Jump to content

Delta search infection, but I cant download DDS


Recommended Posts

HI

I have the Delta Search infection, which resets my browser home page to Delta search, also any new tabs get redirected to delta search. I downloaded and ran Malwarbytes which found some issues which I removed. I have reset my homepages, but still have the issue with new tabs being diverted to delta search.

I tried to download DDS to run and attach my scripts buy I got the following error, not sure if the infection is blocking it?

E:\Users\darren\AppData\Local\Temp\_M1h+Z3G.scr.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

Please help.

OK, I've managed to get DDS downoaded and the logs are below.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.9.2

Run by darren at 17:10:03 on 2013-09-08

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3555.1334 [GMT 1:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ================

.

E:\Windows\system32\wininit.exe

E:\Windows\system32\lsm.exe

E:\Windows\system32\nvvsvc.exe

E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

E:\Windows\system32\nvvsvc.exe

E:\Windows\System32\spoolsv.exe

E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

E:\Program Files\ASUS\AXSP\1.00.18\atkexComSvc.exe

E:\Program Files\ASUS\AAHM\1.00.20\aaHMSvc.exe

E:\Program Files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

E:\Program Files\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe

E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe

E:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

E:\Windows\system32\IProsetMonitor.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

E:\Program Files\Macrium\Reflect\ReflectService.exe

E:\Windows\System32\WUDFHost.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

E:\Windows\system32\Dwm.exe

E:\Windows\Explorer.EXE

E:\Windows\system32\taskhost.exe

E:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe

E:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

E:\Program Files\Citrix\ICA Client\concentr.exe

E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

E:\Program Files\Citrix\ICA Client\wfcrun32.exe

E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Google\Drive\googledrivesync.exe

E:\Program Files\Windows Sidebar\sidebar.exe

E:\Users\darren\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

E:\Program Files\Plex\Plex Media Server\Plex Media Server.exe

E:\Program Files\Garmin\Express Tray\ExpressTray.exe

E:\Users\darren\AppData\Roaming\Dropbox\bin\Dropbox.exe

E:\Program Files\Google\Drive\googledrivesync.exe

E:\Program Files\NVIDIA Corporation\Display\nvtray.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe

E:\Windows\system32\conhost.exe

E:\Windows\system32\SearchIndexer.exe

E:\Program Files\Windows Media Player\wmpnetwk.exe

E:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

E:\Windows\system32\Dwm.exe

E:\Windows\Explorer.EXE

E:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe

E:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

E:\Program Files\Citrix\ICA Client\concentr.exe

E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

E:\Program Files\Citrix\ICA Client\wfcrun32.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Digiarty\Air_Playit\airplayit.exe

E:\Program Files\Windows Sidebar\sidebar.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

E:\Windows\system32\DllHost.exe

E:\Program Files\Digiarty\Air_Playit\AirPS.exe

E:\Windows\system32\conhost.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

E:\Windows\system32\nvvsvc.exe

E:\Windows\system32\taskhost.exe

E:\Windows\system32\SearchProtocolHost.exe

E:\Windows\system32\taskeng.exe

E:\Windows\system32\SearchFilterHost.exe

E:\Windows\system32\DllHost.exe

E:\Windows\system32\DllHost.exe

E:\Windows\system32\conhost.exe

E:\Windows\system32\wbem\wmiprvse.exe

E:\Windows\system32\svchost.exe -k DcomLaunch

E:\Windows\system32\svchost.exe -k RPCSS

E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

E:\Windows\system32\svchost.exe -k LocalService

E:\Windows\system32\svchost.exe -k netsvcs

E:\Windows\system32\svchost.exe -k NetworkService

E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

E:\Windows\system32\svchost.exe -k hpdevmgmt

E:\Windows\System32\svchost.exe -k HPZ12

E:\Windows\System32\svchost.exe -k HPZ12

E:\Windows\system32\svchost.exe -k imgsvc

E:\Windows\System32\svchost.exe -k secsvcs

E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - e:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - e:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre7\bin\ssv.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - e:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - e:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [GoogleDriveSync] "e:\program files\google\drive\googledrivesync.exe" /autostart

uRun: [sidebar] e:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Google Update] "e:\users\darren\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [MusicManager] "e:\users\darren\appdata\local\programs\google\musicmanager\MusicManager.exe"

uRun: [Plex Media Server] "e:\program files\plex\plex media server\Plex Media Server.exe"

uRun: [GarminExpressTrayApp] "e:\program files\garmin\express tray\ExpressTray.exe"

mRun: [RTHDVCPL] e:\program files\realtek\audio\hda\RtkNGUI.exe -s

mRun: [uSB3MON] "e:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"

mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe

mRun: [Persistence] e:\windows\system32\igfxpers.exe

mRun: [ConnectionCenter] "e:\program files\citrix\ica client\concentr.exe" /startup

mRun: [CanonMyPrinter] e:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [APSDaemon] "e:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AdobeAAMUpdater-1.0] "e:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AVP] "e:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"

StartupFolder: e:\users\darren\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - e:\users\darren\appdata\roaming\dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - e:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - e:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - e:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{E61F5A10-0F68-4278-A870-B674D08ED3BF} : DHCPNameServer = 194.168.4.100 194.168.8.100

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - e:\program files\citrix\ica client\IcaMimeFilter.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 asahci32;asahci32;e:\windows\system32\drivers\asahci32.sys [2012-1-6 43104]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;e:\windows\system32\drivers\iusb3hcs.sys [2012-7-21 13592]

R0 pssnap;Paramount Software Snapshot Filter;e:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]

R1 AsUpIO;AsUpIO;e:\windows\system32\drivers\AsUpIO.sys [2010-8-3 11832]

R1 ctxusbm;Citrix USB Monitor Driver;e:\windows\system32\drivers\ctxusbm.sys [2012-3-19 64800]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;e:\windows\system32\drivers\klim6.sys [2012-8-2 24408]

R1 kltdi;kltdi;e:\windows\system32\drivers\kltdi.sys [2012-6-8 44000]

R1 kneps;kneps;e:\windows\system32\drivers\kneps.sys [2012-8-13 145040]

R1 ndisrd;WinpkFilter LightWeight Filter;e:\windows\system32\drivers\ndisrd.sys [2012-8-2 28264]

R1 Uim_Vim;UIM Virtual Image Plugin;e:\windows\system32\drivers\Uim_Vim.sys [2013-2-18 283600]

R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;e:\program files\adobe\elements 11 organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]

R2 asComSvc;ASUS Com Service;e:\program files\asus\axsp\1.00.18\atkexComSvc.exe [2011-10-29 918448]

R2 asHmComSvc;ASUS HM Com Service;e:\program files\asus\aahm\1.00.20\aaHMSvc.exe [2012-2-2 951936]

R2 AsSysCtrlService;ASUS System Control Service;e:\program files\asus\assysctrlservice\1.00.13\AsSysCtrlService.exe [2012-8-2 149120]

R2 AsusFanControlService;AsusFanControlService;e:\program files\asus\asusfancontrolservice\1.00.25\AsusFanControlService.exe [2012-8-2 1493120]

R2 AVP;Kaspersky Anti-Virus Service;e:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe -r --> e:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe -r [?]

R2 DTSAudioSvc;DTSAudioSvc;e:\program files\realtek\audio\hda\DTSU2PAuSrv32.exe [2012-7-21 190832]

R2 Garmin Core Update Service;Garmin Core Update Service;e:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;e:\windows\system32\IPROSetMonitor.exe [2012-7-21 117920]

R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-5 418376]

R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-5 701512]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;e:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;e:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 asmthub3;ASMedia USB3 Hub Service;e:\windows\system32\drivers\asmthub3.sys [2012-2-21 102888]

R3 asmtxhci;ASMEDIA XHCI Service;e:\windows\system32\drivers\asmtxhci.sys [2012-2-21 315368]

R3 ASUSFILTER;ASUSFILTER;e:\windows\system32\drivers\ASUSFILTER.sys [2011-9-20 37448]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);e:\windows\system32\drivers\ICCWDT.sys [2010-8-17 22040]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;e:\windows\system32\drivers\iusb3hub.sys [2012-7-21 347928]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;e:\windows\system32\drivers\iusb3xhc.sys [2012-7-21 789272]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;e:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]

R3 klmouflt;Kaspersky Lab KLMOUFLT;e:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]

R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-9-5 22856]

R3 MEI;Intel® Management Engine Interface ;e:\windows\system32\drivers\HECI.sys [2011-11-10 46080]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AiCharger;AiCharger;e:\windows\system32\drivers\AiCharger.sys [2012-8-2 13440]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;e:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;e:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-8-1 163616]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;e:\program files\intel\intel® integrated clock controller service\ICCProxy.exe [2012-8-2 160768]

S3 StorSvc;Storage Service;e:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\TsUsbFlt.sys [2012-7-21 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;e:\windows\system32\wat\WatAdminSvc.exe [2012-7-21 1343400]

.

=============== File Associations ===============

.

ShellExec: PortraitProfessional.exe: open="e:\program files\portrait professional studio 11\PortraitProfessionalStudio.exe" /P "%1"

.

=============== Created Last 30 ================

.

2013-09-06 15:55:20 7166848 ----a-w- e:\programdata\microsoft\windows defender\definition updates\{37bb2029-d4b4-44fb-937e-3ba42f3082da}\mpengine.dll

2013-09-05 21:22:56 -------- d-----w- e:\program files\Garmin

2013-09-05 21:22:53 -------- d-----w- e:\programdata\Package Cache

2013-09-05 21:04:14 -------- d-----w- e:\windows\ERUNT

2013-09-05 21:02:16 -------- d-----w- e:\programdata\boost_interprocess

2013-09-05 14:56:08 22856 ----a-w- e:\windows\system32\drivers\mbam.sys

2013-09-05 14:56:08 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2013-08-22 02:02:26 -------- d-----w- e:\windows\system32\MRT

2013-08-21 12:55:53 -------- d-----w- e:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-21 12:55:53 -------- d-----w- e:\program files\iTunes

2013-08-21 12:55:53 -------- d-----w- e:\program files\iPod

2013-08-21 11:15:08 652800 ----a-w- e:\windows\system32\rpcrt4.dll

2013-08-21 11:15:08 3968960 ----a-w- e:\windows\system32\ntkrnlpa.exe

2013-08-21 11:15:08 3913664 ----a-w- e:\windows\system32\ntoskrnl.exe

2013-08-21 11:15:08 1289096 ----a-w- e:\windows\system32\ntdll.dll

2013-08-21 11:15:07 175104 ----a-w- e:\windows\system32\wintrust.dll

2013-08-21 11:15:07 140288 ----a-w- e:\windows\system32\cryptsvc.dll

2013-08-21 11:15:07 1166848 ----a-w- e:\windows\system32\crypt32.dll

2013-08-21 11:15:07 103936 ----a-w- e:\windows\system32\cryptnet.dll

2013-08-21 11:15:03 1620992 ----a-w- e:\windows\system32\WMVDECOD.DLL

2013-08-21 11:15:03 1293760 ----a-w- e:\windows\system32\drivers\tcpip.sys

2013-08-21 11:14:53 2048 ----a-w- e:\windows\system32\tzres.dll

2013-08-21 11:14:52 31232 ----a-w- e:\windows\system32\drivers\tssecsrv.sys

.

==================== Find3M ====================

.

2013-08-21 11:13:08 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-21 11:13:08 692104 ----a-w- e:\windows\system32\FlashPlayerApp.exe

2013-07-26 03:13:24 1767936 ----a-w- e:\windows\system32\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- e:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- e:\windows\system32\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- e:\windows\system32\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- e:\windows\system32\mshtml.tlb

2013-07-26 01:59:38 71680 ----a-w- e:\windows\system32\RegisterIEPKEYs.exe

2013-06-18 20:22:01 44000 ----a-w- e:\windows\system32\drivers\kltdi.sys

2013-06-18 20:04:39 16400 ----a-w- e:\windows\system32\drivers\LNonPnP.sys

.

============= FINISH: 17:15:29.10 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 21/07/2012 00:23:13

System Uptime: 08/09/2013 15:14:06 (2 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V PRO

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1863 GiB total, 91.469 GiB free.

D: is FIXED (NTFS) - 1863 GiB total, 253.258 GiB free.

E: is FIXED (NTFS) - 119 GiB total, 43.226 GiB free.

F: is FIXED (NTFS) - 1397 GiB total, 547.868 GiB free.

G: is CDROM ()

H: is FIXED (NTFS) - 1397 GiB total, 304.596 GiB free.

I: is FIXED (NTFS) - 1863 GiB total, 789.75 GiB free.

J: is FIXED (NTFS) - 1863 GiB total, 48.703 GiB free.

K: is Removable

L: is Removable

M: is Removable

N: is Removable

O: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_84CA1043&REV_04\3&11583659&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_84CA1043&REV_04\3&11583659&0&FB

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 11

Adobe Photoshop Lightroom 4.2

Adobe Premiere Elements 11

Adobe Reader X (10.1.4)

Air Playit 2.0.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

Asmedia ASM106x SATA Host Controller Driver

bluefin Desktop

bluefin Desktop 4.0

Bonjour

BufferChm

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon iP4500 series

Canon iP4500 series User Registration

Canon My Printer

Canon RAW Codec

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.11

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities Original Data Security Tools

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities WFT-E1/E2/E3 Utility

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCleaner

CD-LabelPrint

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Copy

Core Temp 1.0 RC3

Destinations

DeviceDiscovery

DJ_AIO_03_F2200_Software_Min

Dropbox

Elements 11 Organizer

Elevated Installer

eReg

ESET Online Scanner v3

ExPVR

F2200

Garmin Express

Garmin Express Tray

Garmin Update Service

Google Drive

Google Earth Plug-in

Google Update Helper

GPBaseService2

HandBrake 0.9.8

HP Customer Participation Program 13.0

HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

Intel® Network Connections 16.6.126.0

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Watchdog Timer Driver (Intel® WDT)

iTunes

Java 7 Update 9

Java Auto Updater

Kaspersky Internet Security 2013

Logitech SetPoint 6.32

M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1

Macrium Reflect Free Edition

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Camera Codec Pack

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MPC-HC 1.6.3.5818

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

NVIDIA 3D Vision Controller Driver 296.16

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.12.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Paragon Backup & Recovery™ 2013 Free

Plex Media Server

Portrait Professional Studio 10.8

Portrait Professional Studio 11.1

PRE11 STI Installer

PS3 Media Server

PSE11 STI Installer

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

Scan

Screen Grab Pro

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sky Go Desktop

SmartWebPrinting

SolutionCenter

Status

Toolbox

TrayApp

TrueCrypt

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.0.8

WebReg

Windows Driver Package - FTDI bluefin USB Driver (03/18/2011 2.08.14)

Windows Driver Package - FTDI bluefin Virtual COM Port Driver (03/18/2011 2.08.14)

WinX Blu-ray Decrypter 3.4.1

WinX DVD Copy Pro 3.4.5

WinX DVD Ripper Platinum 6.9.2

WinX HD Video Converter Deluxe 3.12.2

WinZip 17.0

ZipGenius 6.3

.

==== Event Viewer Messages From Past Week ========

.

08/09/2013 15:16:24, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

08/09/2013 15:16:24, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

07/09/2013 02:56:57, Error: volsnap [35] - The shadow copies of volume E: were aborted because the shadow copy storage failed to grow.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello rigsby1208! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Hi Borislav

Thank you very much for your time.

Logs attached..

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x86
Ran by darren on 09/09/2013 at 20:53:53.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "E:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "E:\ProgramData\application data\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/09/2013 at 20:56:09.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

# AdwCleaner v3.003 - Report created 09/09/2013 at 21:07:21
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : darren - DARREN-PC
# Running from : E:\Users\darren\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : E:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : E:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\29paubt4.default\prefs.js ]


[ File : E:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\8hcnb902.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2487 octets] - [09/09/2013 21:02:56]
AdwCleaner[R1].txt - [1042 octets] - [09/09/2013 21:07:10]
AdwCleaner[s0].txt - [2490 octets] - [09/09/2013 21:03:57]
AdwCleaner[s1].txt - [969 octets] - [09/09/2013 21:07:21]

########## EOF - E:\AdwCleaner\AdwCleaner[s1].txt - [1028 octets] ##########
 

Link to post
Share on other sites

Ah, sorry

step 3 log attached..

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.11.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
darren :: DARREN-PC [administrator]

11/09/2013 20:26:20
mbam-log-2013-09-11 (20-26-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320364
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Let's take a deeper look:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Hi

Apologies for the dely.  OTL reports below...

 

OTL logfile created on: 9/15/2013 7:23:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Users\darren\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.47 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 68.68% Memory free
6.94 Gb Paging File | 4.63 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 1863.01 Gb Total Space | 91.47 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 241.21 Gb Free Space | 12.95% Space Free | Partition Type: NTFS
Drive E: | 119.23 Gb Total Space | 42.68 Gb Free Space | 35.80% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 547.87 Gb Free Space | 39.21% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 304.60 Gb Free Space | 21.80% Space Free | Partition Type: NTFS
Drive I: | 1863.01 Gb Total Space | 789.75 Gb Free Space | 42.39% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 48.70 Gb Free Space | 2.61% Space Free | Partition Type: NTFS
 
Computer Name: DARREN-PC | User Name: darren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (All) ==========
 
PRC - [2013/09/15 19:20:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\darren\Desktop\OTL - Copy.exe
PRC - [2013/08/22 14:00:26 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/08/22 14:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/08/16 09:07:58 | 000,152,392 | ---- | M] (Apple Inc.) -- E:\Program Files\iTunes\iTunesHelper.exe
PRC - [2013/08/16 09:07:50 | 000,553,288 | ---- | M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe
PRC - [2013/08/03 18:09:18 | 000,409,776 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2013/08/02 01:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
PRC - [2013/07/06 11:20:13 | 004,640,768 | ---- | M] (Spotify Ltd) -- E:\Users\Henry\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/07/06 11:20:13 | 001,104,384 | ---- | M] (Spotify Ltd) -- E:\Users\Henry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- E:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/06/21 00:52:00 | 007,345,664 | ---- | M] (Google Inc.) -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/06/05 18:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- E:\Users\Henry\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/06/05 18:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- E:\Users\darren\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/06/03 17:25:26 | 000,033,928 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2013/06/03 17:25:24 | 001,563,784 | ---- | M] (Plex, Inc.) -- E:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2013/06/03 17:25:22 | 003,997,832 | ---- | M] (Plex, Inc.) -- E:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/19 03:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\smss.exe
PRC - [2013/01/27 12:08:19 | 000,116,648 | ---- | M] (Google Inc.) -- E:\Users\darren\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2013/01/18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- E:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 15:20:08 | 000,639,776 | ---- | M] (NVIDIA Corporation) -- E:\Windows\System32\nvvsvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/01/06 13:08:03 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/01/05 23:09:31 | 000,116,648 | ---- | M] (Google Inc.) -- E:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/12/06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/11/28 15:13:24 | 000,013,712 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\taskhost.exe
PRC - [2012/09/17 07:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/26 04:21:03 | 000,196,608 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\WUDFHost.exe
PRC - [2012/06/12 11:18:56 | 000,224,960 | ---- | M] () -- E:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2012/03/28 02:28:44 | 000,735,168 | ---- | M] (Citrix Systems, Inc.) -- E:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/03/28 02:27:06 | 000,309,184 | ---- | M] (Citrix Systems, Inc.) -- E:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/02/28 16:06:48 | 010,468,672 | ---- | M] () -- E:\Program Files\Digiarty\Air_Playit\airplayit.exe
PRC - [2012/02/28 16:06:40 | 001,607,488 | ---- | M] (Digiarty, Inc.) -- E:\Program Files\Digiarty\Air_Playit\AirPS.exe
PRC - [2012/02/22 06:59:18 | 001,493,120 | R--- | M] (ASUSTeK Computer Inc.) -- E:\Program Files\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe
PRC - [2012/02/17 07:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) -- E:\Program Files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\spoolsv.exe
PRC - [2012/02/10 07:39:30 | 005,646,952 | ---- | M] (Realtek Semiconductor) -- E:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2012/02/02 10:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- E:\Program Files\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2012/01/23 15:28:50 | 000,190,832 | ---- | M] (DTS, Inc) -- E:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe
PRC - [2012/01/04 20:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- E:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\lsass.exe
PRC - [2011/10/29 02:59:26 | 000,918,448 | R--- | M] () -- E:\Program Files\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2011/08/31 00:05:02 | 000,390,504 | ---- | M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011/08/15 18:38:50 | 000,117,920 | ---- | M] (Intel Corporation) -- E:\Windows\System32\IPROSetMonitor.exe
PRC - [2011/06/16 18:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/05/04 05:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\SearchIndexer.exe
PRC - [2011/05/04 05:28:31 | 000,164,352 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\SearchProtocolHost.exe
PRC - [2011/05/04 05:28:31 | 000,086,528 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\SearchFilterHost.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- E:\Windows\explorer.exe
PRC - [2010/11/20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\winlogon.exe
PRC - [2010/11/20 13:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\taskeng.exe
PRC - [2010/11/20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2010/11/20 13:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\lsm.exe
PRC - [2010/11/20 13:17:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\LogonUI.exe
PRC - [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\wininit.exe
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\svchost.exe  [comLaunch]
PRC - [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\services.exe
PRC - [2009/07/14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dwm.exe
PRC - [2009/07/14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\csrss.exe
PRC - [2007/04/04 02:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/14 10:31:24 | 001,175,040 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\wx._core_.pyd
MOD - [2013/09/14 10:31:24 | 001,153,024 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\_ssl.pyd
MOD - [2013/09/14 10:31:24 | 001,062,400 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\wx._controls_.pyd
MOD - [2013/09/14 10:31:24 | 000,811,008 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\wx._windows_.pyd
MOD - [2013/09/14 10:31:24 | 000,805,888 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\wx._gdi_.pyd
MOD - [2013/09/14 10:31:24 | 000,735,232 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\wx._misc_.pyd
MOD - [2013/09/14 10:31:24 | 000,711,680 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\_hashlib.pyd
MOD - [2013/09/14 10:31:24 | 000,686,080 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\unicodedata.pyd
MOD - [2013/09/14 10:31:24 | 000,557,056 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\pysqlite2._sqlite.pyd
MOD - [2013/09/14 10:31:24 | 000,504,832 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\windows._cacheinvalidation.pyd
MOD - [2013/09/14 10:31:24 | 000,364,544 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\pythoncom27.dll
MOD - [2013/09/14 10:31:24 | 000,320,512 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32com.shell.shell.pyd
MOD - [2013/09/14 10:31:24 | 000,128,512 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\_elementtree.pyd
MOD - [2013/09/14 10:31:24 | 000,127,488 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\pyexpat.pyd
MOD - [2013/09/14 10:31:24 | 000,122,368 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\wx._wizard.pyd
MOD - [2013/09/14 10:31:24 | 000,119,808 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32file.pyd
MOD - [2013/09/14 10:31:24 | 000,110,080 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\PyWinTypes27.dll
MOD - [2013/09/14 10:31:24 | 000,108,544 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32security.pyd
MOD - [2013/09/14 10:31:24 | 000,098,816 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32api.pyd
MOD - [2013/09/14 10:31:24 | 000,087,040 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\_ctypes.pyd
MOD - [2013/09/14 10:31:24 | 000,070,656 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\wx._html2.pyd
MOD - [2013/09/14 10:31:24 | 000,044,032 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\_socket.pyd
MOD - [2013/09/14 10:31:24 | 000,038,912 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32inet.pyd
MOD - [2013/09/14 10:31:24 | 000,035,840 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32process.pyd
MOD - [2013/09/14 10:31:24 | 000,026,624 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\_multiprocessing.pyd
MOD - [2013/09/14 10:31:24 | 000,025,600 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32pdh.pyd
MOD - [2013/09/14 10:31:24 | 000,022,528 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32ts.pyd
MOD - [2013/09/14 10:31:24 | 000,018,432 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32event.pyd
MOD - [2013/09/14 10:31:24 | 000,017,408 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32profile.pyd
MOD - [2013/09/14 10:31:24 | 000,011,264 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\win32crypt.pyd
MOD - [2013/09/14 10:31:24 | 000,010,240 | ---- | M] () -- E:\Users\darren\AppData\Local\Temp\_MEI38083\select.pyd
MOD - [2013/08/22 03:05:06 | 001,226,752 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\4e7b7262234d31e42cb34d72ddb1a14b\System.WorkflowServices.ni.dll
MOD - [2013/08/22 03:04:52 | 001,141,760 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b7ed4fb85e3e4d8b012dfd3a7c0435eb\System.ServiceModel.Discovery.ni.dll
MOD - [2013/08/22 03:04:52 | 000,369,664 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a5eadca5d17af2aa06a4b5f40b588a6\System.ServiceModel.Routing.ni.dll
MOD - [2013/08/22 03:04:51 | 000,082,432 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1a335f477a925de13d86b720392a2b2e\System.ServiceModel.Channels.ni.dll
MOD - [2013/08/22 03:04:45 | 001,394,176 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d301978a7b9dbe3f69c166bf00d5b858\System.ServiceModel.Activities.ni.dll
MOD - [2013/08/22 03:04:43 | 018,101,760 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8e155e090e2990b5afc341a2b068835b\System.ServiceModel.ni.dll
MOD - [2013/08/22 03:04:43 | 001,078,272 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d562a607bb4973993b59456d35f6307f\System.IdentityModel.ni.dll
MOD - [2013/08/22 03:04:36 | 001,087,488 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d7a30ba1e54ebb51f5bb79780aaf13e5\System.ServiceModel.Web.ni.dll
MOD - [2013/08/22 03:03:52 | 001,021,952 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\0442e1dc48d826e9b795d1e67d552791\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/22 03:03:52 | 000,649,728 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9f37a2a23772a8e9dcbef5c6b6ebe0ad\System.Transactions.ni.dll
MOD - [2013/08/22 03:03:52 | 000,143,360 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\12d171dd78ad02e8561a46bf266c5394\SMDiagnostics.ni.dll
MOD - [2013/08/22 03:03:51 | 002,647,552 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0a3d8f846e42d481c0cc2200b7859858\System.Runtime.Serialization.ni.dll
MOD - [2013/08/22 03:03:50 | 000,393,216 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e77f989b5dae0c6d2367d534c73a31f9\System.Xml.Linq.ni.dll
MOD - [2013/08/22 03:03:40 | 001,801,728 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2013/08/22 03:02:03 | 018,003,456 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a342a61dd88db0c26a11470ce6a4f167\PresentationFramework.ni.dll
MOD - [2013/08/22 03:01:56 | 013,199,360 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6da40f01a719972f3242d3c374e499c5\System.Windows.Forms.ni.dll
MOD - [2013/08/22 03:01:56 | 011,451,904 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\42c02d5f442dea943fc7def7b864bb90\PresentationCore.ni.dll
MOD - [2013/08/22 03:01:53 | 007,070,720 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5c4f1eb1b2efdd138d137c5069a8bdf5\System.Core.ni.dll
MOD - [2013/08/22 03:01:53 | 000,595,968 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/08/22 03:01:51 | 005,628,928 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/08/22 03:01:51 | 003,858,944 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6a1d260372cda12056515b30b2bcf715\WindowsBase.ni.dll
MOD - [2013/08/22 03:01:51 | 001,667,584 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/08/22 03:01:50 | 001,014,272 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da18beba41f700dd4c71a3f5464c4342\System.Configuration.ni.dll
MOD - [2013/08/22 03:01:49 | 009,099,776 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/07/11 22:21:50 | 014,418,432 | ---- | M] () -- E:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/06/21 00:41:50 | 000,344,064 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/06/21 00:41:28 | 000,231,936 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/06/21 00:40:36 | 000,253,440 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/06/21 00:40:00 | 000,117,248 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/06/03 17:26:02 | 000,033,416 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2013/06/03 17:26:00 | 000,196,232 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2013/06/03 17:26:00 | 000,057,992 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2013/06/03 17:26:00 | 000,044,680 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2013/06/03 17:26:00 | 000,017,544 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2013/06/03 17:25:58 | 000,841,864 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2013/06/03 17:25:58 | 000,825,480 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2013/06/03 17:25:56 | 000,050,312 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2013/06/03 17:25:56 | 000,033,928 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2013/06/03 17:25:54 | 000,366,216 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2013/06/03 17:25:54 | 000,094,344 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2013/06/03 17:25:52 | 000,590,472 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2013/06/03 17:25:52 | 000,134,792 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2013/06/03 17:25:52 | 000,017,544 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2013/06/03 17:25:50 | 000,072,840 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\zlib1.dll
MOD - [2013/06/03 17:25:48 | 008,495,240 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\WebKit.dll
MOD - [2013/06/03 17:25:48 | 000,629,384 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\tag.dll
MOD - [2013/06/03 17:25:46 | 000,293,264 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\swscale-0.dll
MOD - [2013/06/03 17:25:44 | 000,089,224 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2013/06/03 17:25:44 | 000,051,848 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2013/06/03 17:25:40 | 000,173,704 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2013/06/03 17:25:38 | 000,839,816 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2013/06/03 17:25:36 | 000,063,624 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2013/06/03 17:25:34 | 001,291,400 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2013/06/03 17:25:30 | 001,038,984 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\cairo.dll
MOD - [2013/06/03 17:25:30 | 000,952,968 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\CFLite.dll
MOD - [2013/06/03 17:25:28 | 005,828,368 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\avcodec-52.dll
MOD - [2013/06/03 17:25:28 | 001,255,128 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\avformat-52.dll
MOD - [2013/06/03 17:25:28 | 000,272,072 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\avutil-50.dll
MOD - [2013/06/03 17:25:26 | 000,033,928 | ---- | M] () -- E:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2013/03/13 21:48:52 | 024,978,944 | ---- | M] () -- E:\Users\darren\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/10 21:01:44 | 000,026,624 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 21:01:26 | 010,683,392 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 21:01:24 | 001,681,408 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 21:01:22 | 007,741,952 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 21:01:20 | 002,248,192 | ---- | M] () -- E:\Users\darren\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/11/14 00:32:50 | 003,558,400 | ---- | M] () -- E:\Users\darren\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/05/30 21:06:48 | 000,087,912 | ---- | M] () -- E:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 21:06:30 | 001,242,512 | ---- | M] () -- E:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/09/10 18:13:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/22 14:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- E:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/08/21 12:56:50 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/06 13:08:03 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/09/17 07:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- E:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/21 14:18:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/12 11:18:56 | 000,224,960 | ---- | M] () [Auto | Running] -- E:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012/03/20 00:44:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- E:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/22 06:59:18 | 001,493,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- E:\Program Files\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/02/17 07:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- E:\Program Files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/02/02 10:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- E:\Program Files\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/01/23 15:28:50 | 000,190,832 | ---- | M] (DTS, Inc) [Auto | Running] -- E:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe -- (DTSAudioSvc)
SRV - [2011/10/29 02:59:26 | 000,918,448 | R--- | M] () [Auto | Running] -- E:\Program Files\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2011/09/27 20:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/15 18:38:50 | 000,117,920 | ---- | M] (Intel Corporation) [Auto | Running] -- E:\Windows\System32\IPROSetMonitor.exe -- (Intel®
SRV - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- E:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Users\darren\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013/09/11 20:25:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/18 21:22:01 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- E:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/04/22 09:04:15 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- E:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/04/22 09:04:15 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- E:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/02/18 13:59:44 | 000,452,816 | ---- | M] (Paragon) [Kernel | System | Running] -- E:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2013/02/18 13:59:44 | 000,283,600 | ---- | M] (Paragon) [Kernel | System | Running] -- E:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2013/02/18 13:59:44 | 000,081,232 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- E:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2013/01/06 13:22:46 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/01/06 13:22:46 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/08/04 10:19:29 | 000,163,616 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV - [2012/08/02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- E:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/07/21 14:11:15 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- E:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/06/19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- E:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012/06/12 11:19:08 | 000,016,064 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- E:\Windows\System32\drivers\pssnap.sys -- (pssnap)
DRV - [2012/03/19 09:18:46 | 000,064,800 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- E:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/02/21 18:46:20 | 000,315,368 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2012/02/21 18:46:18 | 000,102,888 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2012/01/17 13:45:58 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/01/06 11:44:30 | 000,043,104 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- E:\Windows\System32\drivers\asahci32.sys -- (asahci32)
DRV - [2012/01/04 20:58:50 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012/01/04 20:58:50 | 000,347,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012/01/04 20:58:50 | 000,013,592 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- E:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2011/11/10 00:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/09/20 05:25:28 | 000,037,448 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\ASUSFILTER.sys -- (ASUSFILTER)
DRV - [2011/09/02 07:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 07:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/08/12 11:13:58 | 000,028,264 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- E:\Windows\System32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2011/07/20 02:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2011/03/18 14:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- E:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/20 19:12:14 | 000,013,440 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\AiCharger.sys -- (AiCharger)
DRV - [2010/08/24 08:31:08 | 000,011,456 | R--- | M] () [Kernel | System | Running] -- E:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2010/08/17 18:28:34 | 000,022,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\Windows\System32\drivers\ICCWDT.sys -- (ICCWDT)
DRV - [2010/08/03 06:20:56 | 000,011,832 | R--- | M] () [Kernel | System | Running] -- E:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2002/04/02 17:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- E:\Windows\System32\drivers\cvspydr2.sys -- (cvspydr2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 1B C4 92 D0 66 CD 01  [binary data]
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 01 61 78 8B 70 CD 01  [binary data]
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\..\SearchScopes,DefaultScope = {700F9637-8FFE-4759-ACDA-902AA7E96400}
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111434&tt=3012_7&babsrc=SP_ss&mntrId=6a229dba00000000000010bf48799c74
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\..\SearchScopes\{700F9637-8FFE-4759-ACDA-902AA7E96400}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=CC5C6200-CD42-424D-BB72-6AC5CA6A51AF&apn_sauid=F122E31C-AE4A-4E14-86F0-B8C33DBD31BE
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: E:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: E:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: E:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Users\darren\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Users\darren\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/21 20:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/04/22 09:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/04/22 09:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/04/22 09:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/04/22 09:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/04/22 09:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2013/08/21 12:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2013/08/21 12:56:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/21 20:44:00 | 000,000,000 | ---D | M]
 
[2012/08/23 21:13:10 | 000,000,000 | ---D | M] (No name found) -- E:\Users\darren\AppData\Roaming\Mozilla\Extensions
[2013/09/14 10:40:18 | 000,000,000 | ---D | M] (No name found) -- E:\Users\darren\AppData\Roaming\Mozilla\Profiles\1hw3rn2c.master\extensions
[2013/05/16 20:49:58 | 000,000,000 | ---D | M] (WOT) -- E:\Users\darren\AppData\Roaming\Mozilla\Profiles\1hw3rn2c.master\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/28 10:58:10 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\darren\AppData\Roaming\Mozilla\Profiles\1hw3rn2c.master\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/09/14 10:40:18 | 000,000,000 | ---D | M] (No name found) -- E:\Users\darren\AppData\Roaming\Mozilla\Profiles\1hw3rn2c.master\extensions\staged
[2013/09/05 21:59:57 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2013/08/21 12:56:42 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/21 12:56:51 | 000,000,000 | ---D | M] (Default) -- E:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/28 02:04:52 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- E:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2012/03/28 02:06:54 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- E:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2012/03/28 02:05:52 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- E:\Program Files\mozilla firefox\plugins\confmgr.dll
[2012/03/28 02:05:28 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- E:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- E:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- E:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2012/03/28 02:48:16 | 000,489,384 | ---- | M] () -- E:\Program Files\mozilla firefox\plugins\npicaN.dll
[2012/03/28 02:06:48 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- E:\Program Files\mozilla firefox\plugins\TcpPServ.dll
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] E:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] E:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RTHDVCPL] E:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [uSB3MON] E:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1921215017-14310540-2123050349-1000..\Run: [GarminExpressTrayApp] E:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-1921215017-14310540-2123050349-1000..\Run: [GoogleDriveSync] E:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1921215017-14310540-2123050349-1000..\Run: [MusicManager] E:\Users\darren\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1921215017-14310540-2123050349-1000..\Run: [Plex Media Server] E:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKU\S-1-5-21-1921215017-14310540-2123050349-1004..\Run: [Digiarty_Software_AirPlayit] E:\Program Files\Digiarty\Air_Playit\airplayit.exe ()
O4 - HKU\S-1-5-21-1921215017-14310540-2123050349-1004..\Run: [spotify] E:\Users\Henry\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1921215017-14310540-2123050349-1004..\Run: [spotify Web Helper] E:\Users\Henry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: E:\Users\darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = E:\Users\darren\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: E:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = E:\Users\darren\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1921215017-14310540-2123050349-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1921215017-14310540-2123050349-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E61F5A10-0F68-4278-A870-B674D08ED3BF}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - E:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - e:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/15 19:21:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Users\darren\Desktop\OTL - Copy.exe
[2013/09/15 19:20:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Users\darren\Desktop\OTL.exe
[2013/09/12 03:02:12 | 002,876,928 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/09/12 03:02:12 | 002,706,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/09/12 03:02:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/09/12 03:02:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2013/09/12 03:02:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/09/12 03:02:11 | 000,493,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/09/12 03:02:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesysprep.dll
[2013/09/12 03:02:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/12 03:02:11 | 000,042,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2013/09/12 03:02:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2013/09/11 23:27:05 | 000,133,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\ataport.sys
[2013/09/11 23:27:04 | 002,348,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/09/11 23:27:03 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/09/11 23:27:03 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/09/11 23:27:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 23:27:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 23:27:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 23:27:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 23:27:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 23:27:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 23:27:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 23:27:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 23:27:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 23:27:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 20:25:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbamswissarmy.sys
[2013/09/09 21:08:42 | 000,000,000 | ---D | C] -- E:\ProgramData\boost_interprocess
[2013/09/09 21:02:53 | 000,000,000 | ---D | C] -- E:\AdwCleaner
[2013/09/05 22:23:40 | 000,000,000 | ---D | C] -- E:\Users\darren\Documents\Garmin
[2013/09/05 22:22:59 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2013/09/05 22:22:56 | 000,000,000 | ---D | C] -- E:\Program Files\Garmin
[2013/09/05 22:22:53 | 000,000,000 | ---D | C] -- E:\ProgramData\Package Cache
[2013/09/05 22:04:14 | 000,000,000 | ---D | C] -- E:\Windows\ERUNT
[2013/09/05 15:56:09 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/05 15:56:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbam.sys
[2013/09/05 15:56:08 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2013/08/25 12:23:07 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/22 03:02:26 | 000,000,000 | ---D | C] -- E:\Windows\System32\MRT
[2013/08/21 13:56:02 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/21 13:55:53 | 000,000,000 | ---D | C] -- E:\Program Files\iTunes
[2013/08/21 13:55:53 | 000,000,000 | ---D | C] -- E:\Program Files\iPod
[2013/08/21 13:55:53 | 000,000,000 | ---D | C] -- E:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/21 12:56:41 | 000,000,000 | ---D | C] -- E:\Program Files\Mozilla Firefox
[2013/08/21 12:15:08 | 003,968,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2013/08/21 12:15:08 | 003,913,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2013/08/21 12:15:03 | 001,620,992 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WMVDECOD.DLL
[2013/08/21 12:14:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[1 E:\Users\darren\Documents\*.tmp files -> E:\Users\darren\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/15 19:25:27 | 000,000,882 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/15 19:24:56 | 000,000,860 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921215017-14310540-2123050349-1000Core.job
[2013/09/15 19:20:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\darren\Desktop\OTL.exe
[2013/09/15 19:20:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\darren\Desktop\OTL - Copy.exe
[2013/09/15 19:19:45 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/09/15 19:18:30 | 000,000,912 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1921215017-14310540-2123050349-1000UA.job
[2013/09/15 19:18:30 | 000,000,886 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/15 19:18:05 | 000,000,830 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/14 12:23:42 | 003,750,790 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/09/14 12:23:42 | 001,739,608 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/09/14 10:38:19 | 000,013,456 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/14 10:38:19 | 000,013,456 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/14 10:31:09 | 2795,933,696 | -HS- | M] () -- E:\hiberfil.sys
[2013/09/12 03:20:36 | 002,693,232 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/09/11 20:25:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- E:\Windows\System32\drivers\mbamswissarmy.sys
[2013/09/10 18:13:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/09/10 18:13:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/09 21:02:49 | 001,037,278 | ---- | M] () -- E:\Users\darren\Desktop\AdwCleaner(1).exe
[2013/09/05 22:22:59 | 000,001,895 | ---- | M] () -- E:\Users\Public\Desktop\Garmin Express.lnk
[2013/09/05 15:56:09 | 000,001,104 | ---- | M] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 12:23:07 | 000,001,061 | ---- | M] () -- E:\Users\Public\Desktop\VLC media player.lnk
[2013/08/22 20:05:53 | 000,002,042 | ---- | M] () -- E:\Users\darren\Desktop\Kies Air Discovery Service.lnk
[2013/08/21 13:56:02 | 000,001,790 | ---- | M] () -- E:\Users\Public\Desktop\iTunes.lnk
[1 E:\Users\darren\Documents\*.tmp files -> E:\Users\darren\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/09 21:02:42 | 001,037,278 | ---- | C] () -- E:\Users\darren\Desktop\AdwCleaner(1).exe
[2013/09/05 22:22:59 | 000,001,895 | ---- | C] () -- E:\Users\Public\Desktop\Garmin Express.lnk
[2013/09/05 15:56:09 | 000,001,104 | ---- | C] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/22 20:05:53 | 000,002,042 | ---- | C] () -- E:\Users\darren\Desktop\Kies Air Discovery Service.lnk
[2012/09/12 22:58:37 | 005,221,448 | ---- | C] () -- E:\Windows\System32\SpoonUninstall.exe
[2012/08/21 20:41:25 | 000,164,567 | ---- | C] () -- E:\Windows\hpoins27.dat
[2012/08/21 20:41:25 | 000,000,442 | ---- | C] () -- E:\Windows\hpomdl27.dat
[2012/08/19 14:49:03 | 002,953,448 | ---- | C] () -- E:\Windows\System32\nvcoproc.bin
[2012/08/02 23:47:39 | 001,048,576 | ---- | C] () -- E:\Windows\PE_Rom.dll
[2012/08/02 22:22:00 | 000,056,140 | ---- | C] () -- E:\Windows\Ascd_log.ini
[2012/08/02 22:21:27 | 000,011,456 | R--- | C] () -- E:\Windows\System32\drivers\AsIO.sys
[2012/08/02 22:21:25 | 000,011,832 | ---- | C] () -- E:\Windows\System32\drivers\AsInsHelp64.sys
[2012/07/21 22:32:35 | 000,066,048 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2012/07/21 13:48:54 | 000,017,408 | ---- | C] () -- E:\Users\darren\AppData\Local\WebpageIcons.db
[2012/07/21 00:29:42 | 000,001,332 | R--- | C] () -- E:\Windows\System32\drivers\DTSU2P.DAT
[2012/07/21 00:29:33 | 000,238,448 | ---- | C] () -- E:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/21 00:27:24 | 000,001,769 | ---- | C] () -- E:\Windows\Language_trs.ini
[2012/07/21 00:27:12 | 000,041,993 | ---- | C] () -- E:\Windows\Ascd_tmp.ini
[2012/03/20 00:37:12 | 000,755,188 | ---- | C] () -- E:\Windows\System32\igkrng700.bin
[2012/03/20 00:37:12 | 000,561,508 | ---- | C] () -- E:\Windows\System32\igfcg700m.bin
[2012/03/20 00:25:58 | 000,058,880 | ---- | C] () -- E:\Windows\System32\igdde32.dll
[2012/03/19 23:23:38 | 013,024,256 | ---- | C] () -- E:\Windows\System32\ig7icd32.dll
[2012/03/19 23:11:22 | 000,009,216 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[2012/03/19 23:09:28 | 000,000,264 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2012/03/19 23:09:08 | 000,094,208 | ---- | C] () -- E:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- E:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

Link to post
Share on other sites

Run OTL

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1921215017-14310540-2123050349-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
HKEY_USERS\S-1-5-21-1921215017-14310540-2123050349-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1921215017-14310540-2123050349-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1921215017-14310540-2123050349-1004\Software\Microsoft\Internet Explorer\SearchScopes\{700F9637-8FFE-4759-ACDA-902AA7E96400}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{700F9637-8FFE-4759-ACDA-902AA7E96400}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\Users\darren\Desktop\cmd.bat deleted successfully.
E:\Users\darren\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: darren
->Temp folder emptied: 2606049743 bytes
->Temporary Internet Files folder emptied: 242011278 bytes
->Java cache emptied: 986898 bytes
->Flash cache emptied: 1374 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Henry
->Temp folder emptied: 163330992 bytes
->Temporary Internet Files folder emptied: 671994315 bytes
->Java cache emptied: 193017 bytes
->FireFox cache emptied: 444042703 bytes
->Flash cache emptied: 39765 bytes
 
User: Jo
->Temp folder emptied: 37658963 bytes
->Temporary Internet Files folder emptied: 598901786 bytes
->Java cache emptied: 2633961 bytes
->FireFox cache emptied: 80336096 bytes
->Flash cache emptied: 17529 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 679120692 bytes
RecycleBin emptied: 11844866632 bytes
 
Total Files Cleaned = 16,567.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09172013_221920

Files\Folders moved on Reboot...
E:\Users\darren\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder E:\Users\darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{25B86FBD-77FB-4340-A2DA-B27E09F9DF70}.tmp not found!
File\Folder E:\Users\darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{54288C23-B5AB-4E86-99AC-00D6B45BDE8F}.tmp not found!
File\Folder E:\Users\darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D1683C6-CD7D-4D8E-8D6D-C3F94100A5E3}.tmp not found!
File\Folder E:\Users\darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6E3F9CF1-1405-4FC3-8FF1-016DE70FDDF5}.tmp not found!
File\Folder E:\Users\darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DE3F9145-3A1C-47D0-BB62-C312CA42E0D9}.tmp not found!
E:\Users\darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder E:\Users\Henry\AppData\Local\Temp\~DFF786BE6FD9DBB338.TMP not found!
File\Folder E:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0F4A7821-C5FE-4975-88CD-0909A99EA4C5}.tmp not found!
File\Folder E:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3F39B27B-DC47-4A8C-B437-2B9E4673C550}.tmp not found!
File\Folder E:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C420126A-4312-4EFF-8898-3AEA5BFD9E25}.tmp not found!
File\Folder E:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ECC8E422-5370-4947-8CED-E8FCE97023C1}.tmp not found!
File\Folder E:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EE2248A9-E50B-45E6-905E-B5FA43CAFE52}.tmp not found!
E:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Its difficult to know if the underlying issue has been resolved.  The symptoms I saw were the home page being reset to Delta search, and new tabs opening to Delta search.  I have reset these back to Google now and have stayed set correctly.  I also noticed the other day that some of my firefox add-ons were also disabled such as Kaspersky URL adviser, WOT, safe money, content blocker, etc. which I presumed was the viruses work.  I dont seem to have an option to renable them.  I have subsequently renabled WOT, as that was at least throwing up a warning about the Delta search site when opening a new tab etc.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.