Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchcore.net problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Searchcore.net problem

Unread postby mrwasp » April 26th, 2013, 5:45 am

I am helping afriend who doesn't know much about computers. In Internet Explorer the Home Page appears as searchcore.net/426 and every attempt to change it doesn't work. I have run Malware bytes which comes up clean. Any help would be appreciated. The DDS log follows:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 17:27:17 on 2013-04-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3325.2817 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SpeedItup Free\speeditupfree.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchcore.net/426
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Wanadoo: {8B68564D-53FD-4293-B80C-993A9F3988EE} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ChromeFrameHelper] "c:\documents and settings\owner\local settings\application data\google\chrome\application\26.0.1410.64\chrome_frame_helper.exe" --startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [DLUPDR] "c:\program files\dell printers\additional color laser software\updater\DLUPDR.EXE"
mRun: [DLQLU] "c:\program files\dell printers\additional color laser software\launcher\DLQLU.EXE" /S
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\_unins~1.lnk - c:\documents and settings\owner\local settings\temp\_uninst_16739237.bat
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} - hxxp://www.samsungdp.com/printerhelp/Ac ... rinter.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 6328740046
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F0CF355D-D720-4A29-8514-BAC1C1B090FC} : DHCPNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\owner\local settings\application data\google\chrome\application\26.0.1410.64\npchrome_frame.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\kmgcjdrh.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.safeappsoftware.com/|http://w ... ar=msnhome
.
============= SERVICES / DRIVERS ===============
.
R0 16739237;16739237;c:\windows\system32\drivers\16739237.sys [2013-4-22 133208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2012-2-15 226696]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-3-19 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-3-28 47640]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2008-4-20 166504]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-6-20 63088]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-6-20 1617408]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys --> c:\windows\system32\drivers\avglogx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-20 1656960]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\drivers\asrcddrv.sys --> c:\windows\system32\drivers\AsrCDDrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1c99c1080286cb4;Google Update Service (gupdate1c99c1080286cb4);c:\program files\google\update\GoogleUpdate.exe [2009-3-3 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-04-25 11:36:05 -------- d-----w- c:\program files\ESET
2013-04-23 12:40:43 -------- d-----w- c:\documents and settings\owner\application data\TuneUp Software
2013-04-22 23:34:49 -------- d-sha-r- C:\cmdcons
2013-04-22 19:35:48 133208 ----a-w- c:\windows\system32\drivers\16739237.sys
2013-04-22 16:48:26 -------- dc-h--w- c:\windows\ie8
2013-04-22 16:42:12 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-04-22 14:15:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-28 12:29:13 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn
2013-03-28 12:21:58 53096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-03-28 12:21:58 31592 ----a-w- c:\windows\system32\LMIport.dll
2013-03-28 12:21:57 84352 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-03-28 12:21:57 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-03-28 12:21:53 92520 ----a-w- c:\windows\system32\LMIinit.dll
2013-03-28 12:21:49 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2013-03-28 12:21:37 -------- d-----w- c:\program files\LogMeIn
.
==================== Find3M ====================
.
2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-25 20:39:46 4546560 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-25 12:17:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-25 12:17:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll
2013-02-05 20:05:47 1212928 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2013-02-05 20:05:47 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2013-02-05 20:05:46 2004992 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2013-02-05 20:05:45 11111424 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 17:27:55.48 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 20/06/2011 12:21:32
System Uptime: 25/04/2013 15:20:56 (0 hours ago)
.
Motherboard: ASRock | | G41M-VS3.
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | CPUSocket | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 189.167 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP493: 25/01/2013 13:33:41 - System Checkpoint
RP494: 26/01/2013 13:56:00 - System Checkpoint
RP495: 27/01/2013 15:23:58 - System Checkpoint
RP496: 28/01/2013 15:45:08 - System Checkpoint
RP497: 29/01/2013 18:33:59 - System Checkpoint
RP498: 01/02/2013 10:25:01 - System Checkpoint
RP499: 01/02/2013 19:54:15 - Restore Operation
RP500: 10/02/2013 18:52:19 - System Checkpoint
RP501: 11/02/2013 08:25:11 - Restore Operation
RP502: 12/02/2013 11:06:26 - System Checkpoint
RP503: 13/02/2013 09:22:44 - Restore Operation
RP504: 13/02/2013 10:45:58 - Restore Operation
RP505: 13/02/2013 11:18:30 - Restore Operation
RP506: 13/02/2013 12:20:42 - wednesday Feb 12/14
RP507: 14/02/2013 10:08:53 - Software Distribution Service 3.0
RP508: 15/02/2013 16:28:18 - System Checkpoint
RP509: 16/02/2013 16:49:07 - System Checkpoint
RP510: 18/02/2013 13:04:33 - System Checkpoint
RP511: 19/02/2013 15:42:57 - System Checkpoint
RP512: 20/02/2013 18:29:45 - Restore Operation
RP513: 21/02/2013 08:47:30 - Software Distribution Service 3.0
RP514: 22/02/2013 08:13:58 - Restore Operation
RP515: 23/02/2013 11:58:54 - System Checkpoint
RP516: 24/02/2013 12:13:34 - System Checkpoint
RP517: 25/02/2013 09:31:54 - 25/2/2013
RP518: 26/02/2013 11:34:15 - System Checkpoint
RP519: 27/02/2013 13:18:46 - System Checkpoint
RP520: 28/02/2013 13:22:43 - System Checkpoint
RP521: 01/03/2013 16:39:26 - System Checkpoint
RP522: 02/03/2013 17:44:55 - System Checkpoint
RP523: 03/03/2013 18:24:47 - System Checkpoint
RP524: 04/03/2013 11:04:16 - 4/3/2013 11-05
RP525: 05/03/2013 11:41:44 - System Checkpoint
RP526: 06/03/2013 13:04:27 - System Checkpoint
RP527: 07/03/2013 13:07:07 - System Checkpoint
RP528: 08/03/2013 15:21:33 - System Checkpoint
RP529: 09/03/2013 15:47:43 - System Checkpoint
RP530: 10/03/2013 16:02:48 - System Checkpoint
RP531: 11/03/2013 18:04:11 - System Checkpoint
RP532: 12/03/2013 18:56:50 - System Checkpoint
RP533: 13/03/2013 11:00:15 - Software Distribution Service 3.0
RP534: 14/03/2013 11:00:15 - Software Distribution Service 3.0
RP535: 15/03/2013 17:57:51 - System Checkpoint
RP536: 16/03/2013 18:48:48 - Restore Operation
RP537: 16/03/2013 19:38:19 - Restore Operation
RP538: 16/03/2013 21:06:38 - Software Distribution Service 3.0
RP539: 17/03/2013 10:43:40 - Software Distribution Service 3.0
RP540: 17/03/2013 10:57:42 - Restore Operation
RP541: 17/03/2013 11:04:30 - Software Distribution Service 3.0
RP542: 17/03/2013 11:16:45 - Restore Operation
RP543: 17/03/2013 11:28:00 - Software Distribution Service 3.0
RP544: 17/03/2013 22:10:17 - Software Distribution Service 3.0
RP545: 19/03/2013 18:20:29 - System Checkpoint
RP546: 21/03/2013 21:43:25 - Software Distribution Service 3.0
RP547: 22/03/2013 16:16:49 - Installed Road Angel UK
RP548: 22/03/2013 16:44:05 - Removed S1000 Syrius
RP549: 22/03/2013 16:46:25 - Installed Syrius AS Updater
RP550: 22/03/2013 17:19:57 - Installed Snooper Map Downloader
RP551: 22/03/2013 17:35:17 - Removed Snooper Map Downloader
RP552: 22/03/2013 17:37:43 - Installed Snooper Map Downloader
RP553: 24/03/2013 12:21:55 - System Checkpoint
RP554: 25/03/2013 11:56:19 - Installed HiJackThis
RP555: 25/03/2013 13:21:55 - Removed Snooper Map Downloader
RP556: 25/03/2013 13:22:21 - Installed Snooper Map Downloader
RP557: 25/03/2013 13:37:34 - Removed eBay Toolbar
RP558: 25/03/2013 14:55:09 - Removed Snooper Map Downloader
RP559: 25/03/2013 14:56:57 - Installed Snooper Map Downloader
RP560: 26/03/2013 09:57:35 - Restore Operation
RP561: 27/03/2013 12:48:58 - System Checkpoint
RP562: 28/03/2013 11:28:43 - Restore Operation
RP563: 28/03/2013 12:02:55 - Restore Operation
RP564: 28/03/2013 12:21:35 - Installed LogMeIn
RP565: 28/03/2013 12:26:12 - Restore Operation
RP566: 28/03/2013 12:30:24 - Restore Operation
RP567: 29/03/2013 13:21:39 - System Checkpoint
RP568: 30/03/2013 14:12:08 - System Checkpoint
RP569: 31/03/2013 15:42:44 - System Checkpoint
RP570: 02/04/2013 12:53:31 - System Checkpoint
RP571: 03/04/2013 13:27:23 - System Checkpoint
RP572: 04/04/2013 16:15:39 - System Checkpoint
RP573: 05/04/2013 17:35:40 - System Checkpoint
RP574: 08/04/2013 10:40:43 - System Checkpoint
RP575: 09/04/2013 11:12:22 - System Checkpoint
RP576: 10/04/2013 08:42:28 - Software Distribution Service 3.0
RP577: 11/04/2013 11:36:43 - System Checkpoint
RP578: 12/04/2013 16:43:22 - System Checkpoint
RP579: 13/04/2013 18:05:02 - System Checkpoint
RP580: 15/04/2013 10:40:21 - System Checkpoint
RP581: 16/04/2013 13:26:41 - System Checkpoint
RP582: 18/04/2013 09:48:43 - System Checkpoint
RP583: 19/04/2013 11:13:32 - System Checkpoint
RP584: 20/04/2013 12:22:39 - System Checkpoint
RP585: 21/04/2013 12:31:22 - System Checkpoint
RP586: 22/04/2013 13:01:42 - System Checkpoint
RP587: 22/04/2013 17:49:45 - Installed Windows Internet Explorer 8.
RP588: 22/04/2013 17:50:20 - Software Distribution Service 3.0
RP589: 23/04/2013 11:00:14 - Software Distribution Service 3.0
RP590: 23/04/2013 13:39:39 - Installed AVG 2013
RP591: 23/04/2013 13:39:56 - Installed AVG 2013
RP592: 24/04/2013 11:00:15 - Software Distribution Service 3.0
RP593: 25/04/2013 11:08:26 - System Checkpoint
RP594: 25/04/2013 14:22:41 - Removed HiJackThis
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft Software Suite
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.2.6
Bonjour
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
Citrix Presentation Server Client
Dell Printer Software
Dr SpeedTouch
DVD Suite
ESET Online Scanner v3
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Chrome Frame
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
InterActual Player
iTunes
LG ODD Auto Firmware Update
LightScribe 1.6.43.1
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Manual CanoScan LiDE 60
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ActiveSync
Microsoft AutoRoute Express GB 2000
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Mozilla Firefox (2.0)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
OmniPage SE 2.0
Orange Siemens Router
Photo Story 3 for Windows
PHOTOfunSTUDIO
PhotoScape
Picasa 3
Platform
PowerDVD
PowerProducer
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RegCure Pro
Road Angel UK
Safari
Samsung CLP-310 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Snooper Map Downloader
SPAMfighter
SpeedItup Free 7.85
SpeedTouch USB Software
SUPERAntiSpyware
Syrius AS Updater
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
WD Diagnostics
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
25/04/2013 14:22:44, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
23/04/2013 20:48:50, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
23/04/2013 20:48:50, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
23/04/2013 20:48:50, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
23/04/2013 20:48:50, error: Service Control Manager [7034] - The Dell Printer Status Watcher service terminated unexpectedly. It has done this 1 time(s).
23/04/2013 20:48:50, error: Service Control Manager [7034] - The Dell Printer Status Database service terminated unexpectedly. It has done this 1 time(s).
23/04/2013 20:48:50, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
23/04/2013 13:50:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avglogx
23/04/2013 13:48:46, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
23/04/2013 13:45:08, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
23/04/2013 09:18:35, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
22/04/2013 15:11:22, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
20/04/2013 19:12:00, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1c99c1080286cb4 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
20/04/2013 09:12:14, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
20/04/2013 09:12:14, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The specified driver is invalid.
20/04/2013 09:12:12, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
.
==== End Of File ===========================
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm
Advertisement
Register to Remove

Re: Searchcore.net problem

Unread postby Cypher » April 27th, 2013, 12:09 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply

  • checkup.txt.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Searchcore.net problem

Unread postby mrwasp » April 27th, 2013, 1:59 pm

Hi Cypher

Thanks for your help. Results of checks fllow although OTL did not creat an Extra.txt


Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (2.0) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````


OTL logfile created on: 27/04/2013 18:44:52 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop\Fix programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 83.36% Memory free
5.09 Gb Paging File | 4.64 Gb Available in Paging File | 91.26% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 205.78 Gb Free Space | 88.36% Space Free | Partition Type: NTFS

Computer Name: OWNER-6052C6A73 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/27 17:41:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Fix programs\OTL.exe
PRC - [2013/04/26 08:14:34 | 007,712,280 | ---- | M] (MicroSmarts LLC.) -- C:\Program Files\SpeedItup Free\speeditupfree.exe
PRC - [2013/04/09 09:56:10 | 000,082,896 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.exe
PRC - [2013/03/19 18:31:30 | 000,137,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/03/19 18:31:26 | 000,375,144 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/11/29 12:56:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/11/06 09:28:03 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/09 09:13:00 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/06/01 12:03:32 | 000,566,680 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
PRC - [2010/06/01 12:03:24 | 000,226,696 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2010/06/01 12:03:18 | 000,886,152 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2009/10/16 12:58:52 | 000,116,016 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2008/08/08 06:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/08/08 06:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007/08/13 10:39:15 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/25 13:17:39 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/19 18:31:30 | 000,137,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/03/19 18:31:26 | 000,375,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/09/09 09:13:00 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/06/01 12:03:24 | 000,226,696 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/16 12:58:52 | 000,116,016 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avglogx.sys -- (Avglogx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\ALLOW-IO.sys -- (ALLOW-IO)
DRV - [2013/04/22 20:16:07 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\16739237.sys -- (16739237)
DRV - [2013/03/19 18:31:46 | 000,084,352 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/11/29 12:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/11/29 12:56:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/08/04 08:02:29 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 08:02:28 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/24 10:56:01 | 000,063,088 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/11/25 13:57:28 | 001,617,408 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/06/26 08:29:34 | 001,656,960 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
DRV - [2008/12/02 07:56:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
DRV - [2007/06/26 09:15:00 | 000,262,912 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/06/14 10:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/05/15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/11/07 02:00:00 | 000,166,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\webc3vid.sys -- (CTL511Plus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcore.net/426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 69 52 78 D1 60 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FAF33754-4B77-483A-95A4-089D6E3708A9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FAF33754-4B77-483A-95A4-089D6E3708A9}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGIE_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/09 10:02:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/09 10:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/16 20:18:46 | 000,000,000 | ---D | M]

[2013/03/28 13:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions
[2011/02/15 17:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/16 12:52:06 | 000,000,000 | ---D | M] (wxDownload) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\50f5885421355@50f588542138e.com
[2011/02/15 17:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\staged-xpis
[2013/03/25 18:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmgcjdrh.default\extensions
[2008/04/05 11:37:06 | 000,000,000 | ---D | M] ("British English Dictionary">) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmgcjdrh.default\extensions\en-GB@dictionaries.addons.mozilla(2).org
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2013/03/25 18:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/29 16:55:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/29 16:55:09 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/12/29 16:55:11 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2006/10/11 09:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/10/11 09:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/10/11 09:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/10/11 09:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/10/11 09:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2013/01/09 10:02:05 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: wxDownload = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbckpeodpkegbjafjlkeidgahdkilppe\1\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: wxDownload = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbckpeodpkegbjafjlkeidgahdkilppe\1\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

O1 HOSTS File: ([2013/04/22 22:35:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLQLU] C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] C:\Program Files\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
O4 - HKCU..\Run: [ChromeFrameHelper] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_16739237.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp.com/printerhelp/Ac ... rinter.cab (PrinterHelpEtcActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 6328740046 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0CF355D-D720-4A29-8514-BAC1C1B090FC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/04 21:31:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\progra~1\avg\avg10\avgchsvx.exe /sync)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/25 17:13:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/25 14:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fix logs
[2013/04/25 12:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/25 12:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fix programs
[2013/04/23 14:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/04/23 13:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/04/23 13:33:37 | 004,446,832 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2013_3272_cnet.exe
[2013/04/23 00:34:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/04/22 21:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/04/22 20:35:48 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\16739237.sys
[2013/04/22 18:55:33 | 000,361,666 | ---- | C] (RegNow.com) -- C:\Documents and Settings\Owner\Desktop\Download_MaxDownloadMgrtrial.exe
[2013/04/22 17:48:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/04/22 15:15:27 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

========== Files - Modified Within 30 Days ==========

[2013/04/27 18:24:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1801674531-725345543-1003UA.job
[2013/04/27 18:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/27 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/04/27 17:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/27 13:54:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/04/27 12:09:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Owner.job
[2013/04/27 08:21:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/27 08:21:24 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/04/27 08:21:24 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2013/04/27 08:21:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/27 08:21:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/27 08:16:05 | 000,733,120 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/27 08:16:05 | 000,161,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/27 08:11:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/27 08:11:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/26 21:07:01 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Owner.job
[2013/04/26 19:24:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1801674531-725345543-1003Core.job
[2013/04/26 14:47:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/25 21:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/24 15:22:15 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2013/04/24 15:22:15 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Pro.job
[2013/04/24 10:08:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/23 13:34:01 | 004,446,832 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2013_3272_cnet.exe
[2013/04/23 00:34:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/04/22 22:35:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/04/22 20:36:47 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_16739237.lnk
[2013/04/22 20:16:07 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\16739237.sys
[2013/04/22 18:55:37 | 000,361,666 | ---- | M] (RegNow.com) -- C:\Documents and Settings\Owner\Desktop\Download_MaxDownloadMgrtrial.exe
[2013/04/22 18:09:45 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/22 17:52:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/22 17:43:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/04/22 15:15:27 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/13 12:07:56 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\9C2AC000
[2013/04/10 15:50:28 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\70DE6100
[2013/04/10 15:46:26 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2F1B6100
[2013/04/10 15:37:03 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\15826100
[2013/04/10 14:25:01 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 09:10:14 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/08 12:49:46 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Map Downloader.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/04/23 00:34:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/04/23 00:34:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/04/22 20:36:47 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_16739237.lnk
[2013/04/13 12:07:56 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\9C2AC000
[2013/04/10 15:50:28 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\70DE6100
[2013/04/10 15:46:26 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2F1B6100
[2013/04/10 15:37:03 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\15826100
[2013/01/07 21:07:58 | 000,237,438 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/07 21:07:58 | 000,237,438 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1801674531-725345543-1003-0.dat
[2013/01/07 18:52:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 09:28:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/20 13:02:05 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2011/06/20 13:02:02 | 002,026,604 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/06/20 13:02:02 | 000,442,964 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/01/02 10:10:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/04/28 09:00:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/04/07 12:44:10 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/02/09 10:30:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/04 08:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012/11/01 17:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3B2FD
[2012/05/11 16:43:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/20 15:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2013/03/25 14:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/12/13 17:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2008/05/30 15:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/04/07 14:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/04/27 08:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/03/25 17:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/17 21:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters(2)
[2013/01/07 11:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2013/04/22 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2012/11/02 16:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry Helper
[2008/04/07 15:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/02/19 17:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/07 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPAMfighter
[2008/04/10 12:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/10 12:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/02/05 13:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/05/11 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/05/11 19:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2011/03/23 09:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/11/02 16:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\bearsharetoolbarguid
[2009/08/17 11:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
[2008/04/10 12:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2012/05/21 09:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ChiliCoupon
[2008/08/16 10:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/01 14:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
[2012/10/01 16:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2013/03/25 14:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eBay
[2010/11/09 21:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fighters
[2011/04/10 10:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2012/05/10 10:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go PDF Reader
[2008/07/02 15:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2012/05/21 09:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IE ChiliCoupon
[2009/12/26 10:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Panasonic
[2013/03/25 17:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2012/10/01 16:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Unleashed Online
[2013/01/05 16:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCCUStubInstaller
[2013/03/16 19:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\player
[2008/04/10 12:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2008/04/10 11:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPAMfighter
[2008/04/05 11:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2013/04/23 13:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2008/10/26 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

========== Purity Check ==========



< End of report >
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm

Re: Searchcore.net problem

Unread postby mrwasp » April 27th, 2013, 8:34 pm

Hi Cypher

Just realised that the reason that OTL did not create an Extra.txt file was because I had run it before asking for help so the Extra.txt file from that first run follows. Hope this hasn't messed things up.

OTL Extras logfile created on: 25/04/2013 12:06:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 84.54% Memory free
5.09 Gb Paging File | 4.65 Gb Available in Paging File | 91.48% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.34 Gb Free Space | 81.30% Space Free | Partition Type: NTFS

Computer Name: OWNER-6052C6A73 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" = C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch -- ()
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0330FC8D-EDB2-455E-A3DC-B56DD107E4BC}" = LogMeIn
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18B72572-C7FD-4586-8258-B59E2A06760A}" = SPAMfighter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B3CBF2-075D-4D1A-9A57-0A4119806B95}" = Road Angel UK
"{A2104078-AAA5-449E-95DD-55C9443A1033}" = Nero 7 Essentials
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3663107-790E-4F9A-8091-F5B8499CF792}" = Syrius AS Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}" = Dr SpeedTouch
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FCC000C1-892D-4AF5-A5B9-BCB5ECB00EB7}" = Snooper Map Downloader
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft ARX GB 2000" = Microsoft AutoRoute Express GB 2000
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"OrangeSiemens" = Orange Siemens Router
"OrangeToolbarUK" = Orange Toolbar
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"RealPlayer 16.0" = RealPlayer
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SpeedItup Free_is1" = SpeedItup Free 7.85
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/04/2013 04:03:28 | Computer Name = OWNER-6052C6A73 | Source = Application Hang | ID = 1002
Description = Hanging application speeditupfree.exe, version 7.8.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/04/2013 04:03:42 | Computer Name = OWNER-6052C6A73 | Source = Application Hang | ID = 1001
Description = Fault bucket -1426676103.

Error - 22/04/2013 15:57:40 | Computer Name = OWNER-6052C6A73 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 22/04/2013 16:15:15 | Computer Name = OWNER-6052C6A73 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 23/04/2013 02:21:23 | Computer Name = OWNER-6052C6A73 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 23/04/2013 09:33:24 | Computer Name = OWNER-6052C6A73 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 25/04/2013 03:46:27 | Computer Name = OWNER-6052C6A73 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 25/04/2013 03:46:47 | Computer Name = OWNER-6052C6A73 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/04/2013 03:46:47 | Computer Name = OWNER-6052C6A73 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 25/04/2013 03:46:51 | Computer Name = OWNER-6052C6A73 | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

[ System Events ]
Error - 25/04/2013 04:57:46 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 25/04/2013 04:57:46 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7034
Description = The Dell Printer Status Watcher service terminated unexpectedly.
It has done this 1 time(s).

Error - 25/04/2013 05:09:25 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2001

Error - 25/04/2013 05:09:25 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 25/04/2013 05:09:26 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avglogx

Error - 25/04/2013 05:10:38 | Computer Name = OWNER-6052C6A73 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 25/04/2013 06:36:20 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2001

Error - 25/04/2013 06:36:20 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 25/04/2013 06:36:22 | Computer Name = OWNER-6052C6A73 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avglogx

Error - 25/04/2013 06:43:44 | Computer Name = OWNER-6052C6A73 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}


< End of report >
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm

Re: Searchcore.net problem

Unread postby Cypher » April 28th, 2013, 6:29 am

Hi,
Thanks for your help

You're most welcome.
Looking over your logs, it seems you don't have any evidence of an anti-virus software.
Please download and install a free anti-virus software from one these excellent vendors now.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Next.

Click Start > Control Panel, and then double-click Add or Remove Programs.
Uninstall the following if present.
Adobe Reader X (10.1.6)
RegCure Pro

Next.

We need to run an OTL Fix

  • Double-click OTL.exe to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcore.net/426
    IE - HKCU\..\SearchScopes,DefaultScope = {FAF33754-4B77-483A-95A4-089D6E3708A9}
    FF - user.js - File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found.
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Searchcore.net problem

Unread postby mrwasp » April 28th, 2013, 1:58 pm

Hi Cypher

I've removed Adobe Reader X (10.1.6) and RegCure Pro as requested and run the OTL fix.

Searchcore.net/426 still appears in the Home page of Internet Explorer.

OTL log follows:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8B68564D-53FD-4293-B80C-993A9F3988EE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B68564D-53FD-4293-B80C-993A9F3988EE}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\Fix programs\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\Fix programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 211658 bytes

User: Owner
->Temp folder emptied: 771752 bytes
->Temporary Internet Files folder emptied: 48248381 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 11803143 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60730 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04282013_184042

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm

Re: Searchcore.net problem

Unread postby Cypher » April 29th, 2013, 5:27 am

Hi,

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run it.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next.

Please post a new OTL log, Double click on OTL.exe to run it.

Logs/Information to Post in your Next Reply
  • AdwCleaner log.
  • JRT.txt.
  • OTL log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Searchcore.net problem

Unread postby mrwasp » April 29th, 2013, 6:14 am

Hi Cypher

I've run AdwCleaner and Junkware Removal Tool and OTL (run using Quickscan). Logs follow:

# AdwCleaner v2.300 - Logfile created 04/29/2013 at 10:49:50
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-6052C6A73
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\Fix programs\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}

***** [Registry] *****

Key Found : HKCU\Software\pc optimizer pro

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchcore.net/426

-\\ Mozilla Firefox v2.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmgcjdrh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R4].txt - [1299 octets] - [29/04/2013 10:49:50]
AdwCleaner[S3].txt - [1509 octets] - [25/04/2013 16:35:47]

########## EOF - C:\AdwCleaner[R4].txt - [1419 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.2 (04.29.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on 29/04/2013 at 10:54:09.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\speetitupfree
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-789336058-1801674531-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\fighters"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc optimizer pro"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\fighters"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\pccustubinstaller"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\Program Files\fighters"
Successfully deleted: [Folder] "C:\Program Files\icqtoolbar"
Successfully deleted: [Folder] "C:\Program Files\pc speed up"
Successfully deleted: [Folder] "C:\Program Files\speeditup free"
Successfully deleted: [Folder] "C:\Program Files\utilitychest_49"



~~~ FireFox

Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\eut6rnwx.default\extensions\50f5885421355@50f588542138e.com
Failed to delete: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\eut6rnwx.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/04/2013 at 10:56:29.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 29/04/2013 10:59:01 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop\Fix programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 84.31% Memory free
5.09 Gb Paging File | 4.63 Gb Available in Paging File | 90.98% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 206.06 Gb Free Space | 88.48% Space Free | Partition Type: NTFS

Computer Name: OWNER-6052C6A73 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/27 17:41:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Fix programs\OTL.exe
PRC - [2013/04/09 09:56:10 | 000,082,896 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.exe
PRC - [2013/03/19 18:31:30 | 000,137,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/03/19 18:31:26 | 000,375,144 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/11/29 12:56:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/11/06 09:28:03 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/09 09:13:00 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/06/01 12:03:32 | 000,566,680 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
PRC - [2010/06/01 12:03:24 | 000,226,696 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2010/06/01 12:03:18 | 000,886,152 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2009/10/16 12:58:52 | 000,116,016 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2008/08/08 06:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 01:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [1999/03/17 22:38:10 | 008,798,260 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (No Company Name) ==========

MOD - [2008/08/08 06:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007/08/13 10:39:15 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/25 13:17:39 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/19 18:31:30 | 000,137,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/03/19 18:31:26 | 000,375,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/29 12:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/09/09 09:13:00 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/06/01 12:03:24 | 000,226,696 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/16 12:58:52 | 000,116,016 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avglogx.sys -- (Avglogx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\ALLOW-IO.sys -- (ALLOW-IO)
DRV - [2013/04/22 20:16:07 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\16739237.sys -- (16739237)
DRV - [2013/03/19 18:31:46 | 000,084,352 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/11/29 12:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/11/29 12:56:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/08/04 08:02:29 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 08:02:28 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/24 10:56:01 | 000,063,088 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/11/25 13:57:28 | 001,617,408 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/06/26 08:29:34 | 001,656,960 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
DRV - [2008/12/02 07:56:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
DRV - [2007/06/26 09:15:00 | 000,262,912 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/06/14 10:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/05/15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/11/07 02:00:00 | 000,166,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\webc3vid.sys -- (CTL511Plus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcore.net/426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 69 52 78 D1 60 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FAF33754-4B77-483A-95A4-089D6E3708A9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FAF33754-4B77-483A-95A4-089D6E3708A9}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGIE_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/09 10:02:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/09 10:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/16 20:18:46 | 000,000,000 | ---D | M]

[2013/04/29 10:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions
[2011/02/15 17:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/15 17:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\staged-xpis
[2013/03/25 18:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmgcjdrh.default\extensions
[2008/04/05 11:37:06 | 000,000,000 | ---D | M] ("British English Dictionary">) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmgcjdrh.default\extensions\en-GB@dictionaries.addons.mozilla(2).org
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2013/03/25 18:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/29 16:55:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/29 16:55:09 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/12/29 16:55:11 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2006/10/11 09:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/10/11 09:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/10/11 09:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/10/11 09:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/10/11 09:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2013/01/09 10:02:05 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: wxDownload = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbckpeodpkegbjafjlkeidgahdkilppe\1\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: wxDownload = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbckpeodpkegbjafjlkeidgahdkilppe\1\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

O1 HOSTS File: ([2013/04/22 22:35:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLQLU] C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [ChromeFrameHelper] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_16739237.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp.com/printerhelp/Ac ... rinter.cab (PrinterHelpEtcActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 6328740046 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0CF355D-D720-4A29-8514-BAC1C1B090FC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/04 21:31:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\progra~1\avg\avg10\avgchsvx.exe /sync)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/29 10:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/29 10:53:59 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/28 18:40:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/25 17:13:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/25 14:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fix logs
[2013/04/25 12:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fix programs
[2013/04/23 14:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/04/23 13:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/04/23 13:33:37 | 004,446,832 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2013_3272_cnet.exe
[2013/04/23 00:34:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/04/22 21:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/04/22 20:35:48 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\16739237.sys
[2013/04/22 18:55:33 | 000,361,666 | ---- | C] (RegNow.com) -- C:\Documents and Settings\Owner\Desktop\Download_MaxDownloadMgrtrial.exe
[2013/04/22 17:48:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/04/22 15:15:27 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

========== Files - Modified Within 30 Days ==========

[2013/04/29 10:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/29 10:24:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1801674531-725345543-1003UA.job
[2013/04/29 10:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/28 19:24:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1801674531-725345543-1003Core.job
[2013/04/28 19:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/28 18:55:27 | 000,733,120 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/28 18:55:27 | 000,161,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/28 18:51:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/28 18:51:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/28 18:51:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/28 13:54:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/04/28 08:49:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/26 14:47:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/25 21:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/24 10:08:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1801674531-725345543-1003.job
[2013/04/23 13:34:01 | 004,446,832 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2013_3272_cnet.exe
[2013/04/23 00:34:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/04/22 22:35:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/04/22 20:36:47 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_16739237.lnk
[2013/04/22 20:16:07 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\16739237.sys
[2013/04/22 18:55:37 | 000,361,666 | ---- | M] (RegNow.com) -- C:\Documents and Settings\Owner\Desktop\Download_MaxDownloadMgrtrial.exe
[2013/04/22 18:09:45 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/22 17:52:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/22 17:43:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/04/22 15:15:27 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/13 12:07:56 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\9C2AC000
[2013/04/10 15:50:28 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\70DE6100
[2013/04/10 15:46:26 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2F1B6100
[2013/04/10 15:37:03 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\15826100
[2013/04/10 14:25:01 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 09:10:14 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/08 12:49:46 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Map Downloader.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/04/23 00:34:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/04/23 00:34:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/04/22 20:36:47 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\_uninst_16739237.lnk
[2013/04/13 12:07:56 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\9C2AC000
[2013/04/10 15:50:28 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\70DE6100
[2013/04/10 15:46:26 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2F1B6100
[2013/04/10 15:37:03 | 000,557,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\15826100
[2013/01/07 21:07:58 | 000,237,438 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/07 21:07:58 | 000,237,438 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1801674531-725345543-1003-0.dat
[2013/01/07 18:52:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 09:28:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/20 13:02:05 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2011/06/20 13:02:02 | 002,026,604 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/06/20 13:02:02 | 000,442,964 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/01/02 10:10:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/04/28 09:00:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/04/07 12:44:10 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/02/09 10:30:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/04 08:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012/11/01 17:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3B2FD
[2012/05/11 16:43:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/20 15:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2013/03/25 14:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/05/30 15:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/04/07 14:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2013/04/29 00:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/04/28 18:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/17 21:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters(2)
[2013/04/22 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2012/11/02 16:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry Helper
[2008/04/07 15:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/02/19 17:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/07 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPAMfighter
[2008/04/10 12:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/10 12:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/02/05 13:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/05/11 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/05/11 19:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2011/03/23 09:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/11/02 16:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\bearsharetoolbarguid
[2009/08/17 11:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
[2008/04/10 12:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2012/05/21 09:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ChiliCoupon
[2008/08/16 10:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/01 14:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
[2013/03/25 14:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eBay
[2011/04/10 10:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2012/05/10 10:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go PDF Reader
[2008/07/02 15:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2012/05/21 09:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IE ChiliCoupon
[2009/12/26 10:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Panasonic
[2013/03/25 17:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2012/10/01 16:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Unleashed Online
[2013/03/16 19:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\player
[2008/04/10 12:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2008/04/10 11:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPAMfighter
[2008/04/05 11:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2013/04/23 13:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2008/10/26 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

========== Purity Check ==========



< End of report >
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm

Re: Searchcore.net problem

Unread postby Cypher » April 29th, 2013, 6:24 am

Hi,
Searchcore.net/426 still appears in the Home page of Internet Explorer.

Please run adwCleaner again using the instructions below, then let me know if Searchcore.net/426 still appears as the Home page..

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run it.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Searchcore.net problem

Unread postby mrwasp » April 29th, 2013, 8:02 am

Hi

Have run AdwCleaner using Delete and searchcore.net still appears as the Home page.

AdwCleaner log follows if useful:

# AdwCleaner v2.300 - Logfile created 04/29/2013 at 12:53:58
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-6052C6A73
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\Fix programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchcore.net/426 --> hxxp://www.google.com

-\\ Mozilla Firefox v2.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\eut6rnwx.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kmgcjdrh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R4].txt - [1488 octets] - [29/04/2013 10:49:50]
AdwCleaner[S3].txt - [1509 octets] - [25/04/2013 16:35:47]
AdwCleaner[S4].txt - [353 octets] - [29/04/2013 12:52:46]
AdwCleaner[S5].txt - [1476 octets] - [29/04/2013 12:53:58]

########## EOF - C:\AdwCleaner[S5].txt - [1536 octets] ##########
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm

Re: Searchcore.net problem

Unread postby Cypher » April 29th, 2013, 10:32 am

Hi,
Did you install any new programs or software just before your homepage changed?
Let me know in your next reply.

Please download TDSSKiller and save it to your Desktop.

  • Double click TDSSKiller.exe to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Searchcore.net problem

Unread postby mrwasp » April 30th, 2013, 6:04 am

Hi,

Sorry for the delay.

I've run TDSSKiller with Verify file digital signatures checked and no reboot was required. I noticed that Loaded Modules wasn't checked on Objects to scan. Is this OK. The problem first appeared after joining Facebook and can't recall any other installs at that time. The TDSSKiller log follows:

17:17:04.0046 1864 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:17:04.0406 1864 ============================================================
17:17:04.0406 1864 Current date / time: 2013/04/29 17:17:04.0406
17:17:04.0406 1864 SystemInfo:
17:17:04.0406 1864
17:17:04.0406 1864 OS Version: 5.1.2600 ServicePack: 3.0
17:17:04.0406 1864 Product type: Workstation
17:17:04.0406 1864 ComputerName: OWNER-6052C6A73
17:17:04.0406 1864 UserName: Owner
17:17:04.0406 1864 Windows directory: C:\WINDOWS
17:17:04.0406 1864 System windows directory: C:\WINDOWS
17:17:04.0406 1864 Processor architecture: Intel x86
17:17:04.0406 1864 Number of processors: 2
17:17:04.0406 1864 Page size: 0x1000
17:17:04.0406 1864 Boot type: Normal boot
17:17:04.0406 1864 ============================================================
17:17:06.0000 1864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:17:06.0000 1864 ============================================================
17:17:06.0000 1864 \Device\Harddisk0\DR0:
17:17:06.0000 1864 MBR partitions:
17:17:06.0000 1864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:17:06.0000 1864 ============================================================
17:17:06.0046 1864 C: <-> \Device\Harddisk0\DR0\Partition1
17:17:06.0046 1864 ============================================================
17:17:06.0046 1864 Initialize success
17:17:06.0046 1864 ============================================================
17:18:06.0296 2080 ============================================================
17:18:06.0296 2080 Scan started
17:18:06.0296 2080 Mode: Manual; SigCheck;
17:18:06.0296 2080 ============================================================
17:18:06.0593 2080 ================ Scan system memory ========================
17:18:07.0859 2080 System memory - ok
17:18:07.0859 2080 ================ Scan services =============================
17:18:08.0015 2080 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:18:08.0250 2080 !SASCORE - ok
17:18:08.0406 2080 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] 16739237 C:\WINDOWS\system32\DRIVERS\16739237.sys
17:18:08.0453 2080 16739237 - ok
17:18:08.0453 2080 Abiosdsk - ok
17:18:08.0468 2080 abp480n5 - ok
17:18:08.0578 2080 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:18:08.0593 2080 ACDaemon - ok
17:18:08.0625 2080 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:18:09.0578 2080 ACPI - ok
17:18:09.0609 2080 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:18:09.0734 2080 ACPIEC - ok
17:18:09.0828 2080 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:18:09.0843 2080 AdobeFlashPlayerUpdateSvc - ok
17:18:09.0859 2080 adpu160m - ok
17:18:09.0921 2080 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:18:10.0046 2080 aec - ok
17:18:10.0093 2080 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
17:18:10.0109 2080 Afc ( UnsignedFile.Multi.Generic ) - warning
17:18:10.0109 2080 Afc - detected UnsignedFile.Multi.Generic (1)
17:18:10.0156 2080 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:18:10.0203 2080 AFD - ok
17:18:10.0218 2080 Aha154x - ok
17:18:10.0218 2080 aic78u2 - ok
17:18:10.0234 2080 aic78xx - ok
17:18:10.0265 2080 [ 0940030D5A5869067CCC03E3B0B8DEC7 ] alcan5wn C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
17:18:10.0312 2080 alcan5wn - ok
17:18:10.0343 2080 [ 4C9577888C53243E2991456F510488A1 ] alcaudsl C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
17:18:10.0390 2080 alcaudsl - ok
17:18:10.0406 2080 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:18:10.0515 2080 Alerter - ok
17:18:10.0546 2080 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:18:10.0609 2080 ALG - ok
17:18:10.0609 2080 AliIde - ok
17:18:10.0625 2080 ALLOW-IO - ok
17:18:10.0671 2080 [ 57221EF8A056B5FB47CDDA3BA28DD377 ] AMBFilt C:\WINDOWS\system32\drivers\AMBFilt.sys
17:18:10.0781 2080 AMBFilt - ok
17:18:10.0781 2080 amsint - ok
17:18:10.0875 2080 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:18:10.0890 2080 Apple Mobile Device - ok
17:18:10.0890 2080 AppMgmt - ok
17:18:10.0906 2080 asc - ok
17:18:10.0921 2080 asc3350p - ok
17:18:10.0921 2080 asc3550 - ok
17:18:11.0093 2080 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:18:11.0109 2080 aspnet_state - ok
17:18:11.0125 2080 AsrCDDrv - ok
17:18:11.0140 2080 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:18:11.0250 2080 AsyncMac - ok
17:18:11.0296 2080 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:18:11.0437 2080 atapi - ok
17:18:11.0453 2080 Atdisk - ok
17:18:11.0468 2080 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:18:11.0578 2080 Atmarpc - ok
17:18:11.0625 2080 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:18:11.0734 2080 AudioSrv - ok
17:18:11.0796 2080 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:18:11.0921 2080 audstub - ok
17:18:11.0937 2080 Avglogx - ok
17:18:11.0984 2080 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:18:12.0109 2080 Beep - ok
17:18:12.0171 2080 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:18:12.0375 2080 BITS - ok
17:18:12.0468 2080 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:18:12.0500 2080 Bonjour Service - ok
17:18:12.0531 2080 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:18:12.0578 2080 Browser - ok
17:18:12.0750 2080 catchme - ok
17:18:12.0796 2080 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:18:12.0921 2080 cbidf2k - ok
17:18:12.0953 2080 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:18:13.0062 2080 CCDECODE - ok
17:18:13.0062 2080 cd20xrnt - ok
17:18:13.0109 2080 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:18:13.0218 2080 Cdaudio - ok
17:18:13.0250 2080 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:18:13.0390 2080 Cdfs - ok
17:18:13.0437 2080 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:18:13.0578 2080 Cdrom - ok
17:18:13.0578 2080 Changer - ok
17:18:13.0625 2080 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:18:13.0734 2080 CiSvc - ok
17:18:13.0765 2080 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:18:13.0906 2080 ClipSrv - ok
17:18:13.0921 2080 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:13.0937 2080 clr_optimization_v2.0.50727_32 - ok
17:18:14.0015 2080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:18:14.0062 2080 clr_optimization_v4.0.30319_32 - ok
17:18:14.0062 2080 CmdIde - ok
17:18:14.0078 2080 COMSysApp - ok
17:18:14.0093 2080 Cpqarray - ok
17:18:14.0140 2080 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:18:14.0281 2080 CryptSvc - ok
17:18:14.0328 2080 [ D491F164E6D5EBACBB73E0F85D47E9D9 ] CTL511Plus C:\WINDOWS\system32\DRIVERS\webc3vid.sys
17:18:14.0375 2080 CTL511Plus - ok
17:18:14.0375 2080 dac2w2k - ok
17:18:14.0390 2080 dac960nt - ok
17:18:14.0437 2080 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:18:14.0484 2080 DcomLaunch - ok
17:18:14.0562 2080 [ B327B0CA9FCE58893D456EE2360378AF ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
17:18:14.0562 2080 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
17:18:14.0562 2080 DgiVecp - detected UnsignedFile.Multi.Generic (1)
17:18:14.0609 2080 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:18:14.0734 2080 Dhcp - ok
17:18:14.0765 2080 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:18:14.0890 2080 Disk - ok
17:18:14.0984 2080 [ EA5CFD9067C88295B2BA2B21E09C2CB2 ] DLPWD C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
17:18:15.0000 2080 DLPWD - ok
17:18:15.0015 2080 [ 357E0FD10CCB6D4D89618C83561CB8D6 ] DLSDB C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
17:18:15.0031 2080 DLSDB - ok
17:18:15.0046 2080 dmadmin - ok
17:18:15.0109 2080 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:18:15.0234 2080 dmboot - ok
17:18:15.0265 2080 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:18:15.0390 2080 dmio - ok
17:18:15.0406 2080 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:18:15.0515 2080 dmload - ok
17:18:15.0531 2080 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:18:15.0656 2080 dmserver - ok
17:18:15.0703 2080 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:18:15.0843 2080 DMusic - ok
17:18:15.0859 2080 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:18:15.0890 2080 Dnscache - ok
17:18:15.0890 2080 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:18:16.0000 2080 Dot3svc - ok
17:18:16.0015 2080 dpti2o - ok
17:18:16.0046 2080 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:18:16.0156 2080 drmkaud - ok
17:18:16.0203 2080 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:18:16.0328 2080 EapHost - ok
17:18:16.0359 2080 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:18:16.0500 2080 ERSvc - ok
17:18:16.0546 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:18:16.0562 2080 Eventlog - ok
17:18:16.0593 2080 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:18:16.0625 2080 EventSystem - ok
17:18:16.0656 2080 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:18:16.0781 2080 Fastfat - ok
17:18:16.0828 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:18:16.0890 2080 FastUserSwitchingCompatibility - ok
17:18:16.0921 2080 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:18:17.0031 2080 Fdc - ok
17:18:17.0078 2080 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:18:17.0187 2080 Fips - ok
17:18:17.0218 2080 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:18:17.0328 2080 Flpydisk - ok
17:18:17.0375 2080 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:18:17.0500 2080 FltMgr - ok
17:18:17.0593 2080 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:17.0609 2080 FontCache3.0.0.0 - ok
17:18:17.0625 2080 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:18:17.0750 2080 Fs_Rec - ok
17:18:17.0765 2080 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:18:17.0875 2080 Ftdisk - ok
17:18:17.0921 2080 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:18:17.0937 2080 GEARAspiWDM - ok
17:18:17.0968 2080 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:18:18.0078 2080 Gpc - ok
17:18:18.0171 2080 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c99c1080286cb4 C:\Program Files\Google\Update\GoogleUpdate.exe
17:18:18.0187 2080 gupdate1c99c1080286cb4 - ok
17:18:18.0250 2080 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:18:18.0250 2080 gupdatem - ok
17:18:18.0296 2080 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:18:18.0312 2080 gusvc - ok
17:18:18.0359 2080 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:18:18.0500 2080 HDAudBus - ok
17:18:18.0578 2080 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:18:18.0703 2080 helpsvc - ok
17:18:18.0765 2080 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:18:18.0890 2080 HidServ - ok
17:18:18.0937 2080 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:18:19.0046 2080 HidUsb - ok
17:18:19.0078 2080 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:18:19.0203 2080 hkmsvc - ok
17:18:19.0218 2080 hpn - ok
17:18:19.0281 2080 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:18:19.0328 2080 HTTP - ok
17:18:19.0359 2080 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:18:19.0453 2080 HTTPFilter - ok
17:18:19.0468 2080 i2omgmt - ok
17:18:19.0484 2080 i2omp - ok
17:18:19.0515 2080 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:18:19.0656 2080 i8042prt - ok
17:18:19.0812 2080 [ D1359E54D9755D28E56B17A352AB8AAE ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:18:20.0109 2080 ialm - ok
17:18:20.0250 2080 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:20.0296 2080 idsvc - ok
17:18:20.0312 2080 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:18:20.0421 2080 Imapi - ok
17:18:20.0453 2080 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:18:20.0578 2080 ImapiService - ok
17:18:20.0640 2080 [ 7BFC3EDA22190C0FE8C2CA19E5379DA5 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
17:18:20.0640 2080 InCDfs - ok
17:18:20.0656 2080 [ FC4DBF18A4EB0D2FE3171471A3D0F9A8 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
17:18:20.0671 2080 InCDPass - ok
17:18:20.0687 2080 [ F8E7C551DEF07FDC12CA5CC7AE5D975B ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
17:18:20.0703 2080 InCDrec - ok
17:18:20.0703 2080 [ 31A5A3809249A326EB0EF58D563A9654 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
17:18:20.0718 2080 incdrm - ok
17:18:20.0875 2080 [ C773D093D5C18765E71C7992AEE051A2 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
17:18:20.0937 2080 InCDsrv - ok
17:18:20.0953 2080 ini910u - ok
17:18:21.0062 2080 [ 915CE2A58C6917E3C53BE1E91FA66BA8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:18:21.0281 2080 IntcAzAudAddService - ok
17:18:21.0296 2080 IntelIde - ok
17:18:21.0328 2080 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:18:21.0468 2080 intelppm - ok
17:18:21.0500 2080 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:18:21.0625 2080 Ip6Fw - ok
17:18:21.0656 2080 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:18:21.0781 2080 IpFilterDriver - ok
17:18:21.0796 2080 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:18:21.0921 2080 IpInIp - ok
17:18:21.0953 2080 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:18:22.0062 2080 IpNat - ok
17:18:22.0125 2080 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:18:22.0171 2080 iPod Service - ok
17:18:22.0218 2080 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:18:22.0343 2080 IPSec - ok
17:18:22.0359 2080 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:18:22.0406 2080 IRENUM - ok
17:18:22.0453 2080 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:18:22.0578 2080 isapnp - ok
17:18:22.0625 2080 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:18:22.0750 2080 Kbdclass - ok
17:18:22.0750 2080 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:18:22.0859 2080 kbdhid - ok
17:18:22.0921 2080 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:18:23.0078 2080 kmixer - ok
17:18:23.0093 2080 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:18:23.0140 2080 KSecDD - ok
17:18:23.0171 2080 [ 5767BAC5A2C4688A18F580EFB3A0E081 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
17:18:23.0171 2080 L1c - ok
17:18:23.0218 2080 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:18:23.0281 2080 lanmanserver - ok
17:18:23.0312 2080 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:18:23.0375 2080 lanmanworkstation - ok
17:18:23.0375 2080 lbrtfdc - ok
17:18:23.0437 2080 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:18:23.0484 2080 LightScribeService - ok
17:18:23.0531 2080 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:18:23.0656 2080 LmHosts - ok
17:18:23.0765 2080 [ 412776CC8A69AC86BE9DEBED4CD82172 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
17:18:23.0796 2080 LMIGuardianSvc - ok
17:18:23.0812 2080 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
17:18:23.0828 2080 LMIInfo - ok
17:18:23.0828 2080 [ 7E78DB3671549438C98D2BAB35DD4DDC ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
17:18:23.0843 2080 LMIMaint - ok
17:18:23.0859 2080 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
17:18:23.0875 2080 lmimirr - ok
17:18:23.0875 2080 LMIRfsClientNP - ok
17:18:23.0875 2080 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
17:18:23.0890 2080 LMIRfsDriver - ok
17:18:23.0937 2080 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
17:18:23.0953 2080 LogMeIn - ok
17:18:23.0984 2080 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:18:24.0109 2080 Messenger - ok
17:18:24.0156 2080 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:18:24.0281 2080 mnmdd - ok
17:18:24.0312 2080 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:18:24.0468 2080 mnmsrvc - ok
17:18:24.0500 2080 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:18:24.0609 2080 Modem - ok
17:18:24.0656 2080 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] MonFilt C:\WINDOWS\system32\drivers\MonFilt.sys
17:18:24.0734 2080 MonFilt - ok
17:18:24.0781 2080 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:18:24.0906 2080 Mouclass - ok
17:18:24.0953 2080 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:18:25.0093 2080 mouhid - ok
17:18:25.0109 2080 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:18:25.0234 2080 MountMgr - ok
17:18:25.0234 2080 mraid35x - ok
17:18:25.0296 2080 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:18:25.0421 2080 MRxDAV - ok
17:18:25.0468 2080 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:18:25.0546 2080 MRxSmb - ok
17:18:25.0546 2080 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:18:25.0671 2080 MSDTC - ok
17:18:25.0687 2080 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:18:25.0796 2080 Msfs - ok
17:18:25.0812 2080 MSIServer - ok
17:18:25.0843 2080 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:18:25.0953 2080 MSKSSRV - ok
17:18:25.0984 2080 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:18:26.0093 2080 MSPCLOCK - ok
17:18:26.0125 2080 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:18:26.0250 2080 MSPQM - ok
17:18:26.0250 2080 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:18:26.0375 2080 mssmbios - ok
17:18:26.0421 2080 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:18:26.0531 2080 MSTEE - ok
17:18:26.0578 2080 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:18:26.0625 2080 Mup - ok
17:18:26.0656 2080 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:18:26.0781 2080 NABTSFEC - ok
17:18:26.0812 2080 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:18:26.0937 2080 napagent - ok
17:18:27.0046 2080 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:18:27.0078 2080 NBService - ok
17:18:27.0093 2080 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:18:27.0218 2080 NDIS - ok
17:18:27.0250 2080 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:18:27.0359 2080 NdisIP - ok
17:18:27.0390 2080 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:18:27.0421 2080 NdisTapi - ok
17:18:27.0468 2080 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:18:27.0578 2080 Ndisuio - ok
17:18:27.0640 2080 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:18:27.0765 2080 NdisWan - ok
17:18:27.0781 2080 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:18:27.0843 2080 NDProxy - ok
17:18:27.0843 2080 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:18:27.0968 2080 NetBIOS - ok
17:18:28.0000 2080 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:18:28.0125 2080 NetBT - ok
17:18:28.0171 2080 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:18:28.0296 2080 NetDDE - ok
17:18:28.0296 2080 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:18:28.0421 2080 NetDDEdsdm - ok
17:18:28.0468 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:18:28.0609 2080 Netlogon - ok
17:18:28.0656 2080 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:18:28.0796 2080 Netman - ok
17:18:28.0812 2080 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:18:28.0828 2080 NetTcpPortSharing - ok
17:18:28.0875 2080 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:18:28.0921 2080 Nla - ok
17:18:29.0015 2080 [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:18:29.0031 2080 NMIndexingService - ok
17:18:29.0031 2080 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:18:29.0171 2080 Npfs - ok
17:18:29.0187 2080 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:18:29.0312 2080 Ntfs - ok
17:18:29.0328 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:18:29.0453 2080 NtLmSsp - ok
17:18:29.0484 2080 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:18:29.0625 2080 NtmsSvc - ok
17:18:29.0656 2080 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:18:29.0781 2080 Null - ok
17:18:29.0812 2080 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:18:29.0953 2080 NwlnkFlt - ok
17:18:29.0984 2080 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:18:30.0093 2080 NwlnkFwd - ok
17:18:30.0140 2080 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:18:30.0281 2080 Parport - ok
17:18:30.0281 2080 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:18:30.0421 2080 PartMgr - ok
17:18:30.0468 2080 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:18:30.0578 2080 ParVdm - ok
17:18:30.0609 2080 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:18:30.0734 2080 PCI - ok
17:18:30.0750 2080 PCIDump - ok
17:18:30.0750 2080 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:18:30.0890 2080 PCIIde - ok
17:18:30.0906 2080 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:18:31.0046 2080 Pcmcia - ok
17:18:31.0062 2080 PDCOMP - ok
17:18:31.0062 2080 PDFRAME - ok
17:18:31.0078 2080 PDRELI - ok
17:18:31.0093 2080 PDRFRAME - ok
17:18:31.0093 2080 perc2 - ok
17:18:31.0109 2080 perc2hib - ok
17:18:31.0171 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:18:31.0187 2080 PlugPlay - ok
17:18:31.0203 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:18:31.0328 2080 PolicyAgent - ok
17:18:31.0375 2080 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:18:31.0500 2080 PptpMiniport - ok
17:18:31.0500 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:18:31.0640 2080 ProtectedStorage - ok
17:18:31.0671 2080 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:18:31.0812 2080 PSched - ok
17:18:31.0828 2080 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:18:31.0968 2080 Ptilink - ok
17:18:31.0984 2080 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:18:32.0000 2080 PxHelp20 - ok
17:18:32.0015 2080 ql1080 - ok
17:18:32.0015 2080 Ql10wnt - ok
17:18:32.0031 2080 ql12160 - ok
17:18:32.0046 2080 ql1240 - ok
17:18:32.0046 2080 ql1280 - ok
17:18:32.0093 2080 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:18:32.0218 2080 RasAcd - ok
17:18:32.0250 2080 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:18:32.0390 2080 RasAuto - ok
17:18:32.0421 2080 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:18:32.0562 2080 Rasl2tp - ok
17:18:32.0593 2080 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:18:32.0718 2080 RasMan - ok
17:18:32.0750 2080 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:18:32.0875 2080 RasPppoe - ok
17:18:32.0875 2080 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:18:33.0000 2080 Raspti - ok
17:18:33.0031 2080 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:18:33.0156 2080 Rdbss - ok
17:18:33.0187 2080 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:18:33.0328 2080 RDPCDD - ok
17:18:33.0375 2080 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:18:33.0484 2080 RDPWD - ok
17:18:33.0515 2080 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:18:33.0625 2080 RDSessMgr - ok
17:18:33.0734 2080 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:18:33.0734 2080 RealNetworks Downloader Resolver Service - ok
17:18:33.0765 2080 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:18:33.0906 2080 redbook - ok
17:18:33.0937 2080 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:18:34.0062 2080 RemoteAccess - ok
17:18:34.0171 2080 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:18:34.0171 2080 RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:18:34.0171 2080 RichVideo - detected UnsignedFile.Multi.Generic (1)
17:18:34.0187 2080 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:18:34.0312 2080 RpcLocator - ok
17:18:34.0343 2080 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:18:34.0359 2080 RpcSs - ok
17:18:34.0390 2080 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:18:34.0515 2080 RSVP - ok
17:18:34.0546 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:18:34.0671 2080 SamSs - ok
17:18:34.0718 2080 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:18:34.0734 2080 SASDIFSV - ok
17:18:34.0750 2080 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:18:34.0765 2080 SASKUTIL - ok
17:18:34.0796 2080 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:18:34.0937 2080 SCardSvr - ok
17:18:34.0984 2080 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:18:35.0093 2080 Schedule - ok
17:18:35.0125 2080 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:18:35.0187 2080 Secdrv - ok
17:18:35.0234 2080 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:18:35.0390 2080 seclogon - ok
17:18:35.0406 2080 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:18:35.0531 2080 SENS - ok
17:18:35.0593 2080 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:18:35.0718 2080 serenum - ok
17:18:35.0750 2080 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:18:35.0875 2080 Serial - ok
17:18:35.0968 2080 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:18:36.0109 2080 Sfloppy - ok
17:18:36.0140 2080 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:18:36.0281 2080 SharedAccess - ok
17:18:36.0312 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:18:36.0328 2080 ShellHWDetection - ok
17:18:36.0328 2080 Simbad - ok
17:18:36.0359 2080 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:18:36.0468 2080 SLIP - ok
17:18:36.0484 2080 Sparrow - ok
17:18:36.0531 2080 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:18:36.0656 2080 splitter - ok
17:18:36.0687 2080 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:18:36.0718 2080 Spooler - ok
17:18:36.0750 2080 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:18:36.0812 2080 sr - ok
17:18:36.0859 2080 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:18:36.0906 2080 srservice - ok
17:18:36.0968 2080 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:18:37.0031 2080 Srv - ok
17:18:37.0078 2080 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:18:37.0125 2080 SSDPSRV - ok
17:18:37.0125 2080 SSPORT - ok
17:18:37.0171 2080 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:18:37.0312 2080 stisvc - ok
17:18:37.0328 2080 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:18:37.0468 2080 streamip - ok
17:18:37.0500 2080 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:18:37.0625 2080 swenum - ok
17:18:37.0671 2080 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:18:37.0796 2080 swmidi - ok
17:18:37.0796 2080 SwPrv - ok
17:18:37.0812 2080 symc810 - ok
17:18:37.0828 2080 symc8xx - ok
17:18:37.0843 2080 sym_hi - ok
17:18:37.0843 2080 sym_u3 - ok
17:18:37.0906 2080 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:18:38.0015 2080 sysaudio - ok
17:18:38.0062 2080 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:18:38.0203 2080 SysmonLog - ok
17:18:38.0218 2080 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:18:38.0328 2080 TapiSrv - ok
17:18:38.0359 2080 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:18:38.0390 2080 Tcpip - ok
17:18:38.0406 2080 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:18:38.0531 2080 TDPIPE - ok
17:18:38.0531 2080 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:18:38.0656 2080 TDTCP - ok
17:18:38.0703 2080 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:18:38.0843 2080 TermDD - ok
17:18:38.0906 2080 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:18:39.0046 2080 TermService - ok
17:18:39.0078 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:18:39.0093 2080 Themes - ok
17:18:39.0093 2080 TosIde - ok
17:18:39.0140 2080 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:18:39.0281 2080 TrkWks - ok
17:18:39.0312 2080 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:18:39.0453 2080 Udfs - ok
17:18:39.0453 2080 ultra - ok
17:18:39.0500 2080 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:18:39.0656 2080 Update - ok
17:18:39.0671 2080 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:18:39.0734 2080 upnphost - ok
17:18:39.0750 2080 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:18:39.0859 2080 UPS - ok
17:18:39.0906 2080 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:18:40.0031 2080 usbccgp - ok
17:18:40.0078 2080 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:18:40.0203 2080 usbehci - ok
17:18:40.0250 2080 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:18:40.0375 2080 usbhub - ok
17:18:40.0437 2080 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:18:40.0546 2080 usbprint - ok
17:18:40.0562 2080 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:18:40.0687 2080 usbscan - ok
17:18:40.0718 2080 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:18:40.0859 2080 USBSTOR - ok
17:18:40.0906 2080 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:18:41.0046 2080 usbuhci - ok
17:18:41.0062 2080 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:18:41.0187 2080 VgaSave - ok
17:18:41.0281 2080 [ F29BFD0C5CCCC9823E5FCDEE71DBC054 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
17:18:41.0390 2080 VIAHdAudAddService - ok
17:18:41.0390 2080 ViaIde - ok
17:18:41.0421 2080 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:18:41.0578 2080 VolSnap - ok
17:18:41.0578 2080 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:18:41.0640 2080 VSS - ok
17:18:41.0687 2080 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:18:41.0812 2080 W32Time - ok
17:18:41.0843 2080 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:18:41.0984 2080 Wanarp - ok
17:18:42.0015 2080 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:18:42.0062 2080 wceusbsh - ok
17:18:42.0062 2080 WDICA - ok
17:18:42.0109 2080 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:18:42.0250 2080 wdmaud - ok
17:18:42.0281 2080 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:18:42.0406 2080 WebClient - ok
17:18:42.0406 2080 WinDriver6 - ok
17:18:42.0515 2080 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:18:42.0640 2080 winmgmt - ok
17:18:42.0687 2080 [ 482069CDA24AA0E94B1351E30EB3D01F ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:18:42.0734 2080 WmdmPmSN - ok
17:18:42.0750 2080 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:18:42.0875 2080 WmiApSrv - ok
17:18:42.0968 2080 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:18:43.0031 2080 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
17:18:43.0031 2080 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
17:18:43.0125 2080 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:18:43.0187 2080 WPFFontCache_v0400 - ok
17:18:43.0218 2080 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:18:43.0343 2080 WS2IFSL - ok
17:18:43.0390 2080 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:18:43.0531 2080 wscsvc - ok
17:18:43.0562 2080 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:18:43.0687 2080 WSTCODEC - ok
17:18:43.0703 2080 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:18:43.0812 2080 wuauserv - ok
17:18:43.0843 2080 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:18:43.0875 2080 WudfPf - ok
17:18:43.0890 2080 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:18:43.0906 2080 WudfRd - ok
17:18:43.0921 2080 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:18:43.0937 2080 WudfSvc - ok
17:18:43.0984 2080 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:18:44.0109 2080 WZCSVC - ok
17:18:44.0171 2080 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:18:44.0312 2080 xmlprov - ok
17:18:44.0343 2080 [ 9278A9870D9E919B20EBC17299FBB107 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:18:44.0375 2080 yukonwxp - ok
17:18:44.0390 2080 ================ Scan global ===============================
17:18:44.0437 2080 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:18:44.0468 2080 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
17:18:44.0468 2080 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
17:18:44.0515 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:18:44.0515 2080 [Global] - ok
17:18:44.0515 2080 ================ Scan MBR ==================================
17:18:44.0546 2080 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:18:44.0750 2080 \Device\Harddisk0\DR0 - ok
17:18:44.0750 2080 ================ Scan VBR ==================================
17:18:44.0750 2080 [ C785B8E7DFA9960FC432325A7E046F10 ] \Device\Harddisk0\DR0\Partition1
17:18:44.0750 2080 \Device\Harddisk0\DR0\Partition1 - ok
17:18:44.0750 2080 ============================================================
17:18:44.0750 2080 Scan finished
17:18:44.0750 2080 ============================================================
17:18:44.0875 3224 Detected object count: 4
17:18:44.0875 3224 Actual detected object count: 4
17:19:30.0515 3224 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:30.0515 3224 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:30.0515 3224 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:30.0515 3224 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:30.0515 3224 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:30.0515 3224 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:30.0515 3224 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:30.0515 3224 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:33:45.0875 1616 Deinitialize success
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm

Re: Searchcore.net problem

Unread postby Cypher » April 30th, 2013, 6:24 am

Hi,
That scan looks ok so lets try this fix again, once done give me another update please.
SUPERAntiSpyware

Please uninstall SUPERAntiSpyware, you can reinstall it when we are finished if you wish.

Next.

  • Double click OTL.exe to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :processes
    killallprocesses
    
    :otl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcore.net/426
    
    :services
    16739237
    
    :files
    C:\WINDOWS\system32\drivers\16739237.sys
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Searchcore.net problem

Unread postby mrwasp » April 30th, 2013, 8:03 am

Hi Cypher

Internet Explorer now looks OK. Serachcore no longer in Home page. Many thanks for all your help. OTL log follows:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== SERVICES/DRIVERS ==========
Error: Unable to stop service 16739237!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\16739237 deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\drivers\16739237.sys moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\Fix programs\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\Fix programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 585208 bytes
->Temporary Internet Files folder emptied: 7629732 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6774027 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6565 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2630144 bytes

Total Files Cleaned = 17.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 04302013_124950

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mrwasp
Active Member
 
Posts: 10
Joined: April 25th, 2013, 12:19 pm

Re: Searchcore.net problem

Unread postby Cypher » April 30th, 2013, 11:23 am

Hi,
Many thanks for all your help

You're most welcome glad we could help.
Internet Explorer now looks OK. Serachcore no longer in Home page

Excellent, in that case you should be good to go. Your computer appears to be clean of malware.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools/logs we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware