r0n5ter Posted June 11, 2012 ID:559585 Share Posted June 11, 2012 Hi,I recently downloaded some software which included the MyStart Incredibar toolbar & I am now unable to get rid of it.I've managed to stop it popping up in IE and Chrome but suspect that it is still lurking in the background & I want to make sure I'm not leaving myself open to attack.I've tried running TDSS Killer but it failed to find any threats - I'm just not convinced I know enough about this to be sure I'm ok.....Any help would be appreciated.Thanksr0nsterAttach.txtDDS.txt Link to post Share on other sites More sharing options...
Maniac Posted June 11, 2012 ID:559630 Share Posted June 11, 2012 Hello r0n5ter and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.I've tried running TDSS Killer but it failed to find any threats - I'm just not convinced I know enough about this to be sure I'm ok.....MyStart Incredibar is not a rootkit, it is a toolbar which can resets your computer settings and changes registry entry, and it effects your search results.Step 1Please uninstall the following applications:Ask Toolbar - Bundled with many third party applications - also see this note.Support.com Toolbar Update - Bundled with many third party applications - also see this note.Step 2Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
r0n5ter Posted June 18, 2012 Author ID:561555 Share Posted June 18, 2012 Hi Maniac,As requested (sorry about the delay - ben away from my machine for a couple of days...)CheersRonnieOTLOTL logfile created on: 18/06/2012 06:45:19 - Run 1OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ronnie\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy7.91 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 81.16% Memory free15.82 Gb Paging File | 14.23 Gb Available in Paging File | 89.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.41 Gb Total Space | 826.84 Gb Free Space | 88.77% Space Free | Partition Type: NTFSDrive E: | 69.64 Gb Total Space | 5.47 Gb Free Space | 7.85% Space Free | Partition Type: NTFSDrive F: | 69.64 Gb Total Space | 11.06 Gb Free Space | 15.89% Space Free | Partition Type: NTFSComputer Name: SPARE_OOM-PC | User Name: Ronnie | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/06/15 06:49:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ronnie\Desktop\OTL.exePRC - [2012/06/12 18:22:17 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exePRC - [2012/06/12 18:22:15 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exePRC - [2012/05/25 03:14:42 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exePRC - [2012/05/25 03:14:34 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exePRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exePRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exePRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exePRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exePRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEPRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe========== Modules (No Company Name) ==========MOD - [2012/06/14 18:47:40 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dllMOD - [2012/06/14 18:47:28 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dllMOD - [2012/06/14 18:47:25 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dllMOD - [2012/06/14 18:47:20 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dllMOD - [2012/06/14 18:47:18 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dllMOD - [2012/06/12 18:22:19 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dllMOD - [2012/06/12 18:22:15 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exeMOD - [2012/05/28 18:59:23 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dllMOD - [2012/05/28 18:58:28 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dllMOD - [2012/05/28 18:58:24 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dllMOD - [2012/05/28 18:37:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dllMOD - [2012/05/28 18:37:43 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dllMOD - [2012/05/28 18:37:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dllMOD - [2012/05/28 18:37:40 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dllMOD - [2012/05/28 18:37:35 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dllMOD - [2012/05/28 18:36:07 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dllMOD - [2012/05/26 00:15:59 | 000,115,137 | ---- | M] () -- C:\Users\Ronnie\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dllMOD - [2012/05/25 03:14:42 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeMOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2009/08/20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dllMOD - [2009/08/20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dllMOD - [2009/08/20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/06/12 18:22:17 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)SRV - [2012/05/25 23:29:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/24 10:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)DRV:64bit: - [2011/05/16 15:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/04/15 04:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)DRV:64bit: - [2010/11/24 01:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/02/09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hxctlflt.sys -- (hxctlflt)DRV:64bit: - [2008/02/01 16:43:34 | 000,146,728 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2)DRV:64bit: - [2007/10/11 14:45:54 | 000,186,496 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDvidvx.sys -- (AKDWC20ET)DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GBIE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 0A 8E 2E 4E 47 CD 01 [binary data]IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C8289A1D-B4A5-41A2-9807-8DF5DEEE7D65}&mid=b82110df98ab47d0a33b854de0cf39bc-c0a06aa3f791477abc518b54c50504d0d7fb3104〈=en&ds=AVG&pr=pr&d=2012-05-25 19:36:04&v=11.0.0.9&sap=dsp&q={searchTerms}IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ronnie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ronnie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 19:14:05 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/25 19:35:23 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/12 18:22:26 | 000,000,000 | ---D | M][2012/06/10 21:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions[2012/06/10 21:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllCHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: AVG Safe Search = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\CHR - Extension: AVG Do Not Track = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\CHR - Extension: Gmail = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O3:64bit: - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [CamserviceDP] C:\Program Files (x86)\Hercules\Hercules DualPix HD Webcam\x64\Camservice.exe /startup File not foundO4:64bit: - HKLM..\Run: [CamserviceHD] C:\Program Files (x86)\Hercules\Dualpix HD\XtrCtrlEx.exe (Guillemot Corporation S.A.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe (Support.com, Inc.)O4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not foundO4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not foundO4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3D6C97-2682-4DE3-97E8-3AC02545D471}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\viprotocol - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/06/15 06:49:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ronnie\Desktop\OTL.exe[2012/06/14 18:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2012/06/14 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2012/06/14 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2012/06/14 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2012/06/12 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe[2012/06/12 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Nero[2012/06/11 19:41:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ronnie\Desktop\dds.com[2012/06/11 19:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2012/06/11 07:23:07 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome[2012/06/11 06:46:21 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Sammsoft[2012/06/11 06:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2012[2012/06/11 06:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2012[2012/06/11 06:45:47 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\APN[2012/06/11 06:24:14 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Diagnostics[2012/06/10 21:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[2012/06/10 21:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer[2012/06/10 21:35:00 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Mozilla[2012/06/10 21:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload[2012/06/10 10:59:19 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{7E85AD60-388E-4D76-BAF3-9D76BC0D6698}[2012/06/10 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{AF7F9283-C2FF-4A1B-B9D0-B8D50E075486}[2012/06/10 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{A557262F-F943-4070-B6D9-DD9EDDE6CB41}[2012/06/07 10:49:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2012/05/29 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Temp[2012/05/29 19:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0[2012/05/28 22:47:58 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\My Received Files[2012/05/28 22:38:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump[2012/05/28 22:34:15 | 000,589,824 | ---- | C] (Guillemot Corporation S.A.) -- C:\Windows\SysWow64\HWLMSET2.exe[2012/05/28 22:34:13 | 000,000,000 | ---D | C] -- C:\Windows\HerculesWebcamUpdater[2012/05/28 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\InstallShield[2012/05/28 22:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe[2012/05/28 22:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe[2012/05/28 22:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe[2012/05/28 21:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero[2012/05/28 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero[2012/05/28 21:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero[2012/05/28 21:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero[2012/05/28 21:45:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling[2012/05/28 21:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe[2012/05/28 18:23:53 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{9AC8B087-CCAA-48EA-91D8-2137F2BFB4FF}[2012/05/28 06:21:27 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{59CEF9F3-137E-4810-94F8-FB2CBC5792D2}[2012/05/28 06:21:16 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{54A13566-B4B1-413A-AF14-7B79B99AB530}[2012/05/27 16:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{FC2596CD-8EA7-4B99-BEB7-D0B71628CF44}[2012/05/27 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{1D3A99FB-0E35-4918-9EB0-8E1655D3DED6}[2012/05/27 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Tracing[2012/05/27 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\Hercules webcam[2012/05/27 16:27:27 | 000,111,104 | ---- | C] (Guillemot Corporation) -- C:\Windows\SysNative\drivers\hxctlflt.sys[2012/05/27 16:17:59 | 000,000,000 | ---D | C] -- C:\Windows\en[2012/05/27 16:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition[2012/05/27 16:13:24 | 000,000,000 | ---D | C] -- C:\Windows\OvtCam[2012/05/27 16:12:39 | 000,186,496 | ---- | C] (Guillemont Corporation) -- C:\Windows\SysNative\drivers\HDvidvx.sys[2012/05/27 16:12:39 | 000,146,728 | ---- | C] (Guillemot Corporation) -- C:\Windows\SysNative\drivers\camfilt2.sys[2012/05/27 16:12:39 | 000,053,248 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\SysWow64\HDEXT.dll[2012/05/27 16:12:39 | 000,019,456 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\SysWow64\HDExt.ax[2012/05/27 16:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hercules[2012/05/27 16:12:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live[2012/05/27 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live[2012/05/27 16:11:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH[2012/05/27 16:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live[2012/05/27 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft[2012/05/27 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight[2012/05/27 16:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight[2012/05/27 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Windows Live[2012/05/27 16:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live[2012/05/27 16:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations[2012/05/27 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations[2012/05/27 16:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons[2012/05/27 16:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons[2012/05/27 16:00:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\HpUpdate[2012/05/27 16:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HP[2012/05/27 16:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP[2012/05/27 15:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP[2012/05/27 15:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP[2012/05/27 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\HP[2012/05/27 15:31:59 | 000,000,000 | ---D | C] -- C:\PSP Video[2012/05/27 10:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET[2012/05/26 12:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth[2012/05/26 11:48:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat[2012/05/26 11:48:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat[2012/05/26 03:58:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther[2012/05/26 00:26:56 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Apple Computer[2012/05/26 00:26:55 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Apple Computer[2012/05/26 00:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE[2012/05/26 00:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer[2012/05/26 00:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}[2012/05/26 00:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update[2012/05/26 00:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Apple[2012/05/26 00:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple[2012/05/26 00:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2012/05/26 00:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour[2012/05/26 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple[2012/05/26 00:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple[2012/05/26 00:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec[2012/05/26 00:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec[2012/05/26 00:18:24 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\SelfMV[2012/05/26 00:15:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32[2012/05/25 23:29:29 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Macromedia[2012/05/25 23:29:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Adobe[2012/05/25 23:29:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed[2012/05/25 23:29:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed[2012/05/25 23:19:41 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\MigWiz[2012/05/25 22:30:38 | 000,000,000 | ---D | C] -- C:\Temp[2012/05/25 22:30:19 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Samsung[2012/05/25 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Samsung[2012/05/25 22:30:13 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\samsung[2012/05/25 22:26:42 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys[2012/05/25 22:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung[2012/05/25 22:25:56 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll[2012/05/25 22:25:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll[2012/05/25 22:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny[2012/05/25 22:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung[2012/05/25 22:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung[2012/05/25 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Downloaded Installations[2012/05/25 20:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011[2012/05/25 19:36:34 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\AVG2012[2012/05/25 19:36:20 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\AVG Secure Search[2012/05/25 19:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search[2012/05/25 19:36:02 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys[2012/05/25 19:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search[2012/05/25 19:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search[2012/05/25 19:35:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files[2012/05/25 19:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG[2012/05/25 19:35:22 | 000,000,000 | -H-D | C] -- C:\$AVG[2012/05/25 19:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012[2012/05/25 19:35:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG[2012/05/25 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG[2012/05/25 19:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[2012/05/25 19:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel[2012/05/25 19:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology[2012/05/25 19:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3[2012/05/25 19:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent[2012/05/25 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Google[2012/05/25 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Google[2012/05/25 19:17:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel[2012/05/25 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel[2012/05/25 19:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel[2012/05/25 19:16:32 | 000,533,096 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys[2012/05/25 19:16:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM[2012/05/25 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek[2012/05/25 19:16:11 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll[2012/05/25 19:16:11 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll[2012/05/25 19:16:11 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll[2012/05/25 19:16:11 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll[2012/05/25 19:16:10 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll[2012/05/25 19:16:10 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll[2012/05/25 19:16:10 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll[2012/05/25 19:16:10 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll[2012/05/25 19:16:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll[2012/05/25 19:16:08 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll[2012/05/25 19:16:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll[2012/05/25 19:16:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll[2012/05/25 19:16:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll[2012/05/25 19:16:08 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll[2012/05/25 19:16:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll[2012/05/25 19:16:07 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll[2012/05/25 19:16:07 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll[2012/05/25 19:16:07 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll[2012/05/25 19:16:07 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll[2012/05/25 19:16:07 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll[2012/05/25 19:16:07 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll[2012/05/25 19:16:07 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll[2012/05/25 19:16:06 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll[2012/05/25 19:16:06 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll[2012/05/25 19:16:06 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll[2012/05/25 19:16:04 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll[2012/05/25 19:16:04 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll[2012/05/25 19:16:04 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll[2012/05/25 19:16:04 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll[2012/05/25 19:16:04 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll[2012/05/25 19:16:04 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll[2012/05/25 19:16:04 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll[2012/05/25 19:16:04 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll[2012/05/25 19:16:04 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll[2012/05/25 19:16:04 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll[2012/05/25 19:16:04 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll[2012/05/25 19:16:04 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll[2012/05/25 19:16:03 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll[2012/05/25 19:16:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp[2012/05/25 19:16:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information[2012/05/25 19:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek[2012/05/25 19:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield[2012/05/25 19:15:38 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll[2012/05/25 19:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel[2012/05/25 19:15:25 | 000,000,000 | ---D | C] -- C:\Intel[2012/05/25 19:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2012/05/25 19:14:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer[2012/05/25 19:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Google[2012/05/25 19:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google[2012/05/25 19:05:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution[2012/05/25 18:59:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch[2012/05/25 18:59:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2012/05/25 18:55:36 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup[2012/05/25 18:55:36 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Searches[2012/05/25 18:55:36 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools[2012/05/25 18:55:36 | 000,000,000 | -H-D | C] -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned[2012/05/25 18:55:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Identities[2012/05/25 18:55:27 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Contacts[2012/05/25 18:55:26 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\VirtualStore[2012/05/25 18:55:22 | 000,000,000 | --SD | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Videos[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Saved Games[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Pictures[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Music[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Links[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Favorites[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Downloads[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Documents[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Desktop[2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\AppData\Local\Temporary Internet Files[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Templates[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Start Menu[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\SendTo[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Recent[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\PrintHood[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\NetHood[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Documents\My Videos[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Documents\My Pictures[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Documents\My Music[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\My Documents[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Local Settings[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\AppData\Local\History[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Cookies[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Application Data[2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\AppData\Local\Application Data[2012/05/25 18:55:22 | 000,000,000 | -H-D | C] -- C:\Users\Ronnie\AppData[2012/05/25 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Temp[2012/05/25 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Microsoft[2012/05/25 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Media Center Programs[2012/05/25 18:55:14 | 000,000,000 | -HSD | C] -- C:\Recovery[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\TDSSKiller.exe========== Files - Modified Within 30 Days ==========[2012/06/18 06:41:56 | 000,001,306 | ---- | M] () -- C:\Users\Ronnie\Desktop\Clean Registry for Free!.lnk[2012/06/18 06:41:51 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/06/18 06:41:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/06/18 06:29:05 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/06/18 06:29:05 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/06/18 06:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001UA.job[2012/06/18 06:25:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/06/18 06:25:06 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/06/18 06:25:06 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/06/18 06:24:43 | 100,552,554 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/06/18 06:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/06/18 06:20:55 | 2077,675,519 | -HS- | M] () -- C:\hiberfil.sys[2012/06/16 18:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/06/16 17:35:25 | 000,127,267 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/06/15 07:27:39 | 002,251,202 | ---- | M] () -- C:\Users\Ronnie\Documents\UDF1.nru[2012/06/15 07:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001Core.job[2012/06/15 06:49:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ronnie\Desktop\OTL.exe[2012/06/15 03:20:03 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/06/14 18:53:01 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/06/14 18:43:08 | 000,001,162 | ---- | M] () -- C:\Users\Ronnie\Desktop\Get Live PC Help Now.lnk[2012/06/11 19:42:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ronnie\Desktop\dds.com[2012/06/11 19:30:18 | 000,071,203 | ---- | M] () -- C:\Users\Ronnie\Documents\TDSS Killer_log.rtf[2012/06/11 19:23:44 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\TDSSKiller.exe[2012/06/11 19:14:05 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/06/11 07:25:24 | 000,002,335 | ---- | M] () -- C:\Users\Ronnie\Desktop\Google Chrome.lnk[2012/06/11 07:17:30 | 000,001,254 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2012/06/11 06:46:11 | 000,001,868 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk[2012/06/11 06:46:11 | 000,001,862 | ---- | M] () -- C:\Users\Ronnie\Desktop\Check PC For Errors.lnk[2012/05/28 22:38:37 | 464,658,485 | ---- | M] () -- C:\Windows\MEMORY.DMP[2012/05/28 22:06:27 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/05/28 21:57:05 | 000,002,732 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk[2012/05/28 21:57:05 | 000,002,708 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk[2012/05/28 21:45:33 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk[2012/05/28 18:27:19 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm[2012/05/27 16:05:02 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk[2012/05/27 16:00:01 | 000,001,231 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk[2012/05/26 13:50:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf[2012/05/26 11:35:41 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf[2012/05/26 11:35:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf[2012/05/26 01:53:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf[2012/05/26 01:53:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf[2012/05/25 22:30:09 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk[2012/05/25 22:26:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf[2012/05/25 22:25:57 | 000,001,977 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk[2012/05/25 19:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm[2012/05/25 19:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm[2012/05/25 19:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm[2012/05/25 19:26:13 | 000,015,930 | ---- | M] () -- C:\Windows\SysNative\results.xml[2012/05/25 19:23:53 | 000,043,887 | ---- | M] () -- C:\Windows\Ascd_log.ini[2012/05/25 19:13:51 | 000,029,852 | ---- | M] () -- C:\Windows\Ascd_tmp.ini[2012/05/25 19:13:35 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini========== Files Created - No Company Name ==========[2012/06/18 06:41:56 | 000,001,306 | ---- | C] () -- C:\Users\Ronnie\Desktop\Clean Registry for Free!.lnk[2012/06/18 06:24:43 | 100,552,554 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/06/16 17:35:25 | 000,127,267 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/06/15 07:27:38 | 002,251,202 | ---- | C] () -- C:\Users\Ronnie\Documents\UDF1.nru[2012/06/14 18:53:01 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/06/14 18:43:08 | 000,001,162 | ---- | C] () -- C:\Users\Ronnie\Desktop\Get Live PC Help Now.lnk[2012/06/11 19:30:17 | 000,071,203 | ---- | C] () -- C:\Users\Ronnie\Documents\TDSS Killer_log.rtf[2012/06/11 07:25:24 | 000,002,335 | ---- | C] () -- C:\Users\Ronnie\Desktop\Google Chrome.lnk[2012/06/11 07:22:36 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001UA.job[2012/06/11 07:22:35 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001Core.job[2012/06/11 06:46:11 | 000,001,868 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk[2012/06/11 06:46:11 | 000,001,862 | ---- | C] () -- C:\Users\Ronnie\Desktop\Check PC For Errors.lnk[2012/05/28 22:38:37 | 464,658,485 | ---- | C] () -- C:\Windows\MEMORY.DMP[2012/05/28 22:34:15 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll[2012/05/28 22:06:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk[2012/05/28 22:06:27 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/05/28 21:57:05 | 000,002,732 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk[2012/05/28 21:57:05 | 000,002,708 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk[2012/05/28 21:45:33 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk[2012/05/28 18:27:19 | 000,625,911 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm[2012/05/27 16:15:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk[2012/05/27 16:15:16 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk[2012/05/27 16:14:48 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk[2012/05/27 16:14:29 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk[2012/05/27 16:05:02 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk[2012/05/27 16:00:01 | 000,001,231 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk[2012/05/26 13:50:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf[2012/05/26 11:35:41 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf[2012/05/26 11:35:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf[2012/05/26 00:26:08 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk[2012/05/25 23:29:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/05/25 22:30:09 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk[2012/05/25 22:26:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf[2012/05/25 22:25:57 | 000,001,977 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk[2012/05/25 19:36:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/05/25 19:35:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm[2012/05/25 19:35:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm[2012/05/25 19:35:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm[2012/05/25 19:26:13 | 000,015,930 | ---- | C] () -- C:\Windows\SysNative\results.xml[2012/05/25 19:23:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll[2012/05/25 19:21:52 | 000,001,254 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2012/05/25 19:17:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2012/05/25 19:17:40 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa[2012/05/25 19:17:40 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2012/05/25 19:17:40 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin[2012/05/25 19:17:40 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2012/05/25 19:17:40 | 000,218,304 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin[2012/05/25 19:17:40 | 000,211,082 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources[2012/05/25 19:17:40 | 000,197,902 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources[2012/05/25 19:17:40 | 000,182,514 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources[2012/05/25 19:17:40 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe[2012/05/25 19:17:40 | 000,156,057 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources[2012/05/25 19:17:40 | 000,152,994 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources[2012/05/25 19:17:40 | 000,148,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources[2012/05/25 19:17:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2012/05/25 19:17:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin[2012/05/25 19:17:40 | 000,140,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources[2012/05/25 19:17:40 | 000,138,572 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources[2012/05/25 19:17:40 | 000,137,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources[2012/05/25 19:17:40 | 000,137,506 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources[2012/05/25 19:17:40 | 000,136,449 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources[2012/05/25 19:17:40 | 000,135,519 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources[2012/05/25 19:17:40 | 000,135,222 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources[2012/05/25 19:17:40 | 000,134,686 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources[2012/05/25 19:17:40 | 000,134,272 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources[2012/05/25 19:17:40 | 000,134,238 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources[2012/05/25 19:17:40 | 000,133,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources[2012/05/25 19:17:40 | 000,133,548 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources[2012/05/25 19:17:40 | 000,133,246 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources[2012/05/25 19:17:40 | 000,133,014 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources[2012/05/25 19:17:40 | 000,132,752 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources[2012/05/25 19:17:40 | 000,132,650 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources[2012/05/25 19:17:40 | 000,131,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources[2012/05/25 19:17:40 | 000,128,863 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources[2012/05/25 19:17:40 | 000,128,667 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources[2012/05/25 19:17:40 | 000,128,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources[2012/05/25 19:17:40 | 000,123,921 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources[2012/05/25 19:17:40 | 000,117,522 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources[2012/05/25 19:17:40 | 000,116,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources[2012/05/25 19:17:40 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll[2012/05/25 19:17:40 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll[2012/05/25 19:17:40 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp[2012/05/25 19:17:40 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp[2012/05/25 19:17:40 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp[2012/05/25 19:17:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2012/05/25 19:17:40 | 000,017,220 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp[2012/05/25 19:17:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll[2012/05/25 19:17:40 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config[2012/05/25 19:16:32 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll[2012/05/25 19:14:34 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/05/25 19:14:34 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/05/25 19:14:10 | 000,043,887 | ---- | C] () -- C:\Windows\Ascd_log.ini[2012/05/25 19:13:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2012/05/25 19:13:28 | 000,029,852 | ---- | C] () -- C:\Windows\Ascd_tmp.ini[2012/05/25 19:01:04 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk[2012/05/25 19:01:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk[2012/05/25 18:59:15 | 2077,675,519 | -HS- | C] () -- C:\hiberfil.sys[2012/05/25 18:55:40 | 000,001,409 | ---- | C] () -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk[2012/05/25 18:55:37 | 000,001,260 | ---- | C] () -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[2012/05/25 18:55:22 | 000,000,290 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk[2012/05/25 18:55:22 | 000,000,272 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll========== LOP Check ==========[2012/05/26 11:51:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\AVG2012[2012/06/07 11:53:37 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Samsung[2012/05/25 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\AVG2012[2012/06/11 06:46:21 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Sammsoft[2012/05/25 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Samsung[2012/06/07 11:47:12 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Temp[2009/07/14 06:08:49 | 000,010,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==========< End of report > Link to post Share on other sites More sharing options...
r0n5ter Posted June 18, 2012 Author ID:561556 Share Posted June 18, 2012 ...and the Extra's file...EXTRASOTL Extras logfile created on: 18/06/2012 06:45:19 - Run 1OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ronnie\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy7.91 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 81.16% Memory free15.82 Gb Paging File | 14.23 Gb Available in Paging File | 89.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.41 Gb Total Space | 826.84 Gb Free Space | 88.77% Space Free | Partition Type: NTFSDrive E: | 69.64 Gb Total Space | 5.47 Gb Free Space | 7.85% Space Free | Partition Type: NTFSDrive F: | 69.64 Gb Total Space | 11.06 Gb Free Space | 15.89% Space Free | Partition Type: NTFSComputer Name: SPARE_OOM-PC | User Name: Ronnie | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 0"DisableNotifications" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0809AFEE-8CBB-4198-ACF2-E6D9D29135A9}" = lport=138 | protocol=17 | dir=in | app=system | "{095959CD-9991-419D-8ACC-A6DE66723738}" = rport=138 | protocol=17 | dir=out | app=system | "{0CB01F91-44A9-407A-BFA9-1C0DE4A587A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34D26AED-CCAB-4537-9638-6A3BA7BD10B2}" = rport=10243 | protocol=6 | dir=out | app=system | "{35A76BAF-5825-4EB9-BD9F-2281CF22B3DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3B089E6A-8DCF-4548-A1C3-2D6AAA1B1D0B}" = lport=10243 | protocol=6 | dir=in | app=system | "{46F95EC2-6C27-47CC-968C-F06BE9B03E11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4892C5CD-4ED1-45F6-B78A-C8EEF8C3586F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{567070E3-EADB-4F4A-906D-E8D7D0747F11}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{570A032C-631F-49FD-91EF-D40EC85C82D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5891A0C0-6FE2-4FE1-8A0D-C91288A24243}" = rport=137 | protocol=17 | dir=out | app=system | "{696DFE09-86F3-4A77-8B7A-B3B195656A93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8848A594-2083-4912-A053-BAD6E7452A2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8D66CA93-17CC-4B76-BAC1-C2743B24EE25}" = rport=445 | protocol=6 | dir=out | app=system | "{93184EAA-6693-4D1D-8082-5141CED161BB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9A7D223D-844E-45F7-83EB-3ADBA12BF96D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A955C594-E806-4EA7-833A-1E2D309124B7}" = lport=137 | protocol=17 | dir=in | app=system | "{B1F65022-760A-487F-A0CC-EAAE97C7C20B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B65389F0-5719-4BED-9A7C-AFBD0CD7DE29}" = lport=445 | protocol=6 | dir=in | app=system | "{B6CC96E3-AC86-4A95-99B5-6C46946B299C}" = rport=139 | protocol=6 | dir=out | app=system | "{BCA111F1-4458-463E-9D24-031B7C7D3E89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EEC96E11-539E-4DFA-AE62-1DFEE1B767FA}" = lport=2869 | protocol=6 | dir=in | app=system | "{F09CC7EC-9015-442C-A888-B9E4EF55C799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F36ADC81-899D-42CC-AE70-EBC2C19F67A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F4E7031F-AB00-4223-BF77-6E314D395A25}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01FEEF68-5655-4A58-8A36-67E59E73338F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | "{0328B12B-9547-420A-AB15-2DCF4323C40F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1C659D97-1151-4AFF-9D2D-508D0F6F4ABF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2A558DFD-49CD-4B25-9061-63758EB83F64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2BC46680-9835-4B1B-9C9E-3EB3928A7F68}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{2F34C02F-7F7C-48F1-8E6A-318AA5FBA524}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{36B6FB85-E51C-45CD-9292-9307BFEA19C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{38DEFEEA-9000-4EBA-BD6E-51AD06945D5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3D23AE61-8629-4648-8443-287DB7EBF68D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{46F90D1A-2CA2-4711-AB44-D9861B1A969D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{511DDF0F-9330-41BE-BCDA-05D25BE1705B}" = protocol=6 | dir=out | app=system | "{549CA9BE-CC9F-4D79-B37B-F5C8BA7C7E92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54E0A905-EE7F-471B-95A5-E1A76E7EC58E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{66242BAA-CCAE-4D77-AC41-27EDE6170953}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | "{6C30034C-DE43-47C9-BD4C-5DD025A8FC84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6FBC8473-D265-4548-B4B4-D72395ED8EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{6FE22AA8-0175-4686-B2A1-DD480E699DD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7B5A9C10-8798-48F3-A0F4-6FC8A43C72EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{846AD452-50FF-465A-943B-355FE1EF18A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9127DFA3-6496-4230-8990-E396ABBF94CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A0C31DE-82F9-45CF-85B3-631C1D60DE80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9DA22CEF-A3C2-4C8A-AFEC-641CE601D439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AABB03BB-DE08-4E31-A5A5-5710C91D3731}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{AC87FD0B-7120-41BE-A025-E0009C1CD6FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{B4DA2DF6-196F-4851-8F3B-4BE30B47ED96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BB17E2A6-1268-4D07-9529-8E7BC39E047D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{BC1959B1-DB43-4910-97F9-DAE3AC167650}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C3061635-5DE1-406E-B219-42010CEAFB23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C94A5DAE-D6EF-49A2-8C91-2CF919C12FDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D2EC8A20-43CA-43C4-B72D-89C1DCB6417E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{E0C9C3B4-3E9F-4E84-A53D-6A90FF2C91ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{E0E9EFF3-16EA-45B3-A239-9E80005B1CB9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{E174E206-A168-41C3-95FE-8BD1977BE02A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E9AC7C05-3C8B-4846-86B8-A73EF9E9109A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F5D1692B-7E3F-403C-B6C6-97A51F21DB3D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{F5D51040-7262-4071-AB8F-C20777767B32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F92E6825-B81F-4FF6-9E04-336EEEFEAD5C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{FA6046E1-8325-4E84-9587-C2B5906DF19C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FB6D535C-41B8-45EE-A71B-89121213D27E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{FC27DA0C-3B66-443B-816C-51FBD5380B0D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}" = HP Deskjet 2050 J510 series Basic Device Software"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{855D3D91-0743-4B75-B469-D45FF68D42BB}" = HP Deskjet 2050 J510 series Product Improvement Study"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit"ARO 2012_is1" = ARO 2012"AVG" = AVG 2012"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{59579B12-97E6-437E-B988-BA032165D355}" = Dualpix HD"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{841e8e8b-9323-4b4e-8565-7b4bc995c9bb}" = Nero 9 Essentials"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles"{B60D61FD-1CB1-4ED5-974E-8C959F14208E}" = Hercules Webcam Station Evolution"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows"HP Photo Creations" = HP Photo Creations"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"WinLiveSuite" = Windows Live Essentials========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome"MyFreeCodec" = MyFreeCodec========== Last 20 Event Log Errors ==========[ Application Events ]Error - 11/06/2012 02:01:08 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000Description = Faulting application name: _isC487.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _isC487.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x17e4 Faulting application start time: 0x01cd479798609075 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_isC487.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_isC487.exeReport Id: d6489dbc-b38a-11e1-b3b9-5404a62bd04fError - 11/06/2012 02:01:38 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000Description = Faulting application name: _is3552.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _is3552.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x12f4 Faulting application start time: 0x01cd4797a9c63f15 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_is3552.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_is3552.exeReport Id: e7ae4c5d-b38a-11e1-b3b9-5404a62bd04fError - 11/06/2012 02:21:28 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000Description = Faulting application name: _is6087.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _is6087.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x1984 Faulting application start time: 0x01cd479a6f526227 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_is6087.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_is6087.exeReport Id: ad608572-b38d-11e1-b3b9-5404a62bd04fError - 11/06/2012 02:21:38 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000Description = Faulting application name: _is86FB.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _is86FB.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x1954 Faulting application start time: 0x01cd479a752ba3b3 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_is86FB.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_is86FB.exeReport Id: b313b0fa-b38d-11e1-b3b9-5404a62bd04fError - 11/06/2012 14:06:30 | Computer Name = Spare_Oom-PC | Source = WinMgmt | ID = 10Description = Error - 11/06/2012 14:06:59 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000Description = Faulting application name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Faulting module name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41cException code: 0xc0000005 Fault offset: 0x0001ffca Faulting process id: 0x138c Faulting application start time: 0x01cd47fcfe0549e8 Faulting application path: C:\Program Files (x86)\ARO 2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report Id: 3c5613bb-b3f0-11e1-a046-5404a62bd04fError - 11/06/2012 14:09:24 | Computer Name = Spare_Oom-PC | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 11/06/2012 14:18:02 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000Description = Faulting application name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Faulting module name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41cException code: 0xc0000005 Fault offset: 0x0001ffca Faulting process id: 0xf40 Faulting application start time: 0x01cd47fe85022af7 Faulting application path: C:\Program Files (x86)\ARO 2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report Id: c751ffae-b3f1-11e1-b4a1-5404a62bd04fError - 11/06/2012 14:18:28 | Computer Name = Spare_Oom-PC | Source = WinMgmt | ID = 10Description = Error - 11/06/2012 14:18:31 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000Description = Faulting application name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Faulting module name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41cException code: 0xc0000005 Fault offset: 0x0001ffca Faulting process id: 0x5e8 Faulting application start time: 0x01cd47fe9ac03f89 Faulting application path: C:\Program Files (x86)\ARO 2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report Id: d8ed54b8-b3f1-11e1-b4a1-5404a62bd04f[ System Events ]Error - 27/05/2012 12:00:57 | Computer Name = Spare_Oom-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 16:59:57 on ?27/?05/?2012 was unexpected.Error - 28/05/2012 13:23:31 | Computer Name = Spare_Oom-PC | Source = Server | ID = 2505Description = The server could not bind to the transport \Device\NetBT_Tcpip_{DF3D6C97-2682-4DE3-97E8-3AC02545D471} because another computer on the network has the same name. The server could not start.Error - 28/05/2012 17:38:40 | Computer Name = Spare_Oom-PC | Source = EventLog | ID = 6008Description = The previous system shutdown at 22:37:15 on ?28/?05/?2012 was unexpected.Error - 28/05/2012 17:38:43 | Computer Name = Spare_Oom-PC | Source = BugCheck | ID = 1001Description = Error - 03/06/2012 09:33:52 | Computer Name = Spare_Oom-PC | Source = Server | ID = 2505Description = The server could not bind to the transport \Device\NetBT_Tcpip_{DF3D6C97-2682-4DE3-97E8-3AC02545D471} because another computer on the network has the same name. The server could not start.Error - 04/06/2012 04:00:17 | Computer Name = Spare_Oom-PC | Source = DCOM | ID = 10010Description = Error - 04/06/2012 10:14:05 | Computer Name = Spare_Oom-PC | Source = Service Control Manager | ID = 7034Description = The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).Error - 11/06/2012 14:10:10 | Computer Name = Spare_Oom-PC | Source = Service Control Manager | ID = 7022Description = The Windows Update service hung on starting.Error - 12/06/2012 16:11:51 | Computer Name = Spare_Oom-PC | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR1.Error - 14/06/2012 13:52:03 | Computer Name = Spare_Oom-PC | Source = Service Control Manager | ID = 7031Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.< End of report > Link to post Share on other sites More sharing options...
Maniac Posted June 18, 2012 ID:561592 Share Posted June 18, 2012 There is no anything traces from MyStar toolbar. Do you see anything specific? Link to post Share on other sites More sharing options...
r0n5ter Posted June 18, 2012 Author ID:561727 Share Posted June 18, 2012 Hi Maniac,Not seeing any more traces of it, thanks.I think uninstalling the other toolbars may have cleared "It's dead, Jim" screen which was displayed when I used task manager to close the Chrome window.Thanks for all your help (and explanations).RegardsRonnie Link to post Share on other sites More sharing options...
Maniac Posted June 18, 2012 ID:561797 Share Posted June 18, 2012 Glad I could help! Please run OTL and click on CleanUp button.Some malware prevention tips:http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983Safe surfing! Link to post Share on other sites More sharing options...
LDTate Posted June 19, 2012 ID:561982 Share Posted June 19, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts