Jump to content

trojan.small


Recommended Posts

Hi, i recently purchased MalwareBytes, and it appears im infected with trojan.small and 2 other trojans

And even after quarantining the files in question, they keep coming back

Any help would be greatly appreciated

Thanks

Dave

My MalwareBytes log

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.18.07

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Sue & Dave :: SUEDAVE-HP [administrator]

Protection: Enabled

18/06/2012 22:57:29

mbam-log-2012-06-18 (22-57-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202724

Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

also i have tried running dds.exe, but for some reason no logs appear

Link to post
Share on other sites

Hello Dave! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Proceed with OTL.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

otl.txt

OTL logfile created on: 6/24/2012 7:36:50 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Sue & Dave\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.87 Mb Total Physical Memory | 139.51 Mb Available Physical Memory | 13.79% Memory free

1.99 Gb Paging File | 0.78 Gb Available in Paging File | 39.35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215.02 Gb Total Space | 18.25 Gb Free Space | 8.49% Space Free | Partition Type: NTFS

Drive D: | 17.57 Gb Total Space | 2.54 Gb Free Space | 14.47% Space Free | Partition Type: NTFS

Computer Name: SUEDAVE-HP | User Name: Sue & Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 19:34:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sue & Dave\Downloads\OTL.exe

PRC - [2012/06/12 21:43:43 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

PRC - [2012/04/04 15:58:00 | 000,981,672 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2010/07/20 21:21:52 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010/06/30 03:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/06/30 02:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/06/18 06:10:14 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2010/06/18 06:10:14 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe

PRC - [2010/06/18 00:07:32 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

PRC - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/06/08 10:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe

PRC - [2006/05/29 04:00:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBOE.EXE

PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

========== Modules (No Company Name) ==========

MOD - [2012/06/15 20:18:29 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll

MOD - [2012/06/15 20:16:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012/06/15 20:16:33 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012/05/15 19:22:44 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll

MOD - [2012/05/14 21:17:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll

MOD - [2012/05/14 21:13:13 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll

MOD - [2012/05/14 21:12:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012/05/14 21:12:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012/05/14 21:12:28 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012/05/14 21:11:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll

MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 22:18:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/04/19 07:31:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/07/20 21:21:52 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2010/07/08 21:45:32 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010/06/30 03:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/06/18 06:10:14 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/03/03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)

SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C23620CF-B718-4DEB-A8E1-11CE0B3CEA0C}\MpKslc706e09c.sys -- (MpKslc706e09c)

DRV - [2012/06/24 18:41:35 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/12/08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)

DRV - [2011/12/08 05:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

DRV - [2011/12/08 05:22:28 | 000,016,384 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\flashusb.sys -- (flashusb)

DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2010/06/18 06:10:14 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2010/06/17 20:28:34 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)

DRV - [2009/11/11 22:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)

DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2

IE - HKLM\..\SearchScopes,DefaultScope = {80545DB1-64FE-4D5D-B9EA-B9435B39CBEE}

IE - HKLM\..\SearchScopes\{1ACF2B75-A1F0-4415-8562-EA408A4C9C8D}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{80545DB1-64FE-4D5D-B9EA-B9435B39CBEE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{8EAF08F5-C7D0-4098-89BC-C178B196D985}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\..\SearchScopes,DefaultScope = {595816DE-1747-4CA7-B5D3-B34389737969}

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\..\SearchScopes\{1ACF2B75-A1F0-4415-8562-EA408A4C9C8D}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\..\SearchScopes\{595816DE-1747-4CA7-B5D3-B34389737969}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\..\SearchScopes\{80545DB1-64FE-4D5D-B9EA-B9435B39CBEE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\..\SearchScopes\{8EAF08F5-C7D0-4098-89BC-C178B196D985}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-294786620-2547634595-802218544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/03 23:51:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 22:15:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 19:59:49 | 000,000,000 | ---D | M]

[2011/02/19 19:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Extensions

[2012/06/24 00:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions

[2012/05/31 18:58:54 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

[2012/06/18 21:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/27 17:36:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/09/27 18:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012/03/01 23:22:16 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/03/01 23:22:16 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/03/01 23:22:16 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/03/01 23:22:16 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O3 - HKU\S-1-5-21-294786620-2547634595-802218544-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-294786620-2547634595-802218544-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKU\S-1-5-21-294786620-2547634595-802218544-1000..\Run: [EPSON Stylus Photo R360 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747C6E41-D08D-4708-8458-08CD624F0627}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{067a8836-a8c5-11e0-b194-68b59961b33f}\Shell - "" = AutoRun

O33 - MountPoints2\{067a8836-a8c5-11e0-b194-68b59961b33f}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 18:41:35 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/06/24 18:23:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sue & Dave\Desktop\dds.com

[2012/06/24 00:08:55 | 000,000,000 | ---D | C] -- C:\Users\Sue & Dave\AppData\Local\Macromedia

[2012/06/21 19:35:48 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/21 19:35:48 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/21 19:35:32 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/21 19:35:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/21 19:35:32 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/21 19:35:19 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/21 19:35:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/18 20:36:39 | 000,000,000 | ---D | C] -- C:\Users\Sue & Dave\AppData\Roaming\Malwarebytes

[2012/06/18 20:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/18 20:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/18 20:36:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/18 20:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/06/18 20:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012/06/18 19:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2012/06/18 19:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2012/06/18 19:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2012/06/18 19:53:25 | 000,000,000 | ---D | C] -- C:\Users\Sue & Dave\AppData\Local\Microsoft Help

[2012/06/18 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012/06/15 21:38:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2012/06/15 20:30:58 | 000,000,000 | ---D | C] -- C:\Users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}

[2012/06/15 13:14:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/06/15 13:14:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/06/15 13:14:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/06/15 13:14:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/06/15 13:14:48 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/06/15 13:14:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/06/15 13:14:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/06/14 12:38:34 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/06/14 12:38:32 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2012/06/14 12:38:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2012/06/14 12:38:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2012/06/06 09:27:18 | 000,000,000 | ---D | C] -- C:\Users\Sue & Dave\AppData\Roaming\dvdcss

[2012/05/31 19:00:15 | 000,000,000 | ---D | C] -- C:\Users\Sue & Dave\AppData\Local\{45D12C3B-6E97-4247-97E8-47BBB42F43FA}

[2012/01/18 19:11:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sue & Dave\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 19:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/24 18:41:35 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/06/24 18:23:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sue & Dave\Desktop\dds.com

[2012/06/24 18:12:40 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/24 18:12:40 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/24 18:05:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/24 18:05:05 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/23 22:18:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/06/23 22:18:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/06/18 23:27:16 | 000,266,177 | ---- | M] () -- C:\Users\Sue & Dave\AppData\Local\census.cache

[2012/06/18 23:26:43 | 000,146,207 | ---- | M] () -- C:\Users\Sue & Dave\AppData\Local\ars.cache

[2012/06/18 23:12:00 | 000,000,036 | ---- | M] () -- C:\Users\Sue & Dave\AppData\Local\housecall.guid.cache

[2012/06/18 21:04:18 | 000,419,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/18 20:36:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/18 19:48:02 | 000,000,959 | ---- | M] () -- C:\Users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2012/06/18 19:48:02 | 000,000,923 | ---- | M] () -- C:\Users\Sue & Dave\Desktop\MagicDisc.lnk

[2012/06/18 19:41:56 | 000,631,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/18 19:41:56 | 000,112,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/07 20:57:04 | 000,000,732 | ---- | M] () -- C:\Users\Sue & Dave\Documents\k and co.rtf

[2012/06/02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/02 08:42:38 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog

[2012/06/02 08:40:03 | 000,000,144 | ---- | M] () -- C:\Users\Sue & Dave\AppData\Local\mv_Photo.xml

[2012/06/02 08:40:03 | 000,000,135 | ---- | M] () -- C:\Users\Sue & Dave\AppData\Local\mv_music.xml

[2012/05/31 18:57:11 | 000,000,937 | ---- | M] () -- C:\Users\Sue & Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/05/31 18:57:11 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/24 10:02:12 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@

[2012/06/24 10:02:12 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@

[2012/06/18 23:27:16 | 000,266,177 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Local\census.cache

[2012/06/18 23:26:43 | 000,146,207 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Local\ars.cache

[2012/06/18 23:12:00 | 000,000,036 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Local\housecall.guid.cache

[2012/06/18 20:36:25 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/18 19:48:02 | 000,000,959 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2012/06/05 22:14:22 | 000,000,732 | ---- | C] () -- C:\Users\Sue & Dave\Documents\k and co.rtf

[2012/05/31 18:58:28 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog

[2012/01/18 19:11:53 | 000,087,608 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Roaming\inst.exe

[2012/01/18 19:11:53 | 000,007,887 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Roaming\pcouffin.cat

[2012/01/18 19:11:53 | 000,001,144 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Roaming\pcouffin.inf

[2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@

[2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@

[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011/09/15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

[2011/07/05 19:45:01 | 000,001,189 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Roaming\vso_ts_preview.xml

[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011/05/22 19:00:13 | 000,006,144 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/13 19:15:46 | 000,000,144 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Local\mv_Photo.xml

[2011/02/13 19:15:46 | 000,000,135 | ---- | C] () -- C:\Users\Sue & Dave\AppData\Local\mv_music.xml

[2010/11/27 13:08:57 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2010/11/27 13:08:02 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini

[2010/11/27 13:08:02 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

[2010/08/07 22:02:07 | 000,000,188 | ---- | C] () -- C:\Windows\System32\HPWA.ini

[2010/08/07 19:55:25 | 000,000,180 | ---- | C] () -- C:\Windows\System32\HP Documentation.ini

< End of report >

Link to post
Share on other sites

extras.txt

OTL Extras logfile created on: 6/24/2012 7:36:50 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Sue & Dave\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.87 Mb Total Physical Memory | 139.51 Mb Available Physical Memory | 13.79% Memory free

1.99 Gb Paging File | 0.78 Gb Available in Paging File | 39.35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215.02 Gb Total Space | 18.25 Gb Free Space | 8.49% Space Free | Partition Type: NTFS

Drive D: | 17.57 Gb Total Space | 2.54 Gb Free Space | 14.47% Space Free | Partition Type: NTFS

Computer Name: SUEDAVE-HP | User Name: Sue & Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-294786620-2547634595-802218544-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D03E0AF-A6D1-407A-AAF5-5B429D271EC5}" = LeapFrog MyOwnLeaptop Plugin

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant

"{1588DD21-B959-4674-9CF0-4D13B7D75020}" = Alcor Micro USB Card Reader

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40C19172-F700-4056-8683-2C64BE3202C8}" = HP QuickSync

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager

"{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}" = HP HomeBase

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F4657EC0-BB82-47C7-ACD8-140212055852}" = HP Documentation

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"DVD Flick_is1" = DVD Flick 1.3.0.7

"DVD Shrink_is1" = DVD Shrink 3.2

"EASEUS Data Recovery Wizard Professional 5.5.1_is1" = EASEUS Data Recovery Wizard Professional 5.5.1

"EPSON Printer and Utilities" = EPSON Printer Software

"HDMI" = Intel® Graphics Media Accelerator Driver

"InstallShield_{1588DD21-B959-4674-9CF0-4D13B7D75020}" = Alcor Micro USB Card Reader

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)

"LG PC Suite" = LG PC Suite

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)

"My HP Game Console" = HP Game Console

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Picasa 3" = Picasa 3

"PROPLUS" = Microsoft Office Professional Plus 2007

"RealPlayer 15.0" = RealPlayer

"SopCast" = SopCast 3.4.0

"Spotify" = Spotify

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 7" = TeamViewer 7

"UPCShell" = LeapFrog Connect

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.1

"WildTangent hp Master Uninstall" = HP Games

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"WT087361" = FATE

"WT087374" = Jewel Quest - Heritage

"WT087385" = JoJo's Fashion Show

"WT087394" = Penguins!

"WT087396" = Polar Bowler

"WT087408" = Skip-Bo - Castaway Caper

"WT087409" = Tradewinds Legends

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087467" = Dream Chronicles

"WT087480" = Insaniquarium Deluxe

"WT087485" = Jewel Quest II

"WT087490" = Jewel Quest Solitaire

"WT087495" = Mahjongg Artifacts

"WT087501" = Plants vs. Zombies

"WT087510" = Slingo Deluxe

"WT087513" = Virtual Villagers - The Secret City

"WT087519" = Wedding Dash

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WTA-08b679d5-cfdd-42f6-bea0-7c0f7191f6c4" = Mah Jong Adventures

"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-294786620-2547634595-802218544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = CopyTrans Suite Remove Only

"Spotify" = Spotify

"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/31/2012 1:54:14 PM | Computer Name = SueDave-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 77297949

Error - 5/31/2012 1:54:14 PM | Computer Name = SueDave-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 77297949

Error - 5/31/2012 2:00:41 PM | Computer Name = SueDave-HP | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 1.9.2.4448 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 81c Start

Time: 01cd3f57271fd9a1 Termination Time: 40 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 8222336e-ab4a-11e1-ae1a-68b59961b33f

Error - 6/6/2012 8:47:11 AM | Computer Name = SueDave-HP | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP

Quick Launch\x64\Beats64.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/6/2012 9:25:27 AM | Computer Name = SueDave-HP | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP

Quick Launch\x64\Beats64.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/6/2012 9:28:16 AM | Computer Name = SueDave-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/9/2012 6:50:07 AM | Computer Name = SueDave-HP | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP

Quick Launch\x64\Beats64.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/9/2012 6:53:46 AM | Computer Name = SueDave-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/13/2012 10:47:48 AM | Computer Name = SueDave-HP | Source = Application Hang | ID = 1002

Description = The program HPSF.exe version 6.1.12.1 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: ac8 Start Time:

01cd49735ef1274f Termination Time: 53 Application Path: C:\Program Files\Hewlett-Packard\HP

Support Framework\HPSF.exe Report Id: b1ed8a25-b566-11e1-8c4c-68b59961b33f

Error - 6/13/2012 2:11:59 PM | Computer Name = SueDave-HP | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):

DownloadLatest Failed: There are currently no active network connections. Background

Intelligent Transfer Service (BITS) will try again when an adapter is connected.

[ Hewlett-Packard Events ]

Error - 5/2/2012 2:47:13 PM | Computer Name = SueDave-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 5/12/2012 4:49:57 AM | Computer Name = SueDave-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 5/16/2012 4:31:53 PM | Computer Name = SueDave-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 5/16/2012 4:34:56 PM | Computer Name = SueDave-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 5/16/2012 4:35:19 PM | Computer Name = SueDave-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 5/16/2012 4:35:19 PM | Computer Name = SueDave-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 5/25/2012 4:30:03 PM | Computer Name = SueDave-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 5/25/2012 4:33:54 PM | Computer Name = SueDave-HP | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object

reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void closeConnection()

Error - 5/30/2012 10:18:23 AM | Computer Name = SueDave-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 1011 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 6/6/2012 10:20:44 AM | Computer Name = SueDave-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]

Error - 4/30/2012 3:03:29 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 5/1/2012 3:43:15 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 5/1/2012 3:43:45 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 5/2/2012 2:44:07 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 5/2/2012 2:44:13 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 5/2/2012 3:48:50 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 5/2/2012 3:48:56 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 5/3/2012 8:41:00 AM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 5/3/2012 8:41:05 AM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 5/4/2012 1:29:14 PM | Computer Name = SueDave-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

[ System Events ]

Error - 1/8/2012 11:41:56 AM | Computer Name = SueDave-HP | Source = DCOM | ID = 10010

Description =

Error - 1/13/2012 1:48:56 PM | Computer Name = SueDave-HP | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.117.2645.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 1/13/2012 1:48:57 PM | Computer Name = SueDave-HP | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.117.2645.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 1/13/2012 1:48:57 PM | Computer Name = SueDave-HP | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.117.2645.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 1/13/2012 1:50:56 PM | Computer Name = SueDave-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server

2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

Error - 1/13/2012 6:06:21 PM | Computer Name = SueDave-HP | Source = DCOM | ID = 10010

Description =

Error - 1/15/2012 3:25:52 PM | Computer Name = SueDave-HP | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/18/2012 12:46:24 PM | Computer Name = SueDave-HP | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 0.0.0.0 with

the system having network hardware address 00-00-00-00-00-00. Network operations

on this system may be disrupted as a result.

Error - 1/18/2012 6:11:29 PM | Computer Name = SueDave-HP | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 1/30/2012 3:53:38 PM | Computer Name = SueDave-HP | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall µTorrent, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
    [2012/05/31 18:58:54 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    [2012/06/24 10:02:12 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@
    [2012/06/24 10:02:12 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@
    [2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@
    [2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@

    :files
    C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}
    C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

All processes killed

Error: Unable to interpret <:OTLFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com[2012/05/31 18:58:54 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}[2012/06/24 10:02:12 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@[2012/06/24 10:02:12 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@[2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@[2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@:filesC:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 06242012_202635

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.04

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Sue & Dave :: SUEDAVE-HP [administrator]

Protection: Enabled

24/06/2012 20:31:53

mbam-log-2012-06-24 (20-31-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203700

Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

The script was not activated. Every entrie should be on a new line. The script in OTL should looks like this:

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
[2012/05/31 18:58:54 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/06/24 10:02:12 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@
[2012/06/24 10:02:12 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@
[2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@
[2012/01/11 08:44:06 | 000,002,048 | -HS- | C] () -- C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@

:files
C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}
C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Repeat both steps.

Link to post
Share on other sites

sorry heres the otl log, will now run malwarebytes scan now

All processes killed

========== OTL ==========

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com not found.

C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components folder moved successfully.

C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6 folder moved successfully.

C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content folder moved successfully.

C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome folder moved successfully.

C:\Users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} folder moved successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@ moved successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@ moved successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@ moved successfully.

C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\@ moved successfully.

========== FILES ==========

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U folder moved successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f} scheduled to be moved on reboot.

C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U folder moved successfully.

C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\L folder moved successfully.

C:\Users\Sue & Dave\AppData\Local\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f} folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Sue & Dave\Downloads\cmd.bat deleted successfully.

C:\Users\Sue & Dave\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sue & Dave

->Temp folder emptied: 2500219 bytes

->Temporary Internet Files folder emptied: 1311988252 bytes

->Java cache emptied: 1131989 bytes

->FireFox cache emptied: 59030165 bytes

->Flash cache emptied: 13701 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 151533338 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,455.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06242012_210904

Files\Folders moved on Reboot...

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U folder moved successfully.

C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f} folder moved successfully.

C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJU7MTSW\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJU7MTSW\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SY7T41FY\fastbutton[1].htm moved successfully.

C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SQO2FRXD\index[3].htm moved successfully.

C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f} not found!

File C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJU7MTSW\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!

File C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJU7MTSW\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

File C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SY7T41FY\fastbutton[1].htm not found!

File C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SQO2FRXD\index[3].htm not found!

File C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Sue & Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

zMalwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.04

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Sue & Dave :: SUEDAVE-HP [administrator]

Protection: Enabled

24/06/2012 21:19:56

mbam-log-2012-06-24 (21-19-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203007

Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 12-06-24.03 - Sue & Dave 24/06/2012 21:43:47.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1012.121 [GMT 1:00]

Running from: c:\users\Sue & Dave\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

c:\windows\system32\muzapp.exe

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))

.

.

2012-06-24 21:03 . 2012-06-24 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-24 19:26 . 2012-06-24 19:26 -------- d-----w- C:\_OTL

2012-06-23 23:08 . 2012-06-23 23:08 -------- d-----w- c:\users\Sue & Dave\AppData\Local\Macromedia

2012-06-21 18:35 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 18:35 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 18:35 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 18:35 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 18:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 18:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 18:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 18:35 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 18:35 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 13:35 . 2012-06-20 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\users\Sue & Dave\AppData\Roaming\Malwarebytes

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\programdata\Malwarebytes

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-18 19:36 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 18:59 . 2012-06-18 19:11 -------- d-----w- c:\program files\Microsoft Works

2012-06-18 18:54 . 2012-06-18 18:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-06-18 18:53 . 2012-06-18 18:53 -------- d-----w- c:\users\Sue & Dave\AppData\Local\Microsoft Help

2012-06-18 18:52 . 2012-06-20 23:08 -------- d-----w- c:\programdata\Microsoft Help

2012-06-15 20:38 . 2012-06-15 20:38 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-15 19:30 . 2012-06-15 19:30 -------- d-----w- c:\users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}

2012-06-15 19:26 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A057E9EB-74FD-4F52-BDE3-4E9529F250AB}\mpengine.dll

2012-06-14 11:44 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-14 11:38 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 11:38 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-14 11:38 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 11:38 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 11:38 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 11:38 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 11:38 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 11:38 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 11:38 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 11:38 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 19:12 . 2012-02-12 14:34 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{149DF32E-35F8-4B40-94BA-7C364AE9542E}\gapaengine.dll

2012-06-06 08:27 . 2012-06-06 08:27 -------- d-----w- c:\users\Sue & Dave\AppData\Roaming\dvdcss

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 21:18 . 2012-04-08 15:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 21:18 . 2011-06-25 15:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-02 04:46 . 2012-05-12 07:48 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 04:46 . 2012-05-12 07:48 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-30 10:29 . 2012-05-12 07:49 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-01 2295080]

"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-18 495708]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-06 8192]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-7-10 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Sue & Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syshost32]

2012-06-15 19:30 348672 ----a-w- c:\users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}\syshost.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-01-03 22:50 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]

2010-08-07 21:01 2038 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk

.

R1 MpKslc706e09c;MpKslc706e09c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C23620CF-B718-4DEB-A8E1-11CE0B3CEA0C}\MpKslc706e09c.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]

R3 flashusb;flashusb;c:\windows\system32\DRIVERS\flashusb.sys [2011-12-08 16384]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-08 103992]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-07-20 338168]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]

2010-06-24 02:47 687104 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]

2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-MsMpSvc

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3844)

c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\DllHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Completion time: 2012-06-24 22:12:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-24 21:12

.

Pre-Run: 21,223,780,352 bytes free

Post-Run: 21,118,300,160 bytes free

.

- - End Of File - - C8C407EF2D330875F769FD1A2BA2BDAA

Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hi again, the scanner has finished and it found 3 threats

C:\Users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}\syshost.exe a variant of Win32/Kryptik.AHCZ trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\06242012_210904\C_Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\06242012_210904\C_Windows\Installer\{c51bf1ae-c06c-69f4-2c1d-8a86f3c5524f}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined

this is the txt file from the scanner, but when i accessed the text file with the directory you specified it didnt contain much at all

this is all that was in that text file

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

thanks for all your help so far :)

Link to post
Share on other sites

ComboFix 12-06-25.03 - Sue & Dave 25/06/2012 22:53:51.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1012.216 [GMT 1:00]

Running from: c:\users\Sue & Dave\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))

.

.

2012-06-25 22:12 . 2012-06-25 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-25 17:30 . 2012-06-25 17:30 -------- d-----w- c:\program files\ESET

2012-06-24 19:26 . 2012-06-24 19:26 -------- d-----w- C:\_OTL

2012-06-23 23:08 . 2012-06-23 23:08 -------- d-----w- c:\users\Sue & Dave\AppData\Local\Macromedia

2012-06-21 18:35 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 18:35 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 18:35 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 18:35 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 18:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 18:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 18:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 18:35 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 18:35 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 13:35 . 2012-06-20 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\users\Sue & Dave\AppData\Roaming\Malwarebytes

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\programdata\Malwarebytes

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-18 19:36 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 18:59 . 2012-06-18 19:11 -------- d-----w- c:\program files\Microsoft Works

2012-06-18 18:54 . 2012-06-18 18:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-06-18 18:53 . 2012-06-18 18:53 -------- d-----w- c:\users\Sue & Dave\AppData\Local\Microsoft Help

2012-06-18 18:52 . 2012-06-20 23:08 -------- d-----w- c:\programdata\Microsoft Help

2012-06-15 20:38 . 2012-06-15 20:38 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-15 19:26 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A057E9EB-74FD-4F52-BDE3-4E9529F250AB}\mpengine.dll

2012-06-14 11:44 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-14 11:38 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 11:38 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-14 11:38 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 11:38 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 11:38 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 11:38 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 11:38 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 11:38 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 11:38 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 11:38 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 19:12 . 2012-02-12 14:34 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{149DF32E-35F8-4B40-94BA-7C364AE9542E}\gapaengine.dll

2012-06-06 08:27 . 2012-06-06 08:27 -------- d-----w- c:\users\Sue & Dave\AppData\Roaming\dvdcss

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 21:18 . 2012-04-08 15:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 21:18 . 2011-06-25 15:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-02 04:46 . 2012-05-12 07:48 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 04:46 . 2012-05-12 07:48 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-30 10:29 . 2012-05-12 07:49 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-01 2295080]

"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-18 495708]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-06 8192]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-7-10 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Sue & Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-01-03 22:50 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]

2010-08-07 21:01 2038 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk

.

R1 MpKslc706e09c;MpKslc706e09c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C23620CF-B718-4DEB-A8E1-11CE0B3CEA0C}\MpKslc706e09c.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]

R3 flashusb;flashusb;c:\windows\system32\DRIVERS\flashusb.sys [2011-12-08 16384]

R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-08 103992]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-07-20 338168]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]

2010-06-24 02:47 687104 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]

2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-JumiController - c:\program files\Jumi\Jumi.exe

MSConfigStartUp-syshost32 - c:\users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}\syshost.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5808)

c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

Completion time: 2012-06-25 23:16:46

ComboFix-quarantined-files.txt 2012-06-25 22:16

ComboFix2.txt 2012-06-24 21:12

.

Pre-Run: 20,824,748,032 bytes free

Post-Run: 20,712,620,032 bytes free

.

- - End Of File - - 10388396E9EFB25F05B74824A4F7CC07

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
c:\users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}

File::
c:\users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}\syshost.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-06-25.03 - Sue & Dave 26/06/2012 17:56:12.3.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1012.239 [GMT 1:00]

Running from: c:\users\Sue & Dave\Desktop\ComboFix.exe

Command switches used :: c:\users\Sue & Dave\Desktop\cfscript.txt.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Sue & Dave\AppData\Local\{82FECC2B-611A-CB9E-7C4E-CC745C0F309C}\syshost.exe"

.

.

((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))

.

.

2012-06-26 17:15 . 2012-06-26 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-25 17:30 . 2012-06-25 17:30 -------- d-----w- c:\program files\ESET

2012-06-24 19:26 . 2012-06-24 19:26 -------- d-----w- C:\_OTL

2012-06-23 23:08 . 2012-06-23 23:08 -------- d-----w- c:\users\Sue & Dave\AppData\Local\Macromedia

2012-06-21 18:35 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 18:35 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 18:35 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 18:35 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 18:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 18:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 18:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 18:35 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 18:35 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 13:35 . 2012-06-20 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\users\Sue & Dave\AppData\Roaming\Malwarebytes

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\programdata\Malwarebytes

2012-06-18 19:36 . 2012-06-18 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-18 19:36 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 18:59 . 2012-06-18 19:11 -------- d-----w- c:\program files\Microsoft Works

2012-06-18 18:54 . 2012-06-18 18:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-06-18 18:53 . 2012-06-18 18:53 -------- d-----w- c:\users\Sue & Dave\AppData\Local\Microsoft Help

2012-06-18 18:52 . 2012-06-20 23:08 -------- d-----w- c:\programdata\Microsoft Help

2012-06-15 20:38 . 2012-06-15 20:38 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-15 19:26 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A057E9EB-74FD-4F52-BDE3-4E9529F250AB}\mpengine.dll

2012-06-14 11:44 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-14 11:38 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 11:38 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-14 11:38 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 11:38 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 11:38 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 11:38 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 11:38 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 11:38 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 11:38 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 11:38 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 19:12 . 2012-02-12 14:34 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{149DF32E-35F8-4B40-94BA-7C364AE9542E}\gapaengine.dll

2012-06-06 08:27 . 2012-06-06 08:27 -------- d-----w- c:\users\Sue & Dave\AppData\Roaming\dvdcss

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 21:18 . 2012-04-08 15:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 21:18 . 2011-06-25 15:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-02 04:46 . 2012-05-12 07:48 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 04:46 . 2012-05-12 07:48 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-30 10:29 . 2012-05-12 07:49 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-01 2295080]

"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-18 495708]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-06 8192]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-7-10 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Sue & Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Sue & Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-01-03 22:50 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]

2010-08-07 21:01 2038 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk

.

R1 MpKslc706e09c;MpKslc706e09c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C23620CF-B718-4DEB-A8E1-11CE0B3CEA0C}\MpKslc706e09c.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]

R3 flashusb;flashusb;c:\windows\system32\DRIVERS\flashusb.sys [2011-12-08 16384]

R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-08 103992]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-07-20 338168]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]

2010-06-24 02:47 687104 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]

2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Sue & Dave\AppData\Roaming\Mozilla\Firefox\Profiles\qkibkhg6.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2152)

c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\DllHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2012-06-26 18:23:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-26 17:23

ComboFix2.txt 2012-06-25 22:16

ComboFix3.txt 2012-06-24 21:12

.

Pre-Run: 20,725,284,864 bytes free

Post-Run: 20,664,864,768 bytes free

.

- - End Of File - - A347230057B6F7EDCD4AC30192E168AC

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Status: Deleted (events: 3)

26/06/2012 22:07:53 Deleted adware not-a-virus:AdWare.Win32.Zwangi.gqq C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8EGF18R\upgrade[1].cab Medium

26/06/2012 22:07:53 Deleted adware not-a-virus:AdWare.Win32.Zwangi.gqq C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8EGF18R\upgrade[1].cab//upgrade.exe Medium

26/06/2012 22:07:53 Deleted adware not-a-virus:AdWare.Win32.Zwangi.gqq C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8EGF18R\upgrade[1].cab//upgrade.exe//scanquery.exe Medium

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.