJBKzEtWEwrMS1RSVgxKzQtWDIwMTArMi1GMTBNMTBDKzItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCswLUZPSSsxMQ"&"prod=90"&"ver=10.0.1391
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Alison Hinsull')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: i-sure business Status.lnk = C:\Program Files\i-sure business\i-surestat.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} (Bonusprint Image Uploader Version 6.x Control) - http://webalbum.bonusprint.com/ukipc01/ ... oader6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://www.disneyphotopass.com/software ... oader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CFF570F-9BA6-4E2D-B262-7FB6DE0994AA}: NameServer = 212.139.132.44,212.139.132.43
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: i-sure business Backup Service (i-surebackup) - Clearlybusiness.com Ltd. - C:\Program Files\i-sure business\i-surebackup.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 13193 bytes
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm
Advertisement
Register to Remove

Re: Received call offering help re virus...

Unread postby maxi » January 31st, 2012, 5:23 pm

Hello johnnybgoode,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » January 31st, 2012, 6:01 pm

OK, thank you.
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 4th, 2012, 5:45 am

Hi johnnybgoode,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the program listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Step 1
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

By the way is this Computer used for Business of any kind ?

In your next reply please include:
The log from CKScanner.exe.
The log from MGADiag.exe.
The Answer to my question.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 4th, 2012, 1:37 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\programdata\adobe\photoshop elements\10.0\photo creations\backgrounds\bg_creamcrackled.metadata.xml
c:\programdata\adobe\photoshop elements\10.0\photo creations\backgrounds\cracked paint.metadata.xml
c:\realm2007\download\mirc_keygen.zip
scanner sequence 3.CP.11.XCAPND
----- EOF -----


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {2B080AE6-7F73-408D-8706-45B789DEC303}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.111025-0338
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Plus 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_672A8F41-307-80004005_672A8F41-349-80004005_672A8F41-244-80004005_672A8F41-307-80004005_672A8F41-349-80004005_672A8F41-244-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2B080AE6-7F73-408D-8706-45B789DEC303}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-1390974874-3619135010-1431660144</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv6700 Notebook PC </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.50 </Version><SMBIOSVersion major="2" minor="4"/><Date>20080215000000.000000+000</Date></BIOS><HWID>90333507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>B6B97E1E4D2F773</Val><Hash>Vgskl5zWwziq5dOcaaxjZz1tpTA=</Hash><Pid>89446-953-4992972-65946</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-2057-6000.0000-0912008
Installation ID: 015296534034993655251021149694027715919043774796704832
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAEABgABAAEAAQABAAAABAABAAEAJJRoNmDuPF7WdXB6kiQso0aDLHKo+/L0VCY7Qxj0Jq6sVkbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HP 30D2
FACP HP 30CC
HPET HP 30D2
BOOT HP 30D2
MCFG HP 30D2
TMOR HP 30CC
SLIC HPQOEM SLIC-MPC
SSDT HP 30D2
SSDT HP 30D2
SSDT HP 30D2
SSDT HP 30D2

My wife very occasionally brings back some book-keeping (using a memory stick) from work to do at home if she runs out of time (Sage Accounting, I think). I don't use it for any business activity.

Thank you. My ISP asked me to move channels and that seems to have settled the connection issues. However, I would still be grateful to know if I have any Malware.
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 6th, 2012, 12:11 pm

Hi johnnybgoode,

I have detected the presence illegal of software on your computer. I will continue to help you only if you remove this program. Please also read the forum rules regarding cracked software. viewtopic.php?p=491395#p491395

c:\realm2007\download\mirc_keygen.zip


After you have removed the offending program please continue with the next step.


Step ?
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


In your next reply please include:
Both logs produced by OTL.
How your computer is behaving.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 6th, 2012, 5:21 pm

Here is the output. Computer seems to be behaving itself, though a little slow at times.


OTL logfile created on: 06/02/2012 21:11:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jonathan Hinsull\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.72% Memory free
4.41 Gb Paging File | 1.02 Gb Available in Paging File | 23.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 92.59 Gb Free Space | 41.87% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 2.09 Gb Free Space | 17.79% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP | User Name: Jonathan Hinsull | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 21:09:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan Hinsull\Desktop\OTL.exe
PRC - [2012/02/01 21:42:58 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/30 16:40:22 | 005,492,048 | ---- | M] (Firetrust) -- C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/11 23:18:28 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/12/19 22:06:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/12/08 16:37:18 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/12/08 16:34:58 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/15 08:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 08:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/05 17:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/09/01 06:00:42 | 003,600,208 | ---- | M] (Clearlybusiness.com Ltd.) -- C:\Program Files\i-sure business\i-surestat.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/03 18:27:27 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/16 17:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 19:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/12/09 10:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/11/22 02:16:00 | 000,078,160 | ---- | M] (Clearlybusiness.com Ltd.) -- C:\Program Files\i-sure business\i-surebackup.exe
PRC - [2009/04/13 11:21:26 | 002,344,224 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/04/13 11:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/30 16:32:18 | 000,061,952 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\MWPBridgeDLL.dll
MOD - [2012/01/30 16:23:02 | 004,637,184 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\MWPappDLL.dll
MOD - [2012/01/20 05:35:35 | 000,411,120 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
MOD - [2012/01/20 05:35:34 | 003,767,792 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012/01/20 05:34:10 | 000,122,880 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012/01/20 05:34:09 | 000,222,208 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012/01/20 05:34:07 | 001,746,432 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2012/01/13 19:40:17 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll
MOD - [2012/01/11 23:18:27 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/01/11 23:18:14 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2012/01/11 23:18:14 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/01/11 23:18:14 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2012/01/11 23:18:14 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/10/14 08:22:11 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\37a9cd4be75b59f223ff62390f8d0af7\WindowsFormsIntegration.ni.dll
MOD - [2011/10/14 08:21:03 | 013,346,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\2d3fcafa410c4686ae8da0b94f590614\System.Data.Entity.ni.dll
MOD - [2011/10/14 08:13:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 17:55:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 17:53:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 17:53:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/13 17:42:18 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\9da63f07cfdb7e0b32c97fc693b3cb8d\System.Data.DataSetExtensions.ni.dll
MOD - [2011/10/13 17:41:53 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\64161828978f14db1287cbc6081a2ecf\UIAutomationTypes.ni.dll
MOD - [2011/10/13 17:41:52 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\2e89272b2cb6dd125021ca33a7141a8d\UIAutomationProvider.ni.dll
MOD - [2011/10/13 17:41:40 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\bf5ca252df4083e6c48dc3e9f3273cf5\System.Xaml.ni.dll
MOD - [2011/10/13 17:41:10 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\413ee4eb3373e8e7e72537a4b92f9a4b\Accessibility.ni.dll
MOD - [2011/10/13 17:36:17 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9565982f271da74fd952906f9b6a88c9\PresentationFramework.ni.dll
MOD - [2011/10/13 17:35:59 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d08e6e917f08ef674373576016969a20\System.Windows.Forms.ni.dll
MOD - [2011/10/13 17:35:57 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d5d26ed41c8fa0c7feb00ef5343299a\PresentationCore.ni.dll
MOD - [2011/10/13 17:35:48 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2807b771372137d41fb8d392a878d0c7\System.Drawing.ni.dll
MOD - [2011/10/13 17:35:45 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a4a330e92cbd3457b3f00ae367a4bc5f\WindowsBase.ni.dll
MOD - [2011/10/13 17:35:44 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\05db47b74c512b4929a136101629d042\System.Data.ni.dll
MOD - [2011/10/13 17:35:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b680bfc9e268e756f86980bb47b7d330\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 17:35:34 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll
MOD - [2011/10/13 17:35:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll
MOD - [2011/10/13 17:35:26 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\096f1b3839e7d6dfe2598941329c08dc\System.Configuration.ni.dll
MOD - [2011/10/13 17:35:25 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll
MOD - [2011/10/13 17:35:19 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c77671382130b2c8876ceb758f41bee2\System.Numerics.ni.dll
MOD - [2011/10/13 17:35:18 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/04/26 16:37:40 | 000,061,952 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\FTBridge.dll
MOD - [2011/04/26 16:37:32 | 000,272,384 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\FTClientNode.dll
MOD - [2011/04/15 01:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/10/01 03:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/10/01 03:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/10/01 03:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/10/01 03:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/11 23:18:28 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/08 16:34:58 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 16:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/11/22 02:16:00 | 000,078,160 | ---- | M] (Clearlybusiness.com Ltd.) [Auto | Running] -- C:\Program Files\i-sure business\i-surebackup.exe -- (i-surebackup)
SRV - [2009/10/20 18:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 18:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 08:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/01 06:00:32 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\i-sure.sys -- (i-sureFilter)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/31 13:03:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/03/11 23:08:04 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/01/13 16:29:54 | 006,628,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009/10/26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/10/20 18:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008/07/21 16:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/11 18:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2001/02/28 09:42:44 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.watchtower.org/
IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Jonathan Hinsull\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jonathan Hinsull\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jonathan Hinsull\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:09:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Jonathan Hinsull\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Jonathan Hinsull\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/31 18:14:59 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jonathan Hinsull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1390974874-3619135010-1431660144-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} http://webalbum.bonusprint.com/ukipc01/ ... oader6.cab (Bonusprint Image Uploader Version 6.x Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.disneyphotopass.com/software ... oader4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CFF570F-9BA6-4E2D-B262-7FB6DE0994AA}: NameServer = 212.139.132.44,212.139.132.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3B589C0-6988-4DAD-A386-F92FABE2B3D8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\khost.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onplay.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdr.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/26 15:50:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 15:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 21:09:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathan Hinsull\Desktop\OTL.exe
[2012/02/04 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Hinsull\AppData\Local\{5357C666-1CE9-4D39-A4F4-AFD02224B418}
[2012/02/04 20:59:54 | 000,000,000 | ---D | C] -- C:\Users\Jonathan Hinsull\AppData\Local\{31D7F1A8-4262-410B-9C42-013B49FDAC5D}
[2012/02/04 17:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2011
[2012/02/04 17:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Watchtower
[2012/02/04 17:35:24 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/02/04 17:32:04 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Jonathan Hinsull\Desktop\MGADiag.exe
[2012/02/02 14:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Plusnet Assist
[2012/02/01 21:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/02/01 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/01/31 22:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firetrust
[2012/01/31 18:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/01/31 17:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/01/31 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/01/31 17:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2012/01/31 17:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/23 17:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/23 17:55:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/11 21:25:39 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 21:25:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 21:25:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 21:25:18 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 21:25:18 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/10/12 12:22:24 | 009,032,464 | ---- | C] (Clearlybusiness.com Ltd.) -- C:\ProgramData\Tempi-sure-update-835b5c0e31e247e3a703790b5b53c6df.exe
[2008/12/23 08:32:46 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jonathan Hinsull\Documents\*.tmp files -> C:\Users\Jonathan Hinsull\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 21:09:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan Hinsull\Desktop\OTL.exe
[2012/02/06 20:49:01 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1390974874-3619135010-1431660144-1000UA.job
[2012/02/06 20:45:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 20:42:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 20:42:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 17:09:35 | 088,314,941 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/06 17:08:51 | 000,497,916 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/06 14:45:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/06 10:07:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/05 21:40:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\Tempi-sure-autoupdate-8fe359c2c544a6786918631b4898e19c.exe
[2012/02/05 21:38:28 | 000,004,398 | ---- | M] () -- C:\Windows\i-sure.blk
[2012/02/05 21:38:28 | 000,001,396 | ---- | M] () -- C:\Windows\i-sure.flt
[2012/02/05 12:33:44 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/05 12:29:12 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1390974874-3619135010-1431660144-1000Core.job
[2012/02/04 21:00:30 | 000,011,776 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/04 20:28:40 | 000,620,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 20:28:40 | 000,113,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 19:24:12 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 19:22:40 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/04 17:55:31 | 000,001,085 | ---- | M] () -- C:\Users\Jonathan Hinsull\Desktop\Watchtower Library 2011 - English.lnk
[2012/02/04 17:32:09 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Jonathan Hinsull\Desktop\MGADiag.exe
[2012/02/04 17:22:03 | 000,458,240 | ---- | M] () -- C:\Users\Jonathan Hinsull\Desktop\CKScanner.exe
[2012/02/02 14:50:17 | 000,002,575 | ---- | M] () -- C:\Users\Jonathan Hinsull\Desktop\inSSIDer.lnk
[2012/02/01 21:53:15 | 000,347,439 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\census.cache
[2012/02/01 21:52:49 | 000,253,881 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\ars.cache
[2012/02/01 21:02:24 | 000,001,594 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/02/01 10:09:54 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 22:04:21 | 000,000,977 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
[2012/01/31 22:04:21 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\MailWasherPro.lnk
[2012/01/31 18:14:59 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/26 12:32:55 | 000,002,097 | ---- | M] () -- C:\Users\Jonathan Hinsull\Desktop\Google Chrome.lnk
[2012/01/26 12:32:55 | 000,002,059 | ---- | M] () -- C:\Users\Jonathan Hinsull\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/23 21:14:23 | 000,000,036 | ---- | M] () -- C:\Users\Jonathan Hinsull\AppData\Local\housecall.guid.cache
[2012/01/23 17:55:47 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/11 23:12:41 | 000,402,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jonathan Hinsull\Documents\*.tmp files -> C:\Users\Jonathan Hinsull\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 17:55:31 | 000,001,085 | ---- | C] () -- C:\Users\Jonathan Hinsull\Desktop\Watchtower Library 2011 - English.lnk
[2012/02/04 17:22:01 | 000,458,240 | ---- | C] () -- C:\Users\Jonathan Hinsull\Desktop\CKScanner.exe
[2012/02/01 21:02:24 | 000,001,594 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/01/23 21:32:18 | 000,347,439 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Local\census.cache
[2012/01/23 21:31:31 | 000,253,881 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Local\ars.cache
[2012/01/23 21:14:23 | 000,000,036 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Local\housecall.guid.cache
[2012/01/23 17:55:47 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/29 13:20:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\Tempi-sure-autoupdate-8fe359c2c544a6786918631b4898e19c.exe
[2011/03/11 23:08:43 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/22 15:07:30 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/11/22 17:34:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010/08/13 17:33:04 | 000,000,090 | ---- | C] () -- C:\Windows\System32\ftm31.dat
[2009/11/29 00:09:26 | 000,001,322 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Roaming\wklnhst.dat
[2009/11/18 21:00:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 21:19:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/29 21:19:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/04 09:40:02 | 000,001,204 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2009/02/12 23:07:05 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/12/27 17:32:07 | 000,231,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/27 17:32:07 | 000,231,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/23 08:33:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SgELauncher.dll
[2008/12/23 08:33:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SgEData.dll
[2008/12/22 09:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2008/12/22 09:27:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2008/12/22 09:27:42 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2008/12/22 09:27:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2008/12/22 09:27:36 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2008/12/22 09:27:36 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2008/12/22 09:27:30 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2008/12/22 09:27:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2008/12/22 09:27:20 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2008/12/22 09:27:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2008/12/22 09:27:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2008/12/22 09:26:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2008/12/22 09:26:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2008/12/22 09:26:26 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2008/12/01 13:37:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2008/12/01 13:36:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2008/12/01 13:36:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SGTBAR32.DLL
[2008/12/01 13:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2008/12/01 13:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2008/12/01 13:36:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2008/12/01 13:35:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2008/12/01 13:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2008/12/01 13:35:34 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2008/10/13 20:36:41 | 000,098,816 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/27 19:34:48 | 000,000,652 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/07/27 19:34:48 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
[2008/07/27 19:34:47 | 000,007,406 | ---- | C] () -- C:\Windows\ICOADB32.DAT
[2008/07/23 20:40:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/21 16:06:39 | 000,000,335 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/21 16:06:39 | 000,000,230 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/13 22:06:10 | 000,000,680 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Local\d3d9caps.dat
[2008/04/11 20:28:03 | 000,011,776 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/02 23:21:37 | 000,028,380 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Roaming\nvModes.001
[2008/04/02 23:20:24 | 000,028,380 | ---- | C] () -- C:\Users\Jonathan Hinsull\AppData\Roaming\nvModes.dat
[2008/04/02 21:42:12 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/04/02 21:42:12 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/04/02 21:42:12 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/04/02 21:42:12 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/04/02 21:42:12 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/04/02 21:42:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/04/02 21:42:11 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/04/02 21:42:11 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/04/02 21:42:11 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/04/02 21:42:11 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/04/02 21:42:11 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/04/02 21:42:11 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/04/02 21:42:11 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/04/02 21:42:11 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/04/02 21:42:11 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/04/02 21:42:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/04/02 21:42:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/04/02 21:42:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/04/02 21:42:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/04/02 21:37:52 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2008/03/07 16:06:07 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/03/07 16:06:07 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/03/07 16:05:38 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/07 15:57:47 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/05 20:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,402,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,620,428 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,113,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 14:50:40 | 000,126,976 | R--- | C] () -- C:\Windows\System32\PDFInstall.exe
[2006/11/01 14:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2006/11/01 14:41:16 | 001,712,128 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2006/03/09 22:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/02/01 14:10:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\REPDES32.EXE
[2004/11/01 13:06:10 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SDOApp.dll
[2004/09/10 17:34:26 | 000,220,160 | ---- | C] () -- C:\Windows\System32\WnASPI32.dll
[2004/07/29 01:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2004/06/09 08:57:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\Install.exe
[2002/07/19 11:48:22 | 000,157,696 | ---- | C] () -- C:\Windows\System32\OggEnc.exe
[2002/04/16 09:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[1999/10/25 08:53:58 | 000,000,136 | ---- | C] () -- C:\Windows\Sage.ini
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0813959E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


OTL Extras logfile created on: 06/02/2012 21:11:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jonathan Hinsull\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.72% Memory free
4.41 Gb Paging File | 1.02 Gb Available in Paging File | 23.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 92.59 Gb Free Space | 41.87% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 2.09 Gb Free Space | 17.79% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP | User Name: Jonathan Hinsull | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1390974874-3619135010-1431660144-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011CA827-0B96-4C03-8F5D-60953AF111D8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{17945F46-D5DC-4923-990A-0D7DF2AAE7DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2449F09C-E464-4EE6-ABBE-45997B0385BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B41724F-11BA-47DB-8D3C-B252E0AF941C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2BF9A5A1-14EE-4B8C-9F49-F32404D7B5DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F7BCE7A-8787-4F11-B139-AF6F64F61661}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FD4CA38-891F-4C0A-A4D1-1FA34DB3E35E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5D20285F-03B2-41D9-88A9-6489A790DCDF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A68DBA23-AD59-4B5B-808C-4448353457DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7538437-A027-4A18-B7F1-1FF99CD863CA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCEAB201-E8CA-425E-AF4B-6881491B6BF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6F3505F-E7AD-48F5-9B4D-FC3A1E0FAA60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7D0E397-BB66-445B-AD98-13609F80D363}" = lport=3300 | protocol=6 | dir=in | name=triplea |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03321158-F9F5-43FD-B9DE-F1C9FF83533C}" = protocol=6 | dir=out | app=system |
"{0A6A5CA1-E5F5-46ED-853E-5EBEB902EBD9}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{10B961E8-DE67-44D1-A2B2-4A839B92B2A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12F139B7-7220-4FE2-AF41-A2BAAAC0780A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19AF911B-5EDE-4C90-B712-E2EA16C5934D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A3AEF5E-BF78-4E64-90B6-16BD0EE6CF04}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{223784D0-B97A-42C6-8A12-ECED7CAD869F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2FC8CF5F-FBA2-46AD-890F-690E4BD6F9F0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{36145A48-4597-42AF-8A1F-95262BCAB3EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{44CFDE1B-19C2-4213-B2FB-20B3538A645F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{584517C4-882F-4ED6-A9B1-876805743C2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62C9764B-DEFE-4E2B-95CA-32620550B574}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{65577D5D-DA63-4F11-867E-3FAC1628B6C0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{69D59946-D902-44B2-80AC-73781BAE4FEA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6B79DE9A-AD13-4C78-B269-598595867AFA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DEF5498-F415-4419-B235-D534EC788206}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7045C601-7F15-43C8-A522-DDA98A311C24}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{78216E24-AC23-4F0E-A7EE-44C13AAC80C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B78DF40-BF9E-4DE5-87C4-A366C17C4330}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{8BEA1806-85CB-4503-B6B9-BF54505FB9ED}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{96BECFF7-1D1D-4B47-ABD0-F1DF3504DA31}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A6177D7B-A853-4B55-ACD4-0F911865685A}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{B4D43696-BDD2-4AD9-9027-7961AF4F54FF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011 demo\fm.exe |
"{BB95A56F-A270-4071-86A3-1F5FDC18B839}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{BC5CD394-D9D6-4471-BDBE-3A9063C05FEC}" = dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{BF063A4E-9ABD-43C8-B52C-83E2C59A6461}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5C5CCAB-F151-43A2-AE75-CC56DCCD774C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{CB7613C0-38DC-4F5B-9C96-43CECD6008CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEF72993-B0BE-44EB-9599-48725A853FB8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CEF79454-A5B5-4956-9F10-783D26C57B1F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{DCDCF55A-4579-461C-8FE7-5352F25E6909}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DCEF94C8-5A12-4427-A74F-D76DF35597E6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011 demo\fm.exe |
"{E19F97E5-34E1-4832-A889-F0A321EA2CEC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E93027A1-5FC0-4689-A2F6-EC0847BF11F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe |
"{EA32576A-5025-4007-921B-357EB0FFA17E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe |
"{F608C674-F179-4DB0-B85E-C0E84C693C93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9E14DE3-E62E-41AF-A9F1-46EDA5DCD3E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2B26EE97-E50F-414A-928B-2AB0F46C3644}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{46828B1B-3FF7-43F1-9F48-2ED1A744E85F}C:\realm2007\mirc.exe" = protocol=6 | dir=in | app=c:\realm2007\mirc.exe |
"TCP Query User{4D980601-4B5D-4488-971A-8072C3C65DEB}C:\excursion9.5\mirc.excursion.exe" = protocol=6 | dir=in | app=c:\excursion9.5\mirc.excursion.exe |
"TCP Query User{5D3D1BF5-E379-4B8D-8228-FA077E47795C}C:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{6CDD7DC8-A98A-4D7A-848D-2538AD85A6BC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7164F286-8F63-447C-AC06-EE7841BFB5EC}C:\excursion9.5\mirc.excursion.exe" = protocol=6 | dir=in | app=c:\excursion9.5\mirc.excursion.exe |
"TCP Query User{A0A11BE7-9742-49A1-8BCA-65553F5665B4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A2A11EC6-09E2-4873-BD45-E71531EE4288}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B6F58F28-0E6C-4CCB-BB6F-95BE969B87A8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F75C5890-3E74-4403-9DA4-E11F71C20C22}C:\realm2007\mirc.exe" = protocol=6 | dir=in | app=c:\realm2007\mirc.exe |
"UDP Query User{04BA901B-FC85-4520-826F-30D600212896}C:\excursion9.5\mirc.excursion.exe" = protocol=17 | dir=in | app=c:\excursion9.5\mirc.excursion.exe |
"UDP Query User{0532D1C5-6154-401D-AB32-C1F2201CAC17}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{07E89DCF-8592-4CBB-9829-7146871C23D1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3524DD58-1B07-47C1-BB1D-03AA9FFE482C}C:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{44B11E7C-F21B-4067-B6B2-A913EC93E7E1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{47272572-058E-4362-9569-02FA47869FDB}C:\realm2007\mirc.exe" = protocol=17 | dir=in | app=c:\realm2007\mirc.exe |
"UDP Query User{683C008C-F037-45C9-AC8B-280420EA73D2}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{8F7ED7D5-9B88-4599-9C6A-7CA0A41052CA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A654C1DB-C5AB-46EF-8657-F91D6B3F5D93}C:\excursion9.5\mirc.excursion.exe" = protocol=17 | dir=in | app=c:\excursion9.5\mirc.excursion.exe |
"UDP Query User{ADD349CB-6225-4164-9AEA-C4E1F9CE790A}C:\realm2007\mirc.exe" = protocol=17 | dir=in | app=c:\realm2007\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050DE0DE-DF3A-4C05-8922-8664BD6C617A}" = Wave MP3 Editor v15.2 - Fully Functional Evaluation Version
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0ED61325-8B7A-4816-B5A5-E2FF59C75F4B}" = SageInst
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D2BDC9B-AF42-486F-B049-2B93D883A771}" = MailWasherPro
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{54C90243-F05A-46F8-BCC3-7CD5DC667272}" = Instant
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8EE72D39-DE32-4069-9E72-C1974546EFDD}" = RuneScape Launcher 1.0.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952D9CBE-0ACB-64FF-37DD-A30B89E9790F}" = i-sure business
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C4A9CFAF-8957-489F-898F-DB8647FFDB42}" = Garmin POI Loader
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E394CC6D-9F54-41CC-9415-6FFF07885881}" = Garmin WebUpdater
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}" = Watchtower Library 2011 - English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F50A4470-7A45-4A5A-97F8-806990B736C2}" = MP3+G Toolz
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.57
"ABattleMap" = ABattleMap 0.79f
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"AVG" = AVG 2012
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"bearsharetb" = MediaBar
"Canon RAW Codec" = Canon RAW Codec
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"Defraggler" = Defraggler
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FLAC" = FLAC 1.2.1b (remove only)
"Google Updater" = Google Updater
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"Hornby Virtual Railway" = Hornby Virtual Railway
"Info Center_is1" = Info Center 1.0.0.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{0ED61325-8B7A-4816-B5A5-E2FF59C75F4B}" = Sage Instant Accounts V11.01
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{54C90243-F05A-46F8-BCC3-7CD5DC667272}" = Sage Instant Accounts v15
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"Karaoke Builder CD+G Player" = Karaoke Builder CD+G Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Origin" = Origin
"PENTAX Digital Camera Utility" = PENTAX Digital Camera Utility
"Prism" = Prism Video Converter
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken 2002" = Quicken 2002
"Recuva" = Recuva
"Sage MIS 3.01" = Sage MIS 3.01
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 34000" = Football Manager 2010
"Steam App 34390" = Football Manager 2011 Demo
"Superscape 3D Control" = Superscape 3D Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TripleAVersion1_0_0_3" = TripleA Version 1_0_0_3
"TripleAVersion1_2_5_4" = TripleA Version 1_2_5_4
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPatrol" = WinPatrol 2008
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390974874-3619135010-1431660144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Application Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390974874-3619135010-1431660144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RadarSync PC Updater 2011 (driver updates & patches)" = RadarSync PC Updater 2011 (driver updates & patches)
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 8th, 2012, 11:30 am

Hi johnnybgoode,

Run CKScanner
Please run Run CKScanner again and post back the resulting logfile.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 8th, 2012, 6:58 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\programdata\adobe\photoshop elements\10.0\photo creations\backgrounds\bg_creamcrackled.metadata.xml
c:\programdata\adobe\photoshop elements\10.0\photo creations\backgrounds\cracked paint.metadata.xml
scanner sequence 3.LB.11.WLAAFO
----- EOF -----
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 9th, 2012, 2:53 pm

Hi johnnybgoode,


Step 1
Please Uninstall the following programs:
TuneUp Utilities 2011 (See note below)
TuneUp Utilities Language Pack (en-US)
Viewpoint Media Player.

Note re TuneUp Utilities:
TuneUp Utilities includes a registry cleaner, Have a look at the information below as to why we don't recommend them.
Registry Cleaners

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum

Step 2
Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste these files and paths into the white box at the top one by one:
C:\Users\Jonathan Hinsull\Desktop\inSSIDer.lnk
C:\Windows\System32\MemWarp.dll
C:\Windows\System32\Install.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image




In your next reply please include:
The results of the 3 files submitted.
Any problems you had with the instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 9th, 2012, 6:00 pm

I've left TuneUp if that's ok? I have noticed the PC working better since I installed it.

Here is the checker link:

https://www.virustotal.com/file/b090c67 ... /analysis/
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 9th, 2012, 6:01 pm

Memwarp came back 1/43; the others were zero.
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm

Re: Received call offering help re virus...

Unread postby maxi » February 10th, 2012, 3:54 pm

Hi johnnybgoode,

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby maxi » February 12th, 2012, 4:42 pm

Hi,

Are you still with us ?
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Received call offering help re virus...

Unread postby johnnybgoode » February 13th, 2012, 10:35 am

Yes, sorry was a bit tied up at the weekend. Took 3 hours to run the scanner, but here goes:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

3 threats were detected:

C:\Users\Jonathan Hinsull\Downloads\SEARCHSETTINGS.EXE a variant of Win32/Adware.Toolbar.Dealio application
C:\Users\Jonathan Hinsull\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Users\Jonathan Hinsull\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application
johnnybgoode
Active Member
 
Posts: 12
Joined: January 31st, 2012, 4:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 351 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware