Hi deltalima
The scans took a lot longer than I expected so I left it running overnight. Only one warning message came up from AVG during the scans and I selected the "allow option" to continue. Here are the results.
OTL.txt
OTL logfile created on: 10/06/2013 22:01:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User_1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.97 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.17% Memory free
4.17 Gb Paging File | 2.69 Gb Available in Paging File | 64.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 96.10 Gb Free Space | 44.13% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.53 Gb Free Space | 63.54% Space Free | Partition Type: NTFS
Computer Name: DELL-PC | User Name: User_1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\User_1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Nuance\Nuance Cloud Connector\GladinetClient.exe (Gladinet, INC)
PRC - C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe (Gladinet, INC)
PRC - C:\Program Files\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe ()
PRC - C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
========== Modules (No Company Name) ========== MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\WOSMui_En.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\WOSMui.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\zlib125.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\sqlite3.dll ()
========== Services (SafeList) ========== SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GladFileMonSvc) -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe (Gladinet, INC)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportCerberus_50414) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys ()
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriver32.sys (NCH Software)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{472E69CE-A0D3-45A8-AA73-E9E25AF24E9D}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" =
http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}: "URL" =
http://startsear.ch/?aff=1&src=sp&cf=23 ... 808abc5&q={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{472E69CE-A0D3-45A8-AA73-E9E25AF24E9D}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=DLSDF7&pc=MDDS&src=IE-SearchBox
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{8125748D-F881-4B94-BBE0-00A95AB73944}: "URL" =
http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" =
http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}: "URL" =
http://startsear.ch/?aff=1&src=sp&cf=23 ... 808abc5&q={searchTerms}
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=1083&systemid=1&sr=0&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\User_1\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/18 12:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6b4\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2010/05/14 06:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6b4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2013/05/21 20:40:07 | 000,000,000 | ---D | M]
[2012/01/18 10:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Extensions
[2013/05/08 11:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions
[2010/06/14 06:47:16 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/14 06:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/18 10:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2011/11/22 22:01:41 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2012/07/29 09:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\plugin@yontoo.com
[2011/11/22 22:08:59 | 000,002,517 | ---- | M] () -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\searchplugins\Search_Results.xml
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\searchplugins\startsear.xml
File not found (No name found) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
[2010/04/20 13:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.6 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
========== Chrome ========== CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url =
http://dts.search-results.com/sr?src=cr ... =1&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
http://www.google.co.uk/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort14reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..Trusted Domains: promap.co.uk ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550}
https://www.promapserver.co.uk/controls ... promap.cab (Promap Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EF690AD-A359-45A8-ABA9-77DF6C45A09C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E1F9C7-604C-459B-9494-D2B23530F364}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/06/10 21:57:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User_1\Desktop\OTL.exe
[2013/06/10 21:23:34 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/06/10 21:05:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/10 20:56:33 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\User_1\Desktop\MGADiag.exe
[2013/06/05 15:10:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User_1\Desktop\dds.scr
[2013/06/05 08:11:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/05 07:59:26 | 000,000,000 | ---D | C] -- C:\Users\User_1\Desktop\tdsskiller
[2013/05/31 08:05:22 | 000,000,000 | ---D | C] -- C:\Users\User_1\AppData\Local\FixItCenter
[2013/05/31 08:01:31 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2013/05/31 08:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2013/05/27 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\User_1\AppData\Roaming\Malwarebytes
[2013/05/27 14:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/27 14:42:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/27 14:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/21 09:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/15 23:48:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/15 23:37:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 23:37:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 23:37:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/15 23:37:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 23:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 23:37:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/15 23:37:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 07:20:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 07:19:48 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\User_1\*.tmp files -> C:\Users\User_1\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/06/10 22:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2013/06/10 21:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User_1\Desktop\OTL.exe
[2013/06/10 21:57:37 | 000,000,871 | ---- | M] () -- C:\Users\User_1\Desktop\MalWare Removal Forum • View topic - HOW TO GET HELP IN THIS FORUM - everyone must read this..website
[2013/06/10 21:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/10 21:25:41 | 000,017,408 | ---- | M] () -- C:\Users\User_1\AppData\Roaming\wklnhst.dat
[2013/06/10 21:22:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 21:22:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 21:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 21:11:52 | 000,385,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/10 21:11:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/10 21:11:50 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2013/06/10 21:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/10 21:11:33 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 20:56:33 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\User_1\Desktop\MGADiag.exe
[2013/06/10 20:53:15 | 000,459,264 | ---- | M] () -- C:\Users\User_1\Desktop\CKScanner.exe
[2013/06/10 11:57:22 | 000,027,136 | ---- | M] () -- C:\Users\User_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/06 19:57:50 | 000,000,807 | ---- | M] () -- C:\Users\User_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Long term forecast for London, England (United Kingdom) – yr.no.website
[2013/06/06 00:19:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/05 22:49:34 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/05 15:10:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User_1\Desktop\dds.scr
[2013/06/05 14:28:29 | 000,001,006 | ---- | M] () -- C:\Users\User_1\Desktop\Continue Adobe Reader Free Download Installation.lnk
[2013/06/05 08:22:57 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/31 08:01:40 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2013/05/27 16:08:46 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/27 14:42:46 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 23:51:29 | 000,645,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/26 23:51:29 | 000,123,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/25 18:22:13 | 000,002,347 | ---- | M] () -- C:\Users\User_1\Desktop\SyncToy 2.1.lnk
[2013/05/21 09:38:16 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/18 12:41:44 | 000,001,434 | ---- | M] () -- C:\Users\User_1\Desktop\DivX Movies.lnk
[2013/05/18 12:40:59 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/18 12:40:19 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/18 12:37:50 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/14 23:19:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/14 23:19:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Users\User_1\*.tmp files -> C:\Users\User_1\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/06/10 20:53:15 | 000,459,264 | ---- | C] () -- C:\Users\User_1\Desktop\CKScanner.exe
[2013/06/05 15:14:31 | 000,000,871 | ---- | C] () -- C:\Users\User_1\Desktop\MalWare Removal Forum • View topic - HOW TO GET HELP IN THIS FORUM - everyone must read this..website
[2013/06/05 14:28:29 | 000,001,006 | ---- | C] () -- C:\Users\User_1\Desktop\Continue Adobe Reader Free Download Installation.lnk
[2013/06/05 08:22:57 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/31 08:01:40 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2013/05/31 08:01:40 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2013/05/30 12:03:43 | 000,000,807 | ---- | C] () -- C:\Users\User_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Long term forecast for London, England (United Kingdom) – yr.no.website
[2013/05/27 14:42:46 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/18 12:40:59 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/18 12:37:50 | 000,000,000 | ---- | C] () -- C:\END
[2012/04/11 16:45:08 | 000,000,016 | -H-- | C] () -- C:\Users\User_1\SyncToy_d9fabba5-1c88-4f85-b208-ed3c83240c29.dat
[2012/02/27 16:04:00 | 000,060,304 | ---- | C] () -- C:\Users\User_1\g2mdlhlpx.exe
[2011/10/28 19:10:36 | 000,034,326 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/08/01 12:24:28 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/07/09 17:44:30 | 000,038,433 | ---- | C] () -- C:\Users\User_1\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/02/19 10:09:27 | 000,005,178 | ---- | C] () -- C:\Users\User_1\webex.ini
[2010/02/19 10:09:25 | 000,028,672 | ---- | C] () -- C:\Users\User_1\atwbxdet.dll
[2009/07/27 12:38:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/11 17:34:05 | 004,149,248 | ---- | C] () -- C:\Users\User_1\AppData\Local\filesync.metadata
[2009/05/14 20:53:13 | 000,027,136 | ---- | C] () -- C:\Users\User_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/14 12:54:45 | 000,017,408 | ---- | C] () -- C:\Users\User_1\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ========== @Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:FD9CE1F3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >
EXTRAS.txt
OTL Extras logfile created on: 10/06/2013 22:01:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User_1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.97 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.17% Memory free
4.17 Gb Paging File | 2.69 Gb Available in Paging File | 64.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 96.10 Gb Free Space | 44.13% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.53 Gb Free Space | 63.54% Space Free | Partition Type: NTFS
Computer Name: DELL-PC | User Name: User_1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DDAE08-89C6-4801-B350-32965F0F5B1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{0ECD06D0-0B74-403B-A348-154DECBEA263}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1FB9F892-0C1F-465C-B635-394C9BC71B30}" = lport=139 | protocol=6 | dir=in | app=system |
"{24A81CBF-4A06-42A1-9F87-146EC59F7AC3}" = lport=445 | protocol=6 | dir=in | app=system |
"{24F17BF7-E456-470A-83F1-AA14C2B2E2F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31461CBA-C86B-4179-9554-4810CF8F9998}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36C00D32-3D7B-4CB5-BA1D-AAE0F236475C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C729743-98C3-4BC1-8618-4F429FD3926B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5EE47F80-CE2F-46D8-8DDE-B7ED0D1BE529}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6FF014E6-D4EF-4610-926C-AF1DE45C32DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71709AE9-2098-4F20-AF8E-DE49F22F5300}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
name=@firewallapi.dll,-28539 |
"{74566C95-46BC-4943-AFB1-20A4976EAEC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74A77C8D-88E5-4DAB-946C-20DFB96763CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{8089193E-9F88-4FDD-9524-4BA8C8E68E04}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{859F4624-8C63-4491-932F-3446F4AE7F0D}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A795778-44C3-4CEC-9C9A-FBC82A919EE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B33B5722-90BB-46B3-ABFE-10FF6CEC5E05}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B606CD80-A947-4DAF-841E-4051CFA044A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8BABF15-848B-4BD3-B540-0200DA3DDC4F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF3B211A-3A7B-4008-95C1-7EB682789FE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{C0E978D4-6E01-4E0F-9D90-154DCF8D856D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE05F2BB-4905-474F-A4E4-C9CE8F82B37B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9101D44-1E98-4B0D-BA05-F29119AF5B0D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F363AFFF-4A75-4285-9D16-DB578362B390}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F87445CD-203F-490C-9839-C7C5ADD9354B}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064D13E0-D15D-46C6-A808-6D1FE9772DC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07B2298A-651C-42C5-9570-40B25F962EF2}" = protocol=58 | dir=out |
name=@firewallapi.dll,-28546 |
"{0C145000-7355-4209-91EC-83710C148788}" = protocol=1 | dir=out |
name=@firewallapi.dll,-28544 |
"{0E05FDB2-E195-46B1-864D-7FE4160D96CA}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr.exe |
"{330A5168-355E-4BAD-8C5F-CE36EBCE64DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DAABFF5-597F-4A8D-8C6D-257355A2A39C}" = protocol=1 | dir=in |
name=@firewallapi.dll,-28543 |
"{40ED0A16-00AE-4E10-847B-3B202C0A7C78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45EEE8A2-B192-43CF-B9EC-ED0DDE8487BC}" = protocol=58 | dir=in |
name=@firewallapi.dll,-28545 |
"{460E66FF-17E6-42AD-961C-5A907A97E013}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{49824100-6AE4-4703-9572-5917EF257B93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E048B72-23AA-489A-82A0-DA90AF02F46A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51F4ABED-2E08-4068-A798-560BF77B3CF7}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\gladinetclient.exe |
"{57E6EE38-E1CF-4E07-823D-F7085D1E89EA}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvrxp32.exe |
"{62D586A2-0544-4FBD-BCA2-94DB5190DBCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EB1814B-02F0-47C3-883D-23E8F0D574D4}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr.exe |
"{74932B23-A239-4C70-926A-D170F03FBE59}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{7C77E2F9-0477-4163-876E-8A742CEAA6E0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7FCAA51A-6BB6-4E8E-AEDD-233C0FE6F899}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{910BD607-F586-487D-9B82-7C89C7307A42}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{930F087F-83C8-480C-977B-F619E2F2E93A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{9D239202-E642-4EF9-9C91-168C25402FD3}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{9DC88407-EB30-41E0-A2F8-7B4AD5E78872}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A29A3A81-EDED-468B-BC5E-3D735616F5A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACF6F313-A384-465A-B280-03682889D4E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3A7B831-BAAC-429D-9CAD-3B08030469F0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C63F7BB6-95B8-4D10-ABF1-27AD2AA60F76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC6AFCB7-BAAD-4535-9241-7B04C74BC7A2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{D3903859-BA91-474B-B276-B128DD583229}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{D48FA0E0-70E6-44F3-8162-21E40B463741}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\gladinetclient.exe |
"{DEEE0655-C30E-42D4-978E-6C3309C9F1DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF83CED6-059A-4F92-A69A-752D02B7630B}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvrxp32.exe |
"{E142FF18-8530-4405-BA25-ECF939F1F9BC}" = protocol=6 | dir=out | app=system |
"{E73A9606-68B1-4E3A-953B-A072614329B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F17CF53A-805F-4AEF-AB44-95BCCA90D492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{73F6AB62-DA44-4A72-BDD0-BC42A5EBF494}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FFDAD7CB-3D85-4D8B-9DD3-77088663113E}C:\program files\microsoft office\office12\powerpnt.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\powerpnt.exe |
"UDP Query User{29C970C3-F598-4506-AE87-283A1E97AB11}C:\program files\microsoft office\office12\powerpnt.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\powerpnt.exe |
"UDP Query User{B61E966D-C663-4C5D-A4BE-50A2244C5053}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{347607E9-669D-4DFD-80EA-BDF66DEF1288}" = liteCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4310.24706 powered by OfficeDrop
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{590F8CD3-300F-425C-B447-E4D5AE6799C9}" = Nuance Cloud Connector
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E12D9F6-E86A-4EE3-BA5A-965FDBC6687F}" = O2InstV3Win7UpdateV1
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C64C35E-093A-43B9-B7E5-9966581FC143}" = iSCC
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACE26AE1-75E0-44A3-A178-A8E99C62FBC5}" = Nuance PaperPort 14
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DEE76D44-8D7C-4A32-8FAE-A813817631FC}" = AVG 2013
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{EDAB5719-9336-434B-AB1E-1FAFE47AC198}" = Swiss Railway Clock
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AF4226E8D5EAFCFCFD3F2586FA56375A4B504CDE" = Windows Driver Package - Ralink (netr28u) Net (10/29/2008 2.02.04.0000)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Setup" = DivX Setup
"ExpressRip" = Express Rip
"FairBot_is1" = FairBot
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6b4)" = Mozilla Firefox (3.6b4)
"ODIR_is1" = ODIR
"Rapport_msi" = Rapport
"Recordpad" = RecordPad Sound Recorder
"Scribe" = Express Scribe Uninstall
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"Trusted Software Assistant_is1" = File Type Assistant
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"GoToMeeting" = GoToMeeting 5.4.0.1082
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =
Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1010
Description =
Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =
Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =
Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =
Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =
Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =
[ System Events ]
Error - 06/06/2013 19:33:50 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 07/06/2013 02:48:54 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07/06/2013 09:26:50 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 07/06/2013 09:40:06 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07/06/2013 10:03:33 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 09/06/2013 20:29:36 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09/06/2013 21:09:05 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 10/06/2013 03:02:48 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/06/2013 16:10:09 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 10/06/2013 16:13:13 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
GMER.txt
GMER 2.1.19163 -
http://www.gmer.netRootkit scan 2013-06-11 07:23:46
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST325031 rev.4.AD 232.83GB
Running: mbni6p7v.exe; Driver: C:\Users\User_1\AppData\Local\Temp\pxldapod.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8E6821E6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8E682EDA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8E6831E2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8E686C2E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8E686C7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8E686EC2]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8E76A5D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8E76A700]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8E68308A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8E76A010]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8E682626]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8E6827E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8E686DCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8E686CE6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8E686D3A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8E686D82]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8E682154]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8E6832F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8E686B54]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8E76A300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8E76A3E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8E76A120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8E76A210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8E76A4D0]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys ZwCreateThreadEx [0x8E0CDDA0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 191 82CF88D4 4 Bytes [E6, 21, 68, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82CF891C 4 Bytes [DA, 2E, 68, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2D1 82CF8A14 8 Bytes [E2, 31, 68, 8E, 2E, 6C, 68, ...]
.text ntkrnlpa.exe!KeSetEvent + 2E1 82CF8A24 4 Bytes JMP EB3C06AB
.text ntkrnlpa.exe!KeSetEvent + 381 82CF8AC4 4 Bytes [C2, 6E, 68, 8E]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] ntdll.dll!KiUserApcDispatcher 76F85B78 5 Bytes JMP 013E47F0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AB000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] WS2_32.dll!gethostbyname 74FD62D4 5 Bytes JMP 71AE0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] ntdll.dll!KiUserApcDispatcher 76F85B78 5 Bytes JMP 0084CC40 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] USER32.dll!InSendMessageEx + 3B1 74F2E6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] WS2_32.dll!gethostbyname 74FD62D4 5 Bytes JMP 71A60022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ntdll.dll!NtMapViewOfSection 76F84994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ntdll.dll!KiUserApcDispatcher + E 76F85B86 5 Bytes JMP 6FA70FC0 c:\program files\trusteer\rapport\bin\rooksdol.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] kernel32.dll!QueueUserWorkItem 74E59104 6 Bytes PUSH 70FC0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] kernel32.dll!SetUnhandledExceptionFilter 74E6A8B5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WS2_32.dll!connect 74FC40D9 5 Bytes JMP 710D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71080022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WS2_32.dll!GetAddrInfoExW 74FD288D 5 Bytes JMP 71120022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] GDI32.dll!BitBlt 753070A6 6 Bytes PUSH 71810022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DdeInitializeW 74F27921 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EnableWindow 74F2CD8B 5 Bytes JMP 6E689EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!RegisterClassExW 74F2DA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateWindowExA 74F2DC2A 6 Bytes JMP 7192000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!RegisterClassA 74F2DF42 6 Bytes PUSH 71890022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!RegisterClassW 74F2E1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateWindowExW 74F31305 6 Bytes JMP 7196000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!TranslateMessage 74F401AD 6 Bytes PUSH 716B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!PeekMessageW 74F4045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamW 74F510B0 5 Bytes JMP 6E5E189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamW 74F52EF5 5 Bytes JMP 6E7D91B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetClipboardData 74F6715A 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamA 74F68152 5 Bytes JMP 6E7D9151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamA 74F6847D 5 Bytes JMP 6E7D921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectA 74F7D4D9 5 Bytes JMP 6E7D90D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectW 74F7D5D3 5 Bytes JMP 6E7D905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExA 74F7D639 5 Bytes JMP 6E7D8FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExW 74F7D65D 5 Bytes JMP 6E7D8F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!CoCreateInstance 754C9F3E 6 Bytes JMP 718E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!CoCreateInstanceEx 754C9F81 5 Bytes JMP 717D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetCloseHandle 7511C664 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetReadFile 7511F8D8 6 Bytes PUSH 712B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpAddRequestHeadersA 75122A3C 6 Bytes PUSH 71670022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetQueryDataAvailable 75123184 6 Bytes PUSH 712F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetOpenA 7512D5E0 6 Bytes PUSH 71370022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetConnectA 7514567E 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpOpenRequestA 75145761 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetConnectW 75145CFA 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpOpenRequestW 75145FEF 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestW 7514632D 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetOpenW 7514C596 6 Bytes PUSH 71330022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetSetStatusCallback 7514C7AA 6 Bytes PUSH 711F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetReadFileExW 7514F9EE 6 Bytes PUSH 71230022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetReadFileExA 7514FA49 6 Bytes PUSH 71270022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetGetCookieExA 75152B91 6 Bytes PUSH 713B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestExW 7515F564 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetWriteFile 7515F6C6 6 Bytes PUSH 711B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestA 7517525A 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestExA 751BECE5 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetGetCookieA 751C03DE 6 Bytes PUSH 713F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ntdll.dll!NtMapViewOfSection 76F84994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ntdll.dll!KiUserApcDispatcher + E 76F85B86 5 Bytes JMP 6FA70FC0 c:\program files\trusteer\rapport\bin\rooksdol.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!QueueUserWorkItem 74E59104 6 Bytes PUSH 70FC0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!SetUnhandledExceptionFilter 74E6A8B5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!CreateThread 74E8CB0E 5 Bytes JMP 6E6475E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WS2_32.dll!connect 74FC40D9 5 Bytes JMP 710D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71080022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WS2_32.dll!GetAddrInfoExW 74FD288D 5 Bytes JMP 71120022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] GDI32.dll!BitBlt 753070A6 6 Bytes PUSH 71810022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogParamW 74F272A2 3 Bytes JMP 6E7D9520 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogParamW + 4 74F272A6 1 Byte [F9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DdeInitializeW 74F27921 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!GetAsyncKeyState 74F2863C 5 Bytes JMP 6E62DECD C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SetWindowsHookExW 74F287AD 5 Bytes JMP 6E6825B4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CallNextHookEx 74F28E3B 5 Bytes JMP 6E6A7FF1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!UnhookWindowsHookEx 74F298DB 5 Bytes JMP 6E6CED14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!EnableWindow 74F2CD8B 5 Bytes JMP 6E689EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!RegisterClassExW 74F2DA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DefWindowProcA 74F2DB88 7 Bytes JMP 6E64980D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateWindowExA 74F2DC2A 6 Bytes JMP 6E653643 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!RegisterClassA 74F2DF42 6 Bytes PUSH 71890022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!RegisterClassW 74F2E1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateWindowExW 74F31305 6 Bytes JMP 7196000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!GetKeyState 74F38CB1 5 Bytes JMP 6E62DDA7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!TranslateMessage 74F401AD 6 Bytes PUSH 716B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DefWindowProcW 74F403B4 7 Bytes JMP 6E6A8054 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!PeekMessageW 74F4045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!IsDialogMessageW 74F40745 5 Bytes JMP 6E7D9C7A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogParamA 74F417AA 5 Bytes JMP 6E7D94E8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!IsDialogMessage 74F41847 5 Bytes JMP 6E7D9C52 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogIndirectParamA 74F426F1 5 Bytes JMP 6E7D9558 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogIndirectParamW 74F49A62 5 Bytes JMP 6E7D9590 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SetKeyboardState 74F50987 5 Bytes JMP 6E7DA571 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxParamW 74F510B0 5 Bytes JMP 6E5E189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxIndirectParamW 74F52EF5 5 Bytes JMP 6E7D91B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SendInput 74F52F75 5 Bytes JMP 6E7DA519 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!EndDialog 74F5326E 5 Bytes JMP 6E7D9F26 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SetCursorPos 74F66FB2 5 Bytes JMP 6E7DA5F2 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!GetClipboardData 74F6715A 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxParamA 74F68152 5 Bytes JMP 6E7D9151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxIndirectParamA 74F6847D 5 Bytes JMP 6E7D921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxIndirectA 74F7D4D9 5 Bytes JMP 6E7D90D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxIndirectW 74F7D5D3 5 Bytes JMP 6E7D905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxExA 74F7D639 5 Bytes JMP 6E7D8FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxExW 74F7D65D 5 Bytes JMP 6E7D8F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!keybd_event 74F7D972 5 Bytes JMP 6E7DA4D6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] SHELL32.dll!SHRestricted + D95 756489A8 4 Bytes [CF, 01, F6, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] SHELL32.dll!SHRestricted + D9D 756489B0 8 Bytes [E0, 61, F5, 6B, 79, F7, F5, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ole32.dll!OleLoadFromStream 75491E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ole32.dll!OleLoadFromStream 75491E80 5 Bytes JMP 6E7D9984 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ole32.dll!CoCreateInstanceEx 754C9F81 5 Bytes JMP 717D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetCloseHandle 7511C664 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetReadFile 7511F8D8 6 Bytes PUSH 712B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpAddRequestHeadersA 75122A3C 6 Bytes PUSH 71670022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetQueryDataAvailable 75123184 6 Bytes PUSH 712F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetOpenA 7512D5E0 6 Bytes PUSH 71370022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetConnectA 7514567E 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpOpenRequestA 75145761 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetConnectW 75145CFA 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpOpenRequestW 75145FEF 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestW 7514632D 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetOpenW 7514C596 6 Bytes PUSH 71330022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetSetStatusCallback 7514C7AA 6 Bytes PUSH 711F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetReadFileExW 7514F9EE 6 Bytes PUSH 71230022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetReadFileExA 7514FA49 6 Bytes PUSH 71270022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetGetCookieExA 75152B91 6 Bytes PUSH 713B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestExW 7515F564 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetWriteFile 7515F6C6 6 Bytes PUSH 711B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestA 7517525A 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestExA 751BECE5 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetGetCookieA 751C03DE 6 Bytes PUSH 713F0022; RET
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3528189516-2229878515-3528017422-1000@RefCount 4
---- EOF - GMER 2.1 ----