We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack This
Comments
-
What happens if you leave it? It's okay to freeze if it eventually works.
Try in safe mode.
Did you check for bad sectors?0 -
What happens if you leave it? It's okay to freeze if it eventually works.
Try in safe mode.
Did you check for bad sectors?
Next I am going to:
Uninstall Kaspersky > reboot > do a checkdisk > re-install Kaspersky > reboot > update databases > reboot.
Then OTL in safe mode - then report back0 -
OTL logfile created on: 23/07/2011 13:39:40 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\andy\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.69% Memory free
6.19 Gb Paging File | 5.86 Gb Available in Paging File | 94.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 158.44 Gb Free Space | 55.01% Space Free | Partition Type: NTFS
Drive
| 298.09 Gb Total Space | 130.93 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.98 Gb Free Space | 59.83% Space Free | Partition Type: NTFS
Computer Name: ANDY-PC | User Name: andy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/21 23:41:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\andy\Downloads\OTL.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/07/21 23:41:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\andy\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/04/12 10:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel(R)
SRV - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2007/06/27 11:15:40 | 000,036,056 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/06/27 11:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel(R)
SRV - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel(R)
SRV - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2005/09/10 00:19:26 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- crypserv.exe -- (Crypkey License)
0 -
========== Driver Services (SafeList) ==========
DRV - [2011/07/23 10:33:25 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/04/22 21:58:55 | 000,021,528 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcfaxio.sys -- (HPFXFAX)
DRV - [2010/04/22 21:58:55 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/03 12:10:24 | 001,148,416 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/02/29 21:11:37 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/11/20 08:20:32 | 001,034,496 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/11/02 06:56:44 | 003,151,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/11/02 06:56:44 | 003,151,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/27 11:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/04/29 09:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/02/18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2004/07/30 01:35:52 | 000,031,654 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com
.12.2.16749
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: textcomplete@cfavatar.com:0.9.9.4
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:2.2
FF - prefs.js..extensions.enabledItems: {f69e22c7-bc50-414a-9269-0f5c344cd94c}:0.8
FF - prefs.js..extensions.enabledItems: 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org:1.1.5
FF - prefs.js..extensions.enabledItems: {FBFB7597-9E32-46b4-A500-8B6B0412777F}:0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: engine@conduit.com.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.389
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.389
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.389
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/!!!!!!!!!!,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\andy\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\andy\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\andy\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/08/20 12:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011/07/23 10:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011/07/23 10:36:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011/07/23 10:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/20 10:01:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/20 10:01:09 | 000,000,000 | ---D | M]
[2009/12/07 00:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\Mozilla\Extensions
[2009/12/07 00:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/07/23 10:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions
[2010/11/30 10:16:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/08/22 14:37:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 12:02:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(168)
[2010/07/17 21:28:36 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/07/16 02:04:58 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/07 12:22:27 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}(169)
[2011/05/07 12:22:27 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(170)
[2011/05/07 20:51:39 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2011/05/07 21:04:07 | 000,000,000 | ---D | M] (Zoom toolbar) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
[2011/05/07 21:00:50 | 000,000,000 | ---D | M] (Page Zoom Buttons) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org
[2011/05/07 12:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\autofillForms@blueimp(164).net
[2011/05/07 19:44:42 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\autofillForms@blueimp.net
[2011/05/07 12:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\autopager@mozilla(165).org
[2011/05/07 19:44:42 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\autopager@mozilla.org
[2011/05/07 12:02:10 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\en-GB@dictionaries.addons.mozilla(166).org
[2011/07/16 02:04:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\engine@conduit.com
[2011/05/07 12:02:16 | 000,000,000 | ---D | M] (Paste Email Plus) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\pasteemailplus@guid.customsoftwareconsult(167).com
[2009/08/20 11:53:33 | 000,000,000 | ---D | M] ("Text Complete") -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\textcomplete@cfavatar.com
[2011/05/29 00:05:35 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\toolbar@ask.com
[2011/05/07 20:48:19 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\ei7q1uty.default\extensions\zoompage@DW-dev
[2011/07/20 10:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/20 12:29:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 12:30:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/11 15:41:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 16:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/21 06:55:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/03 04:54:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/16 13:42:42 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011/05/16 13:42:42 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2011/07/23 10:35:56 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU
[2011/07/23 10:36:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2011/07/23 10:36:38 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2009/08/20 12:08:26 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2009/09/28 16:16:15 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol308.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/08 05:49:46 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/07/08 05:49:46 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/07/08 05:49:46 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/07/08 05:49:46 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml0 -
O1 HOSTS File: ([2010/11/12 16:59:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHFMSetLoginStatus.exe ()
O4 - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\K:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/23 10:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011/07/23 10:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/07/23 10:33:25 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/23 09:27:24 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{7CD2D134-6620-4687-AD32-14755E2D0750}
[2011/07/23 02:16:25 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{949CB6B8-BBD9-4311-A26A-793DF8D21DF5}
[2011/07/22 22:16:04 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{B4B1343E-50F7-43B9-AF40-D97AC7AB8188}
[2011/07/22 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{AFB01330-673C-4152-B68E-1DA38EE37465}
[2011/07/21 22:16:36 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{6EC8EE3B-DD50-4FEF-A63A-C2B3CA9BD8E6}
[2011/07/21 20:38:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/21 20:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/21 20:38:07 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/21 20:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/21 09:19:09 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{2392369C-6A9B-4F24-ABE2-5C5DCFE92C37}
[2011/07/20 10:57:16 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/19 09:16:34 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{B0C629F6-E52D-48C0-9B39-F22189C2AC86}
[2011/07/18 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{1FE21946-0EBC-489E-A8E6-19AC93EDD459}
[2011/07/17 23:34:15 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{5D3105A9-DD14-4905-AF57-2ACF708BB2F4}
[2011/07/16 23:33:12 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{2D28B50D-0B9F-459A-8789-B56207F5B3CA}
[2011/07/16 10:28:48 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{0C59BBB1-B78A-467F-B2DB-B4E9564913B6}
[2011/07/16 02:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/07/16 02:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/07/16 02:04:54 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\Conduit
[2011/07/16 02:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/07/16 02:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/07/16 02:03:46 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\uTorrent
[2011/07/16 02:03:46 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\uTorrent
[2011/07/15 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{27D3FA3B-4169-404F-A41D-1388284B6B04}
[2011/07/15 10:27:21 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{36A78843-553B-460E-9759-2DF25EDA593A}
[2011/07/14 22:26:29 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{89860943-6B62-4843-B5CF-42CF8D5E5B20}
[2011/07/14 10:24:11 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{0B72A48E-6A9B-404B-AB76-5E437594764C}
[2011/07/13 22:23:36 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{5EC63728-F657-408A-BE50-8FBDF8237ADA}
[2011/07/13 10:23:02 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{352FD0D7-DEA5-48B3-994B-7F4D6D617B8D}
[2011/07/12 22:22:39 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{5BA65C66-74A6-46FA-90B6-890C19A86712}
[2011/07/12 10:22:17 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{674E91E0-8FC3-4B88-BCCC-EFBFE194426F}
[2011/07/11 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{6AB49EA9-793E-44E4-A62B-19EA5D7AC37F}
[2011/07/11 10:21:21 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{1DF4B56B-A015-45E5-A8C3-A7848A6B1179}
[2011/07/10 22:08:56 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{39A97882-8B65-4A3D-BFDD-98CED6F9F155}
[2011/07/10 10:08:34 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{4FF2EED7-A8AA-46E2-A56D-B5A0CD1AF642}
[2011/07/09 22:08:11 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{1EB803A1-65D4-4AAA-ABA4-CEAC8746BE75}
[2011/07/09 10:07:49 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{746CA425-2DC0-4AB9-A0BA-2E16F5B59341}
[2011/07/08 22:07:14 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{4BAB3A44-5940-4696-894B-1ACF2E086645}
[2011/07/08 10:06:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{4544F69B-8B2B-4F7E-91B6-96A704A38001}
[2011/07/07 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{692DC053-87B9-4E72-A54C-CDEB8CD6496F}
[2011/07/07 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{00819577-9977-4CB3-A0B1-E0DAF9D4FA37}
[2011/07/06 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{CDE3A95F-D334-4AF8-8C67-DE188A995AA1}
[2011/07/06 10:05:00 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{4003A1B5-6BFD-4EF8-9128-8CB1E2A6F22F}
[2011/07/05 22:04:26 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{90EFA838-E99D-4E12-A634-04559D71C232}
[2011/07/05 10:04:04 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{6333879B-0448-4959-A5D6-8B56F48AA0BA}
[2011/07/04 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{95A0A90B-0AAD-40A9-8CBA-D80B9A6A8545}
[2011/07/04 10:03:17 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{7990DE03-B899-4914-9452-80ED9C825AE2}
[2011/07/03 22:02:54 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{105EC4DB-FD63-42E0-A0B3-33572E919DE1}
[2011/07/03 10:02:29 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{581B81CB-14C4-4719-8909-00CB4EDFF78B}
[2011/07/03 04:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/03 04:53:31 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\PokerStars
[2011/07/03 04:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2011/07/03 04:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011/07/02 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{52032800-D6A5-4215-976B-54C05E994F10}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/23 13:38:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/23 13:36:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/23 13:36:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/23 13:36:19 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 13:33:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 13:26:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3448547528-3490095234-1345101746-1001UA.job
[2011/07/23 10:37:46 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/23 10:37:46 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/23 10:33:25 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/07/23 03:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3448547528-3490095234-1345101746-1001Core.job
[2011/07/22 21:59:46 | 000,380,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/21 22:49:51 | 000,240,336 | ---- | M] () -- C:\Users\andy\Desktop\GetSystemInfo_ANDY-PC_andy_2011_07_21_22_48_05.zip
[2011/07/21 20:57:07 | 000,001,356 | ---- | M] () -- C:\Users\andy\AppData\Local\d3d9caps.dat
[2011/07/21 20:38:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/21 09:55:12 | 000,098,816 | ---- | M] () -- C:\Users\andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/20 10:14:54 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/07/20 10:06:02 | 000,000,740 | ---- | M] () -- C:\Users\andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/07/20 10:06:02 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/07/20 10:01:11 | 000,001,750 | ---- | M] () -- C:\Users\andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/20 10:01:11 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/19 13:13:16 | 003,254,967 | ---- | M] () -- C:\Users\andy\Desktop\506d.pdf
[2011/07/16 20:17:01 | 000,235,791 | ---- | M] () -- C:\Users\andy\Desktop\GetSystemInfo_ANDY-PC_andy_2011_07_16_20_14_57.zip
[2011/07/16 13:39:39 | 000,017,408 | ---- | M] () -- C:\Users\andy\AppData\Local\WebpageIcons.db
[2011/07/16 02:04:42 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/07 15:13:04 | 000,181,285 | ---- | M] () -- C:\Users\andy\Desktop\Scank5656.pdf
[2011/07/07 15:12:13 | 000,336,573 | ---- | M] () -- C:\Users\andy\Desktop\Scank555.pdf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/05 16:38:25 | 010,408,108 | ---- | M] () -- C:\Users\andy\Desktop\Dentons222.tif
[2011/07/05 16:36:15 | 010,408,108 | ---- | M] () -- C:\Users\andy\Desktop\Dentons.tif
[2011/07/05 16:15:50 | 010,408,108 | R--- | M] () -- C:\Users\andy\Desktop\Dentons to Hassibeh 11 April 2011 001 (2).tif
[2011/07/05 15:01:17 | 000,387,810 | ---- | M] () -- C:\Users\andy\Desktop\Scank4.pdf
[2011/07/03 04:53:29 | 000,000,884 | ---- | M] () -- C:\Users\andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2011/07/03 04:53:29 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2011/07/03 04:42:13 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/07/03 03:07:56 | 000,325,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/03 03:07:56 | 000,044,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========0 -
[2011/07/23 10:37:46 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/07/23 10:37:46 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/07/21 22:48:57 | 000,240,336 | ---- | C] () -- C:\Users\andy\Desktop\GetSystemInfo_ANDY-PC_andy_2011_07_21_22_48_05.zip
[2011/07/21 20:38:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/20 10:14:54 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/07/20 10:06:02 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/07/20 10:01:11 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/19 13:13:13 | 003,254,967 | ---- | C] () -- C:\Users\andy\Desktop\506d.pdf
[2011/07/16 20:16:02 | 000,235,791 | ---- | C] () -- C:\Users\andy\Desktop\GetSystemInfo_ANDY-PC_andy_2011_07_16_20_14_57.zip
[2011/07/16 13:39:36 | 000,017,408 | ---- | C] () -- C:\Users\andy\AppData\Local\WebpageIcons.db
[2011/07/16 02:04:42 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/07 15:13:03 | 000,181,285 | ---- | C] () -- C:\Users\andy\Desktop\Scank5656.pdf
[2011/07/07 15:12:12 | 000,336,573 | ---- | C] () -- C:\Users\andy\Desktop\Scank555.pdf
[2011/07/05 16:38:25 | 010,408,108 | ---- | C] () -- C:\Users\andy\Desktop\Dentons222.tif
[2011/07/05 16:36:15 | 010,408,108 | ---- | C] () -- C:\Users\andy\Desktop\Dentons.tif
[2011/07/05 16:15:50 | 010,408,108 | R--- | C] () -- C:\Users\andy\Desktop\Dentons to Hassibeh 11 April 2011 001 (2).tif
[2011/07/05 15:01:16 | 000,387,810 | ---- | C] () -- C:\Users\andy\Desktop\Scank4.pdf
[2011/07/03 04:53:29 | 000,000,884 | ---- | C] () -- C:\Users\andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2011/07/03 04:53:29 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2011/07/03 04:42:13 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/07/03 04:42:13 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/01/06 23:14:08 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011/01/06 23:14:08 | 000,000,256 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2010/11/12 16:52:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/12 16:52:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/12 16:52:31 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/12 16:52:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/12 16:52:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/16 15:26:16 | 000,003,118 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2010/05/16 15:21:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/05/16 15:21:01 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/04/22 22:24:05 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2010/04/22 22:21:51 | 000,000,075 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/04/22 22:21:43 | 000,031,654 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010/04/22 22:21:42 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/04/22 22:21:42 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/04/22 22:21:42 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/04/21 16:34:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/21 16:33:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/21 16:33:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/16 12:44:52 | 000,003,235 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/21 04:04:26 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2008/11/13 07:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/10/18 22:13:22 | 000,001,356 | ---- | C] () -- C:\Users\andy\AppData\Local\d3d9caps.dat
[2008/06/09 13:47:21 | 000,004,096 | -H-- | C] () -- C:\Users\andy\AppData\Local\keyfile3.drm
[2008/03/30 16:57:17 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008/03/30 01:45:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/30 00:40:16 | 000,098,816 | ---- | C] () -- C:\Users\andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/30 00:36:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/01 04:48:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/01 04:48:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/01 04:48:16 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/01 04:48:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/03/01 04:48:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2008/03/01 04:48:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/03/01 04:48:14 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/01 04:48:14 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/01 04:48:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/03/01 04:48:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/01 04:48:12 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/29 20:53:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,380,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,325,650 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,044,196 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/03/08 07:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2011/01/07 02:48:36 | 000,000,000 | -HSD | M] -- C:\Users\andy\AppData\Roaming\.#
[2008/12/18 23:31:44 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\Azureus
[2009/08/16 12:02:24 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/04/28 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\Canon
[2011/03/28 07:59:36 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\FrostWire
[2011/07/14 19:27:12 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\LimeWire
[2008/03/30 13:08:18 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\Opera
[2009/04/18 17:39:15 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\Qualcomm
[2010/11/01 03:55:00 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\Uniblue
[2011/07/23 13:34:21 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\uTorrent
[2008/06/25 22:51:27 | 000,000,000 | ---D | M] -- C:\Users\andy\AppData\Roaming\Zylom
[2011/07/23 13:34:49 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2010/04/23 09:11:43 | 000,000,000 | ---D | M](C:\Windows\System32\?d?d?d?d) -- C:\Windows\System32\đđđđ
[2010/04/23 09:11:43 | 000,000,000 | ---D | C](C:\Windows\System32\?d?d?d?d) -- C:\Windows\System32\đđđđ
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FA7797CA
< End of report >0 -
Thanks for that. If you don't know already, you can see the result of the CHKDSK if you go into Event Viewer, then look in Windows Logs > Application, and look for Winnit. Main thing is to check for bad sectors.
Looking at Firefox:
Firefox extensions: Ask Toolbar, uTorrentbar, Conduit Engine can all be uninstalled (in Firefox, Tools > Addons/Extension). Also see if you can uninstall them from Control Panel > Programs and features
You can disable other extensions/addons that you aren't using as well.
There's a load of old Java Consoles, so you might run Javara (http://raproducts.org/wordpress/software) to remove old entries. Afterwards double check that all the old Java Consoles are gone from Firefox. Personally I would uninstall Sun Java completely, as it's a big security risk and little benefit if nothing on the computer actually uses it.
It might also be worthwhile to go into the Plugins area of Firefox, and disable a number of the plugins that aren't in use - can make a big difference.
Noticed Uniblue on there - I'd uninstall any Uniblue products if you haven't already, as they are generally known as a rogue company, and their products can cause more harm than good.
Internet Explorer is out of date (should be IE9 even if you don't use it, as the engine can be used by other applications). Adobe Reader looks to be out of date as well, so definitely worth updating when you can.0 -
Can't find much information on that particular ADS.0
-
Thanks for that. If you don't know already, you can see the result of the CHKDSK if you go into Event Viewer, then look in Windows Logs > Application, and look for Winnit. Main thing is to check for bad sectors.
Looking at Firefox:
Firefox extensions: Ask Toolbar, uTorrentbar, Conduit Engine can all be uninstalled (in Firefox, Tools > Addons/Extension). Also see if you can uninstall them from Control Panel > Programs and features
You can disable other extensions/addons that you aren't using as well.
There's a load of old Java Consoles, so you might run Javara (http://raproducts.org/wordpress/software) to remove old entries. Afterwards double check that all the old Java Consoles are gone from Firefox. Personally I would uninstall Sun Java completely, as it's a big security risk and little benefit if nothing on the computer actually uses it.
It might also be worthwhile to go into the Plugins area of Firefox, and disable a number of the plugins that aren't in use - can make a big difference.
Noticed Uniblue on there - I'd uninstall any Uniblue products if you haven't already, as they are generally known as a rogue company, and their products can cause more harm than good.
Internet Explorer is out of date (should be IE9 even if you don't use it, as the engine can be used by other applications). Adobe Reader looks to be out of date as well, so definitely worth updating when you can.
OK here goes
Did not understand the Event Viewer Results (being honest) but I know there were bad clusters
Firefox - have done as you advised
I need Java as I play some games on Yahoo
Internet Explorer updated
How do I uninstall the Uniblue product I cannot even find it?
I tried the PureRa and it basically did what it said it would do
Adobe also updated
Do I need to post anymore logs here?0 -
Just triple checking, when you ran chkdsk did you select all the options like this:
Also could you please copy paste the Chkdsk log from from the eventvwr, mainly just this section:
63657530 KB total disk space.
35451404 KB in 112647 files.
63956 KB in 30289 indexes.
0 KB in bad sectors.
Just to be clear, was it Javara or PureRa that you ran? Or both? Definitely run Javara if you haven't, as it will update Java and remove old entries.
To remove Uniblue, go to Control Panel > Programs and Features. If it's not there, then perhaps it's been uninstalled in the past. Do both 'Check for Updates' and 'Remove old versions'.
How is the computer running by the way?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards