• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
deadsy

PC suddenly running slowly.

20 posts in this topic

Here's my hijack log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:30:43, on 05/01/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16869)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe

C:\Program Files\ASUS\EPU\EPU.exe

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Steam\Steam.exe

C:\Windows\DAODx.exe

C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Users\Chris\AppData\Local\Apps\2.0\5DQY275B.LAK\WJ0GCO9N.DJ5\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\IObit\Game Booster\gbtray.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU\EPU.exe" -b

O4 - HKLM\..\Run: [bCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [Razer Nostromo Driver] C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: CurseClientStartup.ccip

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://www.tera.hangame.com/common/activex/HanSetup1040.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 11480 bytes

 

 

This is from my PC which I make every effort to keep free from anything which might install something nasty, I use my laptop for anything which may typically contain spyware.

Any help?

 

EDIT: You used an obsolete version of HijackThis... Please read the FAQ http://www.spywareinfoforum.com/index.php?showtopic=79038 and post logs... Our helpers can't help without details to review...

Edited by Budfred

Share this post


Link to post
Share on other sites

Please read the Forum FAQ and post the requested logs (current version 2.0.4 of HJT, plus MBAM, DDS, Security Check). We need the information in order to help you.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

[Reopened]

 

Everyone else please begin a New Topic.

Edited by cnm

Share this post


Link to post
Share on other sites

Hi, here's the updated Hijack, DDS and MalBytes logs.

My somewhat unused firefox has also been hijacked to search.conduit homepage, although chrome [which I normally use all the time] has not.

On my computer there is Spybot search & destroy, Advanced System Care 4, MalBytes, IOrbit, AVG and now the new stuff downloaded here, all appear to be finding nothing but the drop is computer speed is getting progressively worse:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:17:58, on 21/01/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16869)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe

C:\Program Files\ASUS\EPU\EPU.exe

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Users\Chris\AppData\Local\Apps\2.0\5DQY275B.LAK\WJ0GCO9N.DJ5\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Windows\system32\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU\EPU.exe" -b

O4 - HKLM\..\Run: [bCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [Razer Nostromo Driver] C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe

O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin

O4 - Startup: CurseClientStartup.ccip

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://www.tera.hangame.com/common/activex/HanSetup1040.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 10767 bytes

 

 

--------------------------------------------------------------------------

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by Chris at 20:02:11 on 2012-01-21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2046.734 [GMT 0:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\ASUS.SYS\config\DVMExportService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe

C:\Program Files\ASUS\EPU\EPU.exe

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Users\Chris\AppData\Local\Apps\2.0\5DQY275B.LAK\WJ0GCO9N.DJ5\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\DAODx.exe

C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\IObit\Game Booster\gbtray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\notepad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Chris\Downloads\SecurityCheck.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_Plugin.exe -update plugin

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

mRun: [TurboV EVO] "c:\program files\asus\turbov evo\TurboV_EVO.exe" -b

mRun: [six Engine] "c:\program files\asus\epu\EPU.exe" -b

mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [Razer Nostromo Driver] c:\program files\razer\nostromo\RazerNostromoSysTray.exe

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

StartupFolder: c:\users\chris\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://www.tera.hangame.com/common/activex/HanSetup1040.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7558C782-9BC8-42E0-ACE5-1065EAA934E3} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{99B0175D-3080-4CBD-B808-40605F85629D} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\sypgx8gi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-3 16184]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-19 494424]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-12-14 748440]

R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.05\AsSysCtrlService.exe [2011-4-1 109056]

R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-26 223464]

R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-5-7 1737464]

R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-8-23 820568]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2010-6-10 35840]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-10 1153368]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 5188096]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 125440]

R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-8-19 1500160]

R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-8-23 18768]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-4-27 64904]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-4-27 146568]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-8-23 30600]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-1 267880]

R3 rzjoystk;Razer VJoystick;c:\windows\system32\drivers\rzjoystk.sys [2011-3-24 16896]

R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-7-14 127360]

R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-8-23 19280]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-4-1 30392]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-4-1 1127936]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-10 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-10 136176]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-5-7 9216]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-3 1343400]

.

=============== Created Last 30 ================

.

2012-01-21 19:59:39 388096 ----a-r- c:\users\chris\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-01-21 18:36:38 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-01-21 12:40:29 -------- d-----w- c:\users\chris\appdata\local\{18103937-4EEA-4024-86BC-228769AFE0A4}

2012-01-21 12:40:18 -------- d-----w- c:\users\chris\appdata\local\{A23D9DF9-5415-485A-9BDD-990EE81015BF}

2012-01-21 12:38:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3a82a503-da57-469f-9edb-945c9dc92030}\offreg.dll

2012-01-20 14:03:42 -------- d-----w- c:\users\chris\appdata\local\{3C65F975-75F2-4517-924B-99DC76EDB082}

2012-01-20 14:03:21 -------- d-----w- c:\users\chris\appdata\local\{0004282F-5B65-4B21-B69B-ABFCF8930063}

2012-01-20 05:02:05 -------- d-----w- c:\users\chris\appdata\local\{27410619-ED68-403B-80E9-5C082F9DF925}

2012-01-20 05:01:53 -------- d-----w- c:\users\chris\appdata\local\{F76BCC4A-33F9-41AB-8577-09882EFC82E5}

2012-01-19 19:29:18 -------- d-----w- c:\users\chris\appdata\local\{5746406C-1375-4E34-BDA4-937B8635FC7D}

2012-01-19 19:29:01 -------- d-----w- c:\users\chris\appdata\local\{2D749172-822A-4F8C-B98C-B469FC9FD1C3}

2012-01-11 07:48:20 -------- d-----w- c:\users\chris\appdata\local\{5C8104FE-BCAB-4152-A3EE-B7046C1B3DDB}

2012-01-11 07:48:06 -------- d-----w- c:\users\chris\appdata\local\{FD72972D-836D-4E96-881C-7AA85744FD01}

2012-01-10 15:44:32 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3a82a503-da57-469f-9edb-945c9dc92030}\mpengine.dll

2012-01-09 13:10:32 -------- d-----w- c:\users\chris\appdata\local\{552C6DC1-6722-488A-AE02-56985AC48986}

2012-01-09 13:10:14 -------- d-----w- c:\users\chris\appdata\local\{80EDBB32-4C8F-4B99-9EAC-D434AF094E96}

2012-01-08 01:31:14 -------- d-----w- c:\users\chris\appdata\local\{CBC4F137-5AD2-4A5D-B769-12BDC42AB90E}

2012-01-08 01:31:01 -------- d-----w- c:\users\chris\appdata\local\{792B056D-78FD-4BA2-BD6D-EDA1DFB13CBF}

2012-01-06 23:10:49 -------- d-----w- c:\users\chris\appdata\local\{CCA18C3D-D9A2-42AE-A5CE-E1F79498F55D}

2012-01-06 23:10:37 -------- d-----w- c:\users\chris\appdata\local\{BFB43E48-260A-4D68-AFAA-3FF91B8CA7CA}

2012-01-05 01:03:49 -------- d-----w- c:\program files\VS Revo Group

2012-01-05 00:30:09 -------- d-----w- c:\program files\Trend Micro

2012-01-04 21:56:25 -------- d-----w- c:\users\chris\appdata\local\{323317BB-4FB5-462B-88D1-CD892463D9E5}

2012-01-04 21:56:01 -------- d-----w- c:\users\chris\appdata\local\{AB61C43D-5F03-44C4-99D8-320BE589A4D4}

2012-01-04 21:07:03 -------- d-----w- c:\users\chris\appdata\local\{93870C59-ED3D-455E-9B40-6F75B4CEEFFC}

2012-01-04 21:06:47 -------- d-----w- c:\users\chris\appdata\local\{80A03C3B-B453-4EA3-B50B-B551CBA8C462}

2012-01-04 19:38:07 -------- d-----w- c:\program files\Conduit

2012-01-04 19:38:03 -------- d-----w- c:\users\chris\appdata\local\Conduit

2012-01-04 12:25:30 -------- d-----w- c:\users\chris\appdata\local\{427BAA04-00D9-4686-A556-3B4F6124F634}

2012-01-04 12:24:05 -------- d-----w- c:\users\chris\appdata\local\{60E43A5D-FBCD-4D6F-8DFE-F567BE49C549}

2012-01-03 12:22:41 -------- d-----w- c:\users\chris\appdata\local\{4D52DB45-4404-461C-A198-0CEAEB3C9F06}

2012-01-03 12:22:16 -------- d-----w- c:\users\chris\appdata\local\{E98DEDF4-E9E2-4171-9E94-8E7F0901CA2F}

2012-01-02 12:37:20 -------- d-----w- c:\users\chris\appdata\local\{29EAC772-DFF9-4442-A1A1-C25AE9D5162A}

2012-01-02 12:36:58 -------- d-----w- c:\users\chris\appdata\local\{5C0A62C0-308F-4A9B-B8AC-B998CE2DE763}

2011-12-31 01:16:18 -------- d-----w- c:\users\chris\appdata\local\{1B6F335F-CB6F-4914-9021-95D7DA850EAD}

2011-12-31 01:15:55 -------- d-----w- c:\users\chris\appdata\local\{FE376193-BE7A-4140-A9AD-06DD90FBCF43}

2011-12-30 21:12:23 -------- d-----w- c:\users\chris\appdata\local\{B8BDF4D5-91BD-4087-A761-5D65B7827B75}

2011-12-30 21:11:56 -------- d-----w- c:\users\chris\appdata\local\{2E34D9B3-18A7-47E2-B258-2DF9A36E7A3A}

2011-12-30 19:18:50 -------- d-----w- c:\users\chris\appdata\local\{14B19C62-5E15-42F1-A550-4C7621FFD702}

2011-12-30 19:18:35 -------- d-----w- c:\users\chris\appdata\local\{F9502B88-938B-47B6-A2BF-98EB58D912EB}

2011-12-30 18:57:28 -------- d-----w- c:\program files\IObit Toolbar

2011-12-30 18:57:28 -------- d-----w- c:\program files\common files\Spigot

2011-12-30 18:57:28 -------- d-----w- c:\program files\Application Updater

2011-12-30 18:51:56 -------- d-----w- c:\users\chris\appdata\local\{863D9FC9-767C-4B88-85A5-60509571637F}

2011-12-30 18:51:34 -------- d-----w- c:\users\chris\appdata\local\{E86CB55E-A816-4586-96F4-9A219D9195F4}

.

==================== Find3M ====================

.

2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-15 14:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 20:04:15.60 ===============

 

 

------------------------------------------------------------------------------------------------------

 

 

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

 

Database version: v2012.01.04.06

 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Chris :: SEBBO-PC [administrator]

 

21/01/2012 18:13:27

mbam-log-2012-01-21 (18-13-27).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 182875

Time elapsed: 1 hour(s), 35 minute(s), 57 second(s) [aborted]

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Share this post


Link to post
Share on other sites

Please uninstall all IObit programs. IObit is a disreputable company that is known to have stolen code from MBAM.

 

IObit\Smart Defrag 2

IObit\Advanced SystemCare 5

IObit\Game Booster

IObit Toolbar

IObit Malware Fighter

After you uninstall:

 

T-Tools has created a free program that has been designed specifically to remove every last trace of the entries of IObit programs left behind if and when you had decided to uninstall one or more of these programs. Please download BitRemover from here:

http://www.t-tools.nl/bitremoveren.php

Save the program to your Desktop and double-click on the program to run it.

 

Then:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy the contents of these files, one at a time, and post with your next two replies.

Share this post


Link to post
Share on other sites

Argh sorry I had to restart OTL so many times I didn't check the Purity/LOP boxes when it finally ran, here's the extras report with them both ticked:

 

 

OTL Extras logfile created on: 22/01/2012 19:56:38 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.07% Memory free

4.00 Gb Paging File | 2.12 Gb Available in Paging File | 53.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.66 Gb Total Space | 296.14 Gb Free Space | 63.60% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 931.51 Gb Total Space | 910.59 Gb Free Space | 97.75% Space Free | Partition Type: NTFS

 

Computer Name: SEBBO-PC | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0214578F-4888-43FB-9E34-C14FCFDEDDEB}" = Razer Nostromo

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{068A2E6A-96CD-9FAB-8D3E-8CC3F5FC62CC}" = CCC Help English

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{176A02AC-6C89-A8B2-6D0A-F11DBA363C3F}" = ATI Catalyst Install Manager

"{178F6530-AEDB-3F43-5B6C-2D0CCD10FDFA}" = ATI AVIVO Codecs

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{2FAD5D8B-56E2-1C4D-E84E-ED162C32D4C5}" = Catalyst Control Center Graphics Light

"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B8C04D7-47E2-AB0B-B573-65893836AD10}" = ccc-core-static

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{54FB1D26-CB8F-2B7C-1B22-344AA1896FE1}" = Catalyst Control Center Graphics Full Existing

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C9BD943-2017-7E76-D945-DF02DF919D96}" = Catalyst Control Center Core Implementation

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver

"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU

"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AE613868-24C7-4f1f-A9C6-7B3B718ABDA5}" = IObit Toolbar v4.9

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B794F825-BBA6-C4BB-79C4-CC657CA130AA}" = Catalyst Control Center Graphics Previews Vista

"{BBC25C82-FE8E-9A34-07B9-F182879E44CD}" = Catalyst Control Center Localization All

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{CE186519-9D34-3BA5-4CAB-8C3457D18F65}" = Catalyst Control Center Graphics Full New

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility

"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E747A330-9628-AB37-6D16-8AEE2FB0CDF1}" = ccc-utility

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)

"Advanced SystemCare 5_is1" = Advanced SystemCare 5

"CCleaner" = CCleaner

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Device Doctor_is1" = Device Doctor v2.1

"Diablo II" = Diablo II

"Diablo III Beta" = Diablo III Beta

"dlanconf" = devolo dLAN Configuration Wizard

"dslmon" = devolo Informer

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Game Booster_is1" = Game Booster 3

"Google Chrome" = Google Chrome

"Hardware Helper_is1" = Hardware Helper

"HijackThis" = HijackThis 2.0.2

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)

"Revo Uninstaller" = Revo Uninstaller 1.93

"Smart Defrag 2_is1" = Smart Defrag 2

"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0

"Steam App 107100" = Bastion

"Steam App 29660" = Aion

"Steam App 29720" = Guild Wars

"Steam App 39260" = FINAL FANTASY XI: Ultimate Collection - Abyssea Edition

"Steam App 41500" = Torchlight

"Steam App 42910" = Magicka

"Steam App 6370" = Bloodline Champions

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

"World of Warcraft Public Test" = World of Warcraft Public Test

"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"Guild Wars" = Guild Wars

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 10/01/2012 17:19:41 | Computer Name = Sebbo-PC | Source = Application Error | ID = 1000

Description = Faulting application name: AsSysCtrlService.exe, version: 0.0.0.0,

time stamp: 0x4c22f905 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:

0x694 Faulting application start time: 0x01cccecfe674d803 Faulting application path:

C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe Faulting module

path: unknown Report Id: ce851b97-3bd0-11e1-92bd-bcaec5325283

 

Error - 20/01/2012 14:12:32 | Computer Name = Sebbo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 20/01/2012 14:13:34 | Computer Name = Sebbo-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot

- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"

in element "assemblyIdentity" is invalid.

 

Error - 22/01/2012 08:53:12 | Computer Name = Sebbo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

 

Error - 22/01/2012 08:54:14 | Computer Name = Sebbo-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot

- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"

in element "assemblyIdentity" is invalid.

 

Error - 22/01/2012 11:07:00 | Computer Name = Sebbo-PC | Source = IMFservice | ID = 0

Description =

 

Error - 22/01/2012 11:07:00 | Computer Name = Sebbo-PC | Source = IMFservice | ID = 0

Description =

 

Error - 22/01/2012 15:22:40 | Computer Name = Sebbo-PC | Source = Application Error | ID = 1000

Description = Faulting application name: AsSysCtrlService.exe, version: 0.0.0.0,

time stamp: 0x4c22f905 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:

0x6cc Faulting application start time: 0x01ccd9397498a41a Faulting application path:

C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe Faulting module

path: unknown Report Id: 72d7ac54-452e-11e1-b2ed-bcaec5325283

 

Error - 22/01/2012 15:47:33 | Computer Name = Sebbo-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 16f0 Start Time:

01ccd93e426f5845 Termination Time: 10 Application Path: C:\Users\Chris\Downloads\OTL.exe

 

Report

Id: e62f7fd3-4531-11e1-b373-bcaec5325283

 

Error - 22/01/2012 15:49:13 | Computer Name = Sebbo-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 12dc Start Time:

01ccd93ec83cebe0 Termination Time: 15 Application Path: C:\Users\Chris\Downloads\OTL.exe

 

Report

Id: 236602e9-4532-11e1-b373-bcaec5325283

 

[ Media Center Events ]

Error - 10/08/2011 14:36:09 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 19:36:08 - Error connecting to the internet. 19:36:09 - Unable

to contact server..

 

Error - 10/08/2011 14:36:20 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 19:36:14 - Error connecting to the internet. 19:36:14 - Unable

to contact server..

 

Error - 11/08/2011 08:07:49 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 13:07:49 - Error connecting to the internet. 13:07:49 - Unable

to contact server..

 

Error - 11/08/2011 08:08:00 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 13:07:54 - Error connecting to the internet. 13:07:54 - Unable

to contact server..

 

Error - 12/08/2011 14:49:07 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 19:49:07 - Error connecting to the internet. 19:49:07 - Unable

to contact server..

 

Error - 12/08/2011 14:49:18 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 19:49:12 - Error connecting to the internet. 19:49:12 - Unable

to contact server..

 

Error - 13/08/2011 05:43:59 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 10:43:59 - Error connecting to the internet. 10:43:59 - Unable

to contact server..

 

Error - 13/08/2011 05:44:09 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 10:44:04 - Error connecting to the internet. 10:44:04 - Unable

to contact server..

 

Error - 19/08/2011 09:06:46 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 14:06:46 - Error connecting to the internet. 14:06:46 - Unable

to contact server..

 

Error - 19/08/2011 09:06:55 | Computer Name = Sebbo-PC | Source = MCUpdate | ID = 0

Description = 14:06:52 - Error connecting to the internet. 14:06:52 - Unable

to contact server..

 

[ System Events ]

Error - 22/01/2012 14:53:55 | Computer Name = Sebbo-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll

Error

Code: 126

 

Error - 22/01/2012 14:56:37 | Computer Name = SEBBO-PC | Source = BugCheck | ID = 1005

Description =

 

Error - 22/01/2012 14:56:37 | Computer Name = SEBBO-PC | Source = BugCheck | ID = 1001

Description =

 

Error - 22/01/2012 14:56:38 | Computer Name = Sebbo-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll

Error

Code: 126

 

Error - 22/01/2012 15:10:05 | Computer Name = Sebbo-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll

Error

Code: 126

 

Error - 22/01/2012 15:10:08 | Computer Name = Sebbo-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the PC

Tools Security Service service to connect.

 

Error - 22/01/2012 15:10:08 | Computer Name = Sebbo-PC | Source = Service Control Manager | ID = 7000

Description = The PC Tools Security Service service failed to start due to the following

error: %%1053

 

Error - 22/01/2012 15:10:39 | Computer Name = Sebbo-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the PC

Tools Security Service service to connect.

 

Error - 22/01/2012 15:10:39 | Computer Name = Sebbo-PC | Source = Service Control Manager | ID = 7000

Description = The PC Tools Security Service service failed to start due to the following

error: %%1053

 

Error - 22/01/2012 15:24:55 | Computer Name = Sebbo-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll

Error

Code: 126

 

 

< End of report >

Share this post


Link to post
Share on other sites

And the OTL:

 

 

OTL logfile created on: 22/01/2012 19:56:38 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.07% Memory free

4.00 Gb Paging File | 2.12 Gb Available in Paging File | 53.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.66 Gb Total Space | 296.14 Gb Free Space | 63.60% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 931.51 Gb Total Space | 910.59 Gb Free Space | 97.75% Space Free | Partition Type: NTFS

 

Computer Name: SEBBO-PC | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/01/22 19:44:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe

PRC - [2012/01/10 12:25:55 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2011/12/30 23:53:45 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

PRC - [2011/12/30 23:53:45 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

PRC - [2011/12/30 18:51:21 | 001,711,104 | ---- | M] (Curse) -- C:\Users\Chris\AppData\Local\Apps\2.0\5DQY275B.LAK\WJ0GCO9N.DJ5\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe

PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2011/11/21 00:34:08 | 010,856,912 | ---- | M] (Blizzard Entertainment) -- C:\Users\Public\Games\World of Warcraft\Launcher.exe

PRC - [2011/11/17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2011/10/28 14:52:24 | 000,699,736 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe

PRC - [2011/08/20 14:41:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe

PRC - [2011/08/08 07:55:42 | 003,147,856 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

PRC - [2011/07/19 13:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/13 16:31:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/07/15 17:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe

PRC - [2010/07/07 09:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe

PRC - [2010/06/24 06:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2010/04/27 02:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/03/16 17:22:40 | 005,309,056 | ---- | M] (

ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EPU\EPU.exe

PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe

PRC - [2010/03/15 02:21:18 | 001,780,224 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/12/11 07:45:10 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009/12/11 07:44:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

PRC - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe

PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/30 06:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/01/10 12:25:55 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2012/01/10 12:25:55 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll

MOD - [2012/01/10 12:25:55 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/01/10 12:25:55 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll

MOD - [2012/01/10 12:25:55 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll

MOD - [2012/01/05 09:48:44 | 000,411,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll

MOD - [2012/01/05 09:48:43 | 003,767,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll

MOD - [2012/01/05 09:47:19 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\avutil-51.dll

MOD - [2012/01/05 09:47:18 | 000,222,208 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\avformat-53.dll

MOD - [2012/01/05 09:47:17 | 001,746,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\avcodec-53.dll

MOD - [2011/10/13 12:45:06 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\6c1567259547084fc25ef4941b184be5\System.Xml.Linq.ni.dll

MOD - [2011/10/13 12:44:18 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\168c6417c92bdddd10809791ed32be3e\Microsoft.VisualBasic.ni.dll

MOD - [2011/10/13 12:35:34 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll

MOD - [2011/10/13 11:41:47 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\545f2e1ca544c2a8a39cbf8565e1c709\CustomMarshalers.ni.dll

MOD - [2011/10/13 11:41:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll

MOD - [2011/10/13 11:41:42 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cc3d9cb5c17d1863e3146c2a0d5c9e86\System.ServiceModel.ni.dll

MOD - [2011/10/13 11:41:42 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9123843fd33a30164ceb951c98b7ca2a\SMDiagnostics.ni.dll

MOD - [2011/10/13 10:05:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll

MOD - [2011/10/13 10:05:45 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll

MOD - [2011/10/13 10:05:34 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll

MOD - [2011/10/13 10:05:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll

MOD - [2011/10/13 10:05:17 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9be84470118f84e965ff0f142701efc6\System.Deployment.ni.dll

MOD - [2011/10/13 10:05:15 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011/10/13 10:05:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll

MOD - [2011/10/13 10:04:57 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll

MOD - [2011/10/13 10:04:52 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011/10/13 10:04:51 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll

MOD - [2011/10/13 10:04:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011/10/13 10:04:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011/10/13 10:04:40 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011/10/13 10:04:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/08/26 13:56:08 | 000,516,440 | ---- | M] () -- C:\Program Files\IObit\Game Booster\sqlite3.dll

MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl

MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl

MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl

MOD - [2011/04/13 16:30:42 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll

MOD - [2011/04/04 13:37:56 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2011/04/04 13:37:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll

MOD - [2011/04/01 13:09:56 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3632.28389__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll

MOD - [2011/04/01 13:09:56 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3632.28384__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3632.28280__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3632.28360__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3632.28247__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3632.28345__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2011/04/01 13:09:56 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3632.28312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2011/04/01 13:09:56 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3632.28218__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3632.28245__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2011/04/01 13:09:56 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3632.28246__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3632.28299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2011/04/01 13:09:56 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3632.28287__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3632.28359__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3632.28319__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3632.28229__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3632.28346__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3632.28290__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3632.28277__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3632.28238__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2011/04/01 13:09:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3632.28286__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3632.28252__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3632.28288__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3632.28229__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:56 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3632.28389__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:55 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3632.28381__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll

MOD - [2011/04/01 13:09:55 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3632.28331__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2011/04/01 13:09:55 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3632.28237__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2011/04/01 13:09:55 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:55 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3632.28273__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:55 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011/04/01 13:09:55 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3621.42202__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3632.28338__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2011/04/01 13:09:55 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3621.42196__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2011/04/01 13:09:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3632.28336__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2011/04/01 13:09:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3621.42247__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3632.28278__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3632.28215__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2011/04/01 13:09:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3621.42274__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3632.28217__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2011/04/01 13:09:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3621.42246__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3621.42243__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3621.42219__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2011/04/01 13:09:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2011/04/01 13:09:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3632.28353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2011/04/01 13:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3621.42205__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2011/04/01 13:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3621.42267__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3621.42214__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3621.42224__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2011/04/01 13:09:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3621.42192__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2011/04/01 13:09:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3621.42190__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2011/04/01 13:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3621.42192__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2011/04/01 13:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3621.42329__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2011/04/01 13:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3621.42229__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2011/04/01 13:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3621.42213__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3621.42244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3621.42200__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3621.42221__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3621.42209__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3621.42268__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3621.42225__90ba9c70f846762e\APM.Foundation.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3621.42212__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3621.42210__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3621.42223__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3621.42228__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3621.42240__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3621.42221__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3621.42213__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3621.42227__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3621.42278__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3621.42225__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2011/04/01 13:09:55 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3632.28212__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2011/04/01 13:09:55 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2011/04/01 13:09:54 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3632.28224__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2011/04/01 13:09:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3632.28215__90ba9c70f846762e\APM.Server.dll

MOD - [2011/04/01 13:09:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3632.28213__90ba9c70f846762e\AEM.Server.dll

MOD - [2011/04/01 13:09:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2011/04/01 13:09:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2011/04/01 13:09:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3621.42249__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2011/04/01 13:09:54 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3632.28338__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2011/02/22 16:01:26 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madexcept_.bpl

MOD - [2011/02/22 16:01:26 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Game Booster\madbasic_.bpl

MOD - [2011/02/22 16:01:26 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Game Booster\maddisAsm_.bpl

MOD - [2010/06/01 09:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll

MOD - [2010/06/01 09:38:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\flashobj.dll

MOD - [2010/03/02 07:30:58 | 064,125,952 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll

MOD - [2010/02/08 16:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll

MOD - [2010/01/08 16:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\pngio.dll

MOD - [2010/01/08 16:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\AsSpindownTimeout.dll

MOD - [2009/09/30 03:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll

MOD - [2009/09/15 17:20:52 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madbasic_.bpl

MOD - [2009/09/15 17:20:52 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\maddisAsm_.bpl

MOD - [2009/09/15 17:20:46 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madexcept_.bpl

MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll

MOD - [2009/06/10 21:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2009/05/07 08:53:18 | 000,106,496 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll

MOD - [2009/05/07 08:50:46 | 000,073,728 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll

MOD - [2009/04/22 19:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\EPU\AsusService.dll

MOD - [2009/03/30 06:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

MOD - [2008/12/10 10:19:08 | 000,430,080 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2008/02/14 05:57:00 | 000,094,208 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2012/01/10 12:25:55 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/12/30 23:53:45 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)

SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/03 00:58:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2010/06/24 06:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)

SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/12/11 07:44:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | Disabled | Running] -- -- (RegFilter)

DRV - [2011/07/14 17:18:52 | 000,127,360 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RzSynapse.sys -- (RzSynapse)

DRV - [2011/03/24 14:35:36 | 000,016,896 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzjoystk.sys -- (rzjoystk)

DRV - [2011/02/23 15:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)

DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)

DRV - [2010/06/10 12:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)

DRV - [2010/04/27 01:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/04/27 01:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010/03/02 11:27:28 | 001,127,936 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2010/01/28 12:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)

DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2010/01/19 11:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2010/01/05 18:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)

DRV - [2009/12/22 01:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2009/12/11 08:03:58 | 005,188,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)

DRV - [2009/12/11 06:50:52 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2009/11/18 10:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009/08/04 02:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)

DRV - [2009/07/16 03:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/05/05 01:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=16620&gct=hp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 3F 25 7B E8 43 CC 01 [binary data]

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://uk.ask.com/?l=dis&o=16620&gct=hp"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/18 18:44:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011/04/01 18:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

[2012/01/22 19:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions

[2012/01/21 20:07:53 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2012/01/21 20:07:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012/01/22 19:36:54 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\toolbar@ask.com

[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\askcom.xml

[2011/12/13 16:03:14 | 000,000,925 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\conduit.xml

[2011/06/15 21:46:38 | 000,002,191 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\google.xml

[2011/06/15 21:46:38 | 000,000,625 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\yahoo.xml

[2011/12/30 18:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/10/18 18:44:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/04/04 13:36:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/12/30 18:57:33 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2011/12/30 18:57:34 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF

[2011/09/29 06:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/29 00:26:50 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/09/29 00:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/09/29 00:26:50 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/09/29 00:26:50 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/09/29 00:26:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/12/30 18:57:29 | 000,000,894 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Yahoo! (Enabled)

CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=382950&p={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Ask Toolbar = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkgbncoppllbmlhjinokkjioaelp\7.13.2.0_0\

CHR - Extension: Quizlet = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh\2_0\

CHR - Extension: AdBlock = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\

CHR - Extension: Yoono WebApp = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkbgbnoikoflalnbnofkfegidffigke\1.0.0.16_0\

CHR - Extension: InternMatch = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfbpbiciejaplkadaoehpandcpbhpcl\1.0.0_0\

 

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [bCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\EPU\EPU.exe (

ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)

O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)

O4 - HKCU..\Run: [Device Doctor] C:\Program Files\Device Doctor\DDLauncher.exe (Device Doctor Software Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSig

Share this post


Link to post
Share on other sites

It doesn't look as though you had much luck uninstalling the IObit programs?

Please try it again, see above.

 

Let me know if you have any trouble with it.

Share this post


Link to post
Share on other sites

Hi I ran the t-tool remover but it left ~3 IOrbit programs still there although some of the icons had changed to unavailable icons, I also ran revo-uninstaller on them but I think they are still showing in the logs?

OTL is also only providing the OTL report and no longer the 'extras' when I click run scan, LOP and Purity are both checked, so is 'all' under standard registry, here's the log anyway:

 

 

OTL logfile created on: 23/01/2012 15:43:24 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.30% Memory free

4.00 Gb Paging File | 2.28 Gb Available in Paging File | 56.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.66 Gb Total Space | 294.75 Gb Free Space | 63.30% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: SEBBO-PC | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/01/22 19:44:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe

PRC - [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2011/12/30 18:51:21 | 001,711,104 | ---- | M] (Curse) -- C:\Users\Chris\AppData\Local\Apps\2.0\5DQY275B.LAK\WJ0GCO9N.DJ5\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe

PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2011/11/17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2011/08/08 07:55:42 | 003,147,856 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

PRC - [2011/07/19 13:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/07/15 17:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe

PRC - [2010/07/07 09:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe

PRC - [2010/06/24 06:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe

PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2010/04/27 02:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/03/16 17:22:40 | 005,309,056 | ---- | M] (

ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EPU\EPU.exe

PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe

PRC - [2010/03/15 02:21:18 | 001,780,224 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/12/11 07:45:10 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009/12/11 07:44:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe

PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

PRC - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe

PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/30 06:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/01/05 09:48:44 | 000,411,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll

MOD - [2012/01/05 09:48:43 | 003,767,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll

MOD - [2012/01/05 09:47:19 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\avutil-51.dll

MOD - [2012/01/05 09:47:18 | 000,222,208 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\avformat-53.dll

MOD - [2012/01/05 09:47:17 | 001,746,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.75\avcodec-53.dll

MOD - [2011/10/13 12:45:40 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a5feb05f9283b0e79e0959b5df220130\WindowsFormsIntegration.ni.dll

MOD - [2011/10/13 12:45:06 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\6c1567259547084fc25ef4941b184be5\System.Xml.Linq.ni.dll

MOD - [2011/10/13 12:44:18 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\168c6417c92bdddd10809791ed32be3e\Microsoft.VisualBasic.ni.dll

MOD - [2011/10/13 12:35:34 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll

MOD - [2011/10/13 11:41:47 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\545f2e1ca544c2a8a39cbf8565e1c709\CustomMarshalers.ni.dll

MOD - [2011/10/13 11:41:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll

MOD - [2011/10/13 11:41:42 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cc3d9cb5c17d1863e3146c2a0d5c9e86\System.ServiceModel.ni.dll

MOD - [2011/10/13 11:41:42 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9123843fd33a30164ceb951c98b7ca2a\SMDiagnostics.ni.dll

MOD - [2011/10/13 10:05:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll

MOD - [2011/10/13 10:05:45 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll

MOD - [2011/10/13 10:05:34 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll

MOD - [2011/10/13 10:05:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll

MOD - [2011/10/13 10:05:17 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9be84470118f84e965ff0f142701efc6\System.Deployment.ni.dll

MOD - [2011/10/13 10:05:15 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011/10/13 10:05:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll

MOD - [2011/10/13 10:04:57 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll

MOD - [2011/10/13 10:04:52 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011/10/13 10:04:51 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll

MOD - [2011/10/13 10:04:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011/10/13 10:04:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011/10/13 10:04:40 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011/10/13 10:04:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/06/28 23:38:32 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011/06/17 13:42:56 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/04/04 13:37:56 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010/06/01 09:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll

MOD - [2010/06/01 09:38:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\flashobj.dll

MOD - [2010/03/02 07:30:58 | 064,125,952 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll

MOD - [2010/02/08 16:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll

MOD - [2010/01/08 16:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\pngio.dll

MOD - [2010/01/08 16:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\AsSpindownTimeout.dll

MOD - [2009/09/30 03:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll

MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll

MOD - [2009/06/10 21:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2009/05/07 08:53:18 | 000,106,496 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll

MOD - [2009/05/07 08:50:46 | 000,073,728 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll

MOD - [2009/04/22 19:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\EPU\AsusService.dll

MOD - [2009/03/30 06:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

MOD - [2008/02/14 05:57:00 | 000,094,208 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- -- (sdCoreService)

SRV - [2012/01/10 12:25:55 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/03 00:58:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/06/24 06:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)

SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/12/11 07:44:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/07/14 17:18:52 | 000,127,360 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RzSynapse.sys -- (RzSynapse)

DRV - [2011/03/24 14:35:36 | 000,016,896 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzjoystk.sys -- (rzjoystk)

DRV - [2010/12/16 11:06:46 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2010/11/17 20:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)

DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)

DRV - [2010/06/17 17:15:36 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV - [2010/06/10 12:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)

DRV - [2010/04/27 01:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/04/27 01:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010/03/02 11:27:28 | 001,127,936 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2010/01/28 12:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)

DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010/01/19 11:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2010/01/19 11:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2010/01/05 18:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)

DRV - [2009/12/11 08:03:58 | 005,188,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)

DRV - [2009/12/11 06:50:52 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2009/11/18 10:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009/08/04 02:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)

DRV - [2009/07/16 03:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=16620&gct=hp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 3F 25 7B E8 43 CC 01 [binary data]

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.startup.homepage: "http://uk.ask.com/?l=dis&o=16620&gct=hp"

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/18 18:44:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011/04/01 18:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

[2012/01/22 19:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions

[2012/01/21 20:07:53 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2012/01/21 20:07:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012/01/22 22:09:17 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\toolbar@ask.com

[2012/01/22 22:09:21 | 000,002,575 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\askcom.xml

[2011/12/13 16:03:14 | 000,000,925 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\conduit.xml

[2011/06/15 21:46:38 | 000,002,191 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\google.xml

[2011/06/15 21:46:38 | 000,000,625 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\searchplugins\yahoo.xml

[2011/12/30 18:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/10/18 18:44:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/04/04 13:36:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/12/30 18:57:33 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2011/12/30 18:57:34 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF

[2011/09/29 06:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/29 00:26:50 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/09/29 00:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/09/29 00:26:50 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/09/29 00:26:50 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/09/29 00:26:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/12/30 18:57:29 | 000,000,894 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Yahoo! (Enabled)

CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=382950&p={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Ask Toolbar = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkgbncoppllbmlhjinokkjioaelp\7.14.1.20074_0\

CHR - Extension: Quizlet = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh\2_0\

CHR - Extension: AdBlock = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\

CHR - Extension: Yoono WebApp = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkbgbnoikoflalnbnofkfegidffigke\1.0.0.16_0\

CHR - Extension: InternMatch = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfbpbiciejaplkadaoehpandcpbhpcl\1.0.0_0\

 

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [bCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\EPU\EPU.exe (

ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)

O4 - HKCU..\Run: [Device Doctor] C:\Program Files\Device Doctor\DDLauncher.exe (Device Doctor Software Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://www.tera.hangame.com/common/activex/HanSetup1040.cab (HanSetupCtrl1010 Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7558C782-9BC8-42E0-ACE5-1065EAA934E3}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B0175D-3080-4CBD-B808-40605F85629D}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) -C:\Windows\System32\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{84e0e754-f582-11e0-9749-bcaec5325283}\Shell - "" = AutoRun

O33 - MountPoints2\{84e0e754-f582-11e0-9749-bcaec5325283}\Shell\AutoRun\command - "" = E:\DPFMate.exe

O33 - MountPoints2\{b537a112-78cf-11e0-96f3-bcaec5325283}\Shell - "" = AutoRun

O33 - MountPoints2\{b537a112-78cf-11e0-96f3-bcaec5325283}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/23 14:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/01/23 14:41:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C75ECBB2-6981-43FE-AADF-CB75775D3279}

[2012/01/23 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DE5BC53F-B8CE-45EC-A476-8DB1E75C6606}

[2012/01/22 20:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP

[2012/01/22 20:34:16 | 000,037,504 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys

[2012/01/22 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4D2954F4-8C7C-4946-9567-9CBB768F26BB}

[2012/01/22 20:21:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F6E10579-7561-4949-8602-85F5D1C71C9D}

[2012/01/22 19:38:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll

[2012/01/22 19:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2012/01/22 19:38:12 | 000,000,000 | ---D | C] -- C:\Intel

[2012/01/22 19:38:11 | 000,000,000 | ---D | C] -- C:\swsetup

[2012/01/22 19:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012/01/22 19:36:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\APN

[2012/01/22 19:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor

[2012/01/22 19:36:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Device Doctor

[2012/01/22 19:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Device Doctor

[2012/01/22 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB

[2012/01/22 19:30:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PC_Drivers_Headquarters

[2012/01/22 19:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters

[2012/01/22 19:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective

[2012/01/22 19:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters

[2012/01/22 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C904EC77-8071-455B-A92D-A232D0F7B561}

[2012/01/22 19:25:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{61D215C6-D963-45DA-814C-AE06291CC0BA}

[2012/01/22 19:15:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{45916BCB-AC65-4CAC-9797-1AA6423D33D3}

[2012/01/22 19:15:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5AC38C8A-EA55-40DB-A495-985E53C1D688}

[2012/01/22 18:57:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{808097F3-38CD-4B13-9307-D444B6AA503D}

[2012/01/22 18:57:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5692EDAE-B35D-44BE-BC72-A7EBDFFF701E}

[2012/01/22 18:55:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D322464E-0D76-44B6-A57A-683D673E6DB6}

[2012/01/22 18:54:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C42DBD7B-A38C-4673-8A6B-B42432F36AC0}

[2012/01/22 18:51:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4A82AE2B-8322-468C-8FFC-7F2B34377169}

[2012/01/22 18:51:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0DC78CFA-A146-4F97-9343-03366BDA7DF5}

[2012/01/22 18:47:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C39B37CD-4FD9-450D-B443-0694B998D51D}

[2012/01/22 18:47:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D6C6A5A3-601B-49F8-A2E8-482D3296A87A}

[2012/01/22 12:32:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3E25E896-1D03-4ED9-AA7C-60D1E25B82F9}

[2012/01/22 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4FA00A4B-0572-4AE1-9B96-58A09B58DC12}

[2012/01/21 20:11:34 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys

[2012/01/21 20:11:34 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys

[2012/01/21 20:11:33 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2012/01/21 20:11:33 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2012/01/21 20:11:26 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2012/01/21 20:11:26 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2012/01/21 20:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security

[2012/01/21 20:11:20 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

[2012/01/21 20:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/01/21 20:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2012/01/21 20:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2012/01/21 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/01/21 19:59:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/01/21 18:55:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012/01/21 18:53:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/01/21 18:53:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2012/01/21 18:53:53 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/01/21 18:53:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows

Share this post


Link to post
Share on other sites

Hi I ran the t-tool remover but it left ~3 IOrbit programs still there although some of the icons had changed to unavailable icons, I also ran revo-uninstaller on them but I think they are still showing in the logs?

OTL is also only providing the OTL report and no longer the 'extras' when I click run scan, LOP and Purity are both checked, so is 'all' under standard registry, here's the log anyway:

Good - looks better. We can get the rest with OTL. And - the Extras.txt is only produced the first time OTL is run.

 

Bring up OTL (don't run it just yet).

 

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL

PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

[2012/01/21 20:07:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/04/04 13:36:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/12/30 18:57:34 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF

CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

[2011/12/30 18:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar

[2011/12/30 18:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011/12/19 09:25:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Files

:Commands

[EMPTYTEMP]

[CREATERESTOREPOINT]

Close other windows.

Then click the red 'Run Fix' button (not the Run Scan).

 

Post the log OTL.TXT in your reply.

Share this post


Link to post
Share on other sites

Here goes:

 

 

All processes killed

========== OTL ==========

Process ApplicationUpdater.exe killed successfully!

No active process named SearchSettings.exe was found!

Service Application Updater stopped successfully!

Service Application Updater deleted successfully!

C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.

C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll moved successfully.

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.

C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sypgx8gi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF\chrome\skin folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF\chrome\locale folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF\chrome\content folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF\chrome folder moved successfully.

C:\PROGRAM FILES\IOBIT TOOLBAR\FF folder moved successfully.

File C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.

File C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.

File C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

C:\autoexec.bat moved successfully.

C:\Program Files\IObit Toolbar\Res\Lang folder moved successfully.

C:\Program Files\IObit Toolbar\Res folder moved successfully.

C:\Program Files\IObit Toolbar\IE\4.9 folder moved successfully.

C:\Program Files\IObit Toolbar\IE folder moved successfully.

C:\Program Files\IObit Toolbar folder moved successfully.

C:\Program Files\Application Updater folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.

C:\Users\Chris\AppData\Roaming\IObit folder moved successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

========== FILES ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Chris

->Temp folder emptied: 13318805 bytes

->Temporary Internet Files folder emptied: 1201984 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 53704507 bytes

->Google Chrome cache emptied: 90728663 bytes

->Flash cache emptied: 2390 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 82170 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 152.00 mb

 

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_213521

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Just a note: things are seeming smoother already, some programs which were previously acting funny aren't anymore [yay], my tower has been carrying on running (I can hear the fan) after powering off, I'm in the middle of writing more thesis notes but when I power off for the night I'll reply from the laptop if this has stopped too.

 

If this is the end, are there any further programs you could recommend to stop anything like this happening in the future? I had what I thought to be quite a rigorous spyware/malware cleanup regime so I was pretty shocked when the comp started to act virus-esque. This computer is my baby, and all I can say is I don't do *anything* contraband on it simply because it was such a hefty price (for me, living on a student loan) and I generally only use it for report writing and then gaming for maybe one day a week nowadays, just don't want anything to happen to it again.

 

Thanks for all your help.

Share this post


Link to post
Share on other sites

Good. Have we made any progress with the sudden slow running?

I hadn't seen your post.

Give me a few minutes to review the situation...

Share this post


Link to post
Share on other sites

I'll need a look at your protection.

 

Please download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.30

Windows 7 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee Security Scan Plus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

HijackThis 2.0.2

CCleaner

Java 6 Update 22

Java version out of date!

Adobe Flash Player 10.2.153.1 Flash Player out of Date!

Adobe Reader X (10.1.1)

Mozilla Firefox 7.0.1 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Share this post


Link to post
Share on other sites

Please do these important security updates:

 

Update Internet Explorer

Update Firefox

Update Adobe Flash Player

Updating Java:

  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: javaicon.gif
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Share this post


Link to post
Share on other sites

All security updates done, pc still seems a little slower than usual, is that just a case of ageing? Would adding more security/antivirus help any? Defragging?

 

Also the fan and one of the lights inside are still staying on after I shutdown, they stay on until I hold the power button in for a good few seconds and the whole tower shuts off. Is this something malicious?

 

Thanks x

Share this post


Link to post
Share on other sites

Defragging occasionally can sometimes help a little. You can also run CCleaner - but don't use the Registry Cleaner.

 

We need to check for malware.

Please run these two scans:

 

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

 


  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply, along with DDS.txt, checkup.txt and the MBAM log

 

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under scan settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report (if any) in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.