Random "gunshot" sound effect from laptop - virus?

The Reamer · 30-01-2013 2:03pm #1

Hey there.

I have a Samsung R60 plus running Windows 7 Home Premium as an upgrade from Vista.
The last few days I've been having this really wierd problem and I think it may be a virus or malware of some form.
Basically I am getting random sounds coming from the speakers at random intervals despite no internet browser window or any other multimedia program open. It even happens with everything closed and just with the desktop up.

I have heard a few audio only adverts but 90% of what I am getting is a sound which I think is best described as a gunshot. From the quality of the gunshot sound I would think it's a .wav or .mp3 rather that a computer generated sound. Very similar to this sound http://www.youtube.com/watch?v=aaOjDewD3Po

It occurs infrequently at first, but then becomes more frequent with occasional random "bursts of fire" with 4 or 5 gunshot sounds in quick succession.

Other than being plain annoying, it doesn't appear to cause any other visible effect.

I have updated windows and installed Microsoft Security Essentials with up to date definitions. It found 4 risk items in a full scan:
Worm: Silly_P2P.B C:\Windows\c20232.exe
and three instances of a Java Blocole exploit.

These were removed successfully but the random gunshot sounds persist.

This is an odd one folks. Any advice would be much appreciated.
Thanks

ASJ112 · 30-01-2013 2:07pm

can you post the MSE log

do this too

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

it is virus related

The Reamer · 30-01-2013 2:09pm

Thanks for such a prompt response!

I thought it would be a virus alright. I'll get right on that and post back shortly.

Here's the Logs from MSE: (they were taken from the Events Viewer)

Name: Worm:Win32/Silly_P2P.B
ID: 2147617930
Severity: Severe
Category: Worm
Path: file:_C:\Windows\c20232.exe

Name: Exploit:Java/CVE-2012-0507
ID: 2147655229
Severity: Severe
Category: Exploit
Path: file:_C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\37c8c6fa-74283e8a

Name: Exploit:Java/Blacole.ET
ID: 2147655031
Severity: Severe
Category: Exploit
Path: file:_C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\37c8c6fa-74283e8a

Name: Exploit:Java/Blacole.FN
ID: 2147657008
Severity: Severe
Category: Exploit
Path: file:_C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\37c8c6fa-74283e8a

User: Samsung_R60\J. Lonergan
Signature Version: AV: 1.143.1078.0, AS: 1.143.1078.0
Engine Version: 1.1.9103.0

MSE successfully removed these after I fully scanned last night.

...And the QTL log to follow when the scan's completed.:

The Reamer · 30-01-2013 2:33pm

OTL logfile created on: 30/01/2013 13:12:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\J. Lonergan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 54.67% Memory free
3.50 Gb Paging File | 2.11 Gb Available in Paging File | 60.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.05 Gb Total Space | 40.05 Gb Free Space | 58.00% Space Free | Partition Type: NTFS
Drive

| 70.00 Gb Total Space | 69.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: SAMSUNG_R60 | User Name: J. Lonergan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 13:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J. Lonergan\Desktop\OTL.exe
PRC - [2013/01/11 14:49:06 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\J. Lonergan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/23 17:32:20 | 001,632,216 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/23 22:07:32 | 000,091,648 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe
PRC - [2009/12/22 09:17:04 | 000,225,280 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009/12/22 09:13:06 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/09/08 08:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/07/08 03:27:50 | 006,273,568 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/28 23:15:06 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

========== Modules (No Company Name) ==========

MOD - [2007/02/23 09:32:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Samsung\EBM\ChkSec.dll
MOD - [2006/08/12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV - [2013/01/28 19:04:43 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/16 20:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/23 21:30:31 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/29 20:20:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/22 09:17:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/01/30 08:10:40 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AE4B5EE-BAE6-416D-BD3D-408F0846EAF5}\MpKsl715b1f9b.sys -- (MpKsl715b1f9b)
DRV - [2012/12/19 15:36:10 | 000,104,872 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/12/19 15:35:16 | 000,084,904 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/04/09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/04/07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/03/25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 22:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/12/01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/17 02:58:20 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007/04/26 01:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\..\SearchScopes,DefaultScope = {28BF2332-BDDC-4F3D-A28C-62D2036EB67E}
IE - HKCU\..\SearchScopes\{28BF2332-BDDC-4F3D-A28C-62D2036EB67E}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 18:55:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/19 14:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/10/26 19:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J. Lonergan\AppData\Roaming\Mozilla\Extensions
[2013/01/28 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/16 20:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/16 20:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/16 20:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4C350B19-6CA1-4569-B14C-296D8D65300B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\J. Lonergan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vizzed.com ([www] https in Trusted sites)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/getmodule.aspx?lang=en (DjVuCtl Class)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 157.190.22.182 157.190.23.55 157.190.22.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A042B67-25F1-435E-A9F6-B92C359D6581}: DhcpNameServer = 157.190.22.182 157.190.23.55 157.190.22.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F90B6120-35A6-483D-B3D2-89690019C166}: NameServer = 62.40.32.33 8.8.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/23 20:58:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10e6d5c5-e0e5-11df-94e2-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{10e6d5c5-e0e5-11df-94e2-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10e6d5e9-e0e5-11df-94e2-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{10e6d5e9-e0e5-11df-94e2-00137763f795}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{28150ec1-0001-11e2-a122-90f782d56abf}\Shell - "" = AutoRun
O33 - MountPoints2\{28150ec1-0001-11e2-a122-90f782d56abf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3036c031-abcd-11df-b48e-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{3036c031-abcd-11df-b48e-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\Shell - "" = AutoRun
O33 - MountPoints2\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\Shell - "" = AutoRun
O33 - MountPoints2\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d9776a13-5022-11e2-8fa5-967db84d3f49}\Shell - "" = AutoRun
O33 - MountPoints2\{d9776a13-5022-11e2-8fa5-967db84d3f49}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\Shell - "" = AutoRun
O33 - MountPoints2\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\Shell - "" = AutoRun
O33 - MountPoints2\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebb9e315-cee8-11de-80b0-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9e315-cee8-11de-80b0-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebb9e317-cee8-11de-80b0-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9e317-cee8-11de-80b0-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebb9e31a-cee8-11de-80b0-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9e31a-cee8-11de-80b0-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ee19981a-2453-11df-9f79-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ee19981a-2453-11df-9f79-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 13:15:59 | 000,000,000 | R--D | C] -- C:\Users\J. Lonergan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/01/30 13:11:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\J. Lonergan\Desktop\OTL.exe
[2013/01/30 11:27:40 | 000,000,000 | ---D | C] -- C:\Users\J. Lonergan\AppData\Roaming\Thunderbird
[2013/01/30 11:27:40 | 000,000,000 | ---D | C] -- C:\Users\J. Lonergan\AppData\Local\Thunderbird
[2013/01/29 19:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/29 18:58:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/01/29 18:57:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/01/29 18:52:39 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/01/29 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\J. Lonergan\AppData\Local\Apps
[2013/01/29 17:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2013/01/29 17:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2013/01/29 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\J. Lonergan\AppData\Local\Programs
[2013/01/28 19:01:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013/01/28 18:57:24 | 000,000,000 | ---D | C] -- C:\Users\J. Lonergan\AppData\Local\Macromedia
[2013/01/28 18:56:03 | 000,000,000 | ---D | C] -- C:\Users\J. Lonergan\AppData\Local\Mozilla
[2013/01/28 18:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/28 18:17:54 | 000,000,000 | ---D | C] -- C:\Users\J. Lonergan\AppData\Local\ElevatedDiagnostics
[2013/01/11 21:47:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/01/11 21:47:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/11 21:47:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/11 21:47:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/11 21:47:18 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/11 21:47:18 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/01/11 21:47:18 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/01/11 21:47:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/01/11 21:47:18 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/01/11 21:47:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/11 21:47:18 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/01/11 21:47:18 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/01/11 21:47:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/11 21:47:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/01/11 21:47:18 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/01/11 21:47:18 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/01/11 21:47:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/01/11 21:47:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/01/11 21:47:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/11 21:47:18 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/01/11 21:47:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/01/11 21:47:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/01/11 21:47:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/01/11 21:47:18 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/01/11 21:47:18 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/01/11 21:47:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/01/11 21:47:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/01/11 21:47:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/01/11 21:47:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/01/11 21:47:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/11 21:47:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/01/11 21:47:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/01/11 21:47:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/01/11 21:47:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/01/11 21:47:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/01/11 21:47:18 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/01/11 21:47:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/01/11 21:29:54 | 000,000,000 | R--D | C] -- C:\Users\J. Lonergan\Links
[2013/01/11 17:53:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/11 17:53:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/01/11 16:36:17 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/01/11 16:36:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/01/11 16:35:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/01/11 16:34:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/01/11 16:34:58 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/01/11 16:01:20 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013/01/11 16:00:35 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/11 16:00:35 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/11 16:00:35 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/11 16:00:35 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/11 16:00:35 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/11 16:00:35 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/11 16:00:35 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/11 16:00:35 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/11 16:00:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/11 16:00:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/11 16:00:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/11 16:00:33 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/11 16:00:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/11 16:00:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/11 16:00:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/11 16:00:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/11 15:59:15 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/11 15:59:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/11 15:59:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/11 15:59:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/11 15:59:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/11 15:59:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/11 15:59:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/11 15:59:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/11 15:59:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/11 15:59:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/11 15:59:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/11 15:59:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/11 15:58:30 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/11 15:58:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2013/01/11 15:58:11 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/01/11 15:57:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013/01/11 15:57:52 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2013/01/11 15:57:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/01/11 15:57:48 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/01/11 15:57:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/01/11 15:57:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/01/11 15:57:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/01/11 15:57:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/01/11 15:57:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/11 15:57:38 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2013/01/11 15:57:37 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013/01/11 15:57:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013/01/11 15:57:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013/01/11 15:57:31 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/01/11 15:57:31 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/01/11 15:57:29 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/01/11 15:57:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2013/01/11 15:57:27 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2013/01/11 15:57:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013/01/11 15:57:22 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/01/11 15:57:22 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/01/11 15:57:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/01/11 15:57:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2013/01/11 15:57:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013/01/11 15:57:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013/01/11 15:57:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013/01/11 15:57:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013/01/11 15:57:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2013/01/11 15:57:13 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2013/01/11 15:57:09 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2013/01/11 15:57:09 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013/01/11 15:57:08 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2013/01/11 15:57:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2013/01/11 15:57:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2013/01/11 15:57:02 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013/01/11 15:57:01 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013/01/11 15:57:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013/01/11 15:57:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013/01/11 15:57:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013/01/11 15:56:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013/01/11 15:56:55 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/01/11 15:56:43 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2013/01/11 15:56:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2013/01/11 15:56:27 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013/01/11 15:56:25 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013/01/11 15:56:25 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013/01/11 15:56:22 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/01/11 15:56:17 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/01/11 15:56:13 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/01/11 15:55:57 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/01/11 15:55:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013/01/11 15:55:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013/01/11 15:55:47 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013/01/11 15:31:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/01/11 15:30:16 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/01/11 15:30:16 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/01/11 15:17:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/01/11 15:17:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/01/11 15:17:18 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/01/11 15:17:18 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/01/11 15:17:18 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/01/11 15:17:12 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/01/11 15:17:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/01/11 14:55:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2013/01/30 13:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J. Lonergan\Desktop\OTL.exe
[2013/01/30 12:49:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/30 11:28:03 | 000,002,016 | ---- | M] () -- C:\Users\J. Lonergan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/01/30 08:10:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/29 19:36:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/29 18:57:29 | 000,667,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/29 18:57:29 | 000,126,328 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/29 18:10:08 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 18:10:08 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 17:30:52 | 1407,844,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 17:03:49 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2013/01/28 19:04:43 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/28 19:04:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/28 08:30:22 | 000,001,367 | ---- | M] () -- C:\Users\J. Lonergan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/11 21:47:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/01/11 21:47:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/11 21:47:18 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/11 21:47:18 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/11 21:47:18 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/11 21:47:18 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/01/11 21:47:18 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/01/11 21:47:18 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/01/11 21:47:18 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/01/11 21:47:18 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/11 21:47:18 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/01/11 21:47:18 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/01/11 21:47:18 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/11 21:47:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/01/11 21:47:18 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/01/11 21:47:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/01/11 21:47:18 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/01/11 21:47:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/01/11 21:47:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/11 21:47:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/01/11 21:47:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/01/11 21:47:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/01/11 21:47:18 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/01/11 21:47:18 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/01/11 21:47:18 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/01/11 21:47:18 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/01/11 21:47:18 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/01/11 21:47:18 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/01/11 21:47:18 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/01/11 21:47:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/01/11 21:47:18 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/11 21:47:18 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/01/11 21:47:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/01/11 21:47:18 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/01/11 21:47:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/01/11 21:47:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/01/11 21:47:18 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/01/11 21:47:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/01/11 20:54:22 | 000,508,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/11 15:12:21 | 000,000,134 | ---- | M] () -- C:\Users\J. Lonergan\Desktop\Internet Explorer Troubleshooting.url
[2013/01/01 16:27:26 | 000,001,038 | ---- | M] () -- C:\Users\J. Lonergan\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2013/01/29 19:36:02 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/29 19:34:10 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/29 17:03:49 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2013/01/28 18:55:47 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/11 21:47:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/01/11 16:36:20 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/11 16:34:58 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/11 15:10:23 | 000,001,367 | ---- | C] () -- C:\Users\J. Lonergan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/11 15:10:22 | 000,001,373 | ---- | C] () -- C:\Users\J. Lonergan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/11 15:06:00 | 000,000,134 | ---- | C] () -- C:\Users\J. Lonergan\Desktop\Internet Explorer Troubleshooting.url
[2011/02/02 20:34:47 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/01/17 09:33:33 | 000,000,429 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/29 20:46:09 | 000,000,017 | ---- | C] () -- C:\Users\J. Lonergan\AppData\Local\resmon.resmoncfg
[2010/10/09 10:44:06 | 000,000,632 | RHS- | C] () -- C:\Users\J. Lonergan\ntuser.pol
[2010/05/10 18:47:43 | 000,009,216 | ---- | C] () -- C:\Users\J. Lonergan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
___________________________________________________________________

OTL Extras logfile created on: 30/01/2013 13:12:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\J. Lonergan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 54.67% Memory free
3.50 Gb Paging File | 2.11 Gb Available in Paging File | 60.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.05 Gb Total Space | 40.05 Gb Free Space | 58.00% Space Free | Partition Type: NTFS
Drive

| 70.00 Gb Total Space | 69.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: SAMSUNG_R60 | User Name: J. Lonergan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F52C958-54F0-413A-BF98-C999CE9D8C9D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{113B8FB0-A5A5-45C9-AE50-78AB7D8EAAEB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1237EDBE-B761-4247-94F6-0B90FEA0CC59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{146E1982-3806-4806-B720-81383B98E605}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1ED5708F-4234-424E-A252-94F991C2F7E1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B91B7C1-7B41-4017-98D4-22D8071D9C71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FDA2B0A-BE4E-4C51-92D4-E8EB98C3C03D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{321907C7-B978-486B-AA75-90D7361D235A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{36E630F2-9C5D-4CB8-9640-9435B9FAD076}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4083D095-63D5-48ED-BABA-589FC9286C1B}" = lport=26675 | protocol=6 | dir=in | [EMAIL="name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006"]name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006[/EMAIL] |
"{40BDE436-F343-4480-A235-150873E4C64A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{42FAC52B-9BBB-4F60-8A09-C945DDCA6304}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{444DECA8-CE38-4B2B-80E1-261DB56E3059}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{504FC5C1-182A-4C0D-8740-43F4D5FEEDE5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{55767159-402A-4775-B61B-8946FE3AF5C3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{62005B13-9531-401E-9978-19D302E98E97}" = lport=10243 | protocol=6 | dir=in | app=system |
"{71836DBE-6E25-4ECC-B332-B9AF3A2CE2FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7ADB3F6E-D2DF-4F74-9192-01659075E3D1}" = lport=26675 | protocol=6 | dir=in | [EMAIL="name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006"]name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006[/EMAIL] |
"{88F55CD9-1EF8-47C1-8575-FBEFFDBF1CE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96AD79EA-F95A-4D41-98E8-295D64A6AF20}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{AA3C3413-B8E7-4548-8DE0-A3DDC07951FC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B8E8A79A-470E-4C19-AD71-303143C13593}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9213B63-FD9D-40EE-BECE-9D3B5B1FD75E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2493871-7DF9-40F3-9F4E-9A3901F6DDC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0115A292-B308-44E5-B7C3-20D012FF500F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{01C25697-3D38-41AA-A4E0-F075B5D93CEA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{068B385E-9EFD-43E4-BDF5-83BB7E7D5BB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06C07A8D-4637-42CD-8FDD-2621781B3707}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{06F8E57A-8518-47D4-B070-2B19564A6334}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{091F4940-DBC4-49A3-997B-F2AEDBC08875}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0F3845A3-E2C9-4553-9A9A-B97E846492F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{102AFBCD-18DF-4694-B60A-9F54F55EBFD7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{134753B4-FF03-4055-A50E-BE1F86A34333}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22775D55-5E01-4846-83D4-DB589857346D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C83C96D-E057-4F91-B150-3C2172FF9175}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcfpswx.exe |
"{30414D94-5B5F-4028-880C-DD7E2A677EDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3285D0C5-06C7-4144-8A7C-ED6EFDDCD876}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32FD2BE4-79DF-4B2E-BF35-9616C360F208}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33FDD6AF-D8D5-433B-B3AB-F958ED57F1BF}" = protocol=17 | dir=in | app=c:\users\j. lonergan\appdata\roaming\dropbox\bin\dropbox.exe |
"{34CB48A2-6F2E-48E1-AB85-46CCA2840470}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B266E13-20A4-4894-B28C-3284F4BFA8C6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3E6C015C-80DD-4C1C-A516-66038196C6E8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{40CE4FF5-29AA-445B-8DA1-A96E7639A76D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{41DA409A-AF6A-4978-AA93-D3B2165C0DE0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{433FFFC0-9D53-4725-ABBD-F5905645068A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{44160B4C-0A84-428C-A868-F93177AD14C6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49652D15-B79A-401F-8AD7-08C3D6BD2987}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{559A59FA-26A4-4B50-9EE6-44DEF272B712}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{55D82E6A-D7A1-4137-8B55-E6F4A11586E4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{598FCDE8-A383-47D2-83B6-3C367F8054A7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5A56E253-00F6-4391-A2D2-A740655192DA}" = protocol=6 | dir=out | app=system |
"{66ACB3D5-3B2D-44B0-9058-979181BEE104}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67926570-23C1-4BE4-ACB3-01DD371D1269}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6BCE5BE5-D69D-4ED0-810F-EA9AB119BFA4}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{6E669F1E-2697-4C7F-A36D-3D2D03FFF094}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{72FC79DE-7138-4FA4-843E-A41A8D48BCCE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{75B63846-2AE1-47C1-AE36-BFF33F002658}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcfpswx.exe |
"{80221B0C-EA5F-466E-9AD1-F6F6B369F8B9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8094D51A-4875-48F7-AF62-EBAB5396D2A2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80BF3DCB-B607-4234-8CAE-F87B980BB61F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{81148A69-83CD-41DC-92DC-1FC7FFB9D756}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86F79964-27B9-4A5F-B1FE-2B28A0165F0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88443800-E629-420B-88FA-D28E8FDA70A0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C0B0EB5-F4A4-481B-8332-D57A90BFC17C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{913AAC78-6844-4754-B0C5-4EB1FE9AA62A}" = protocol=17 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{944CC294-8AC0-491E-BD22-927011D49282}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98F10A78-163D-4AFB-95B5-D6560F438B3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9F79F56B-A493-48A7-8835-9E854A98192D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A0541B16-80DD-4C2B-8787-46C232339FE9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A3EE85A1-140B-4186-AB90-5E5CCAEA2894}" = protocol=6 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{A92F3EA6-6F3B-4987-8882-88F74AFAB334}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9E0B21D-E3E5-489B-ABA0-A70AEA9DB7CE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC0955B3-D3BB-4A21-9A63-5743D50154D4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AEE4792B-69A4-48B8-8D5E-FD1DD0A26D71}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B225DD3D-3317-4EEE-8181-39863C1E8813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B66CE7F5-4E15-49E7-84FB-308EB153094D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B6EAD66E-E088-4945-A210-46CCE18C5AAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BE18F760-AB4C-4020-8871-BA3DD98160CD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C636745B-FD7C-4B2F-BC9D-A7AF3FFA94E1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CA7C78F8-5402-44A4-B54D-80840B2778C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE11CDEE-602E-4499-9411-FC47E7B37A26}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D9B302DC-1591-4235-A7BA-B034A35F9A44}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{DC2A26A3-AACD-4A20-A631-CFE04F033284}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E17811E0-3CB5-4339-889E-A6608F0E6103}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E1C13987-CCD8-4E4D-92A3-E3DBD6F2F6EF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E1D5C79C-FEF0-4F2B-AD85-96C6C9930325}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2C0A0B4-ED5B-41EB-8460-312BF54A454F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8D9D7A3-642E-4593-9EFB-A09A85716C1B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EAF7BF8A-75FF-4AC9-9E74-DF7FF686A212}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC8AE86D-EF43-463F-B137-DAB765B62AD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F496494D-A83B-4B50-8E0E-D55FA598146C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6D8B423-6503-4D8B-8BC3-85DFF5E22D7A}" = protocol=6 | dir=in | app=c:\users\j. lonergan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{09A72169-BF34-4950-A776-C7C661594DF2}C:\users\j. lonergan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\j. lonergan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1758C876-32D0-4038-A478-45DF5132B13D}C:\user

ASJ112 · 30-01-2013 7:17pm

open OTL copy and paste this in the custom scan/fixes box

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4C350B19-6CA1-4569-B14C-296D8D65300B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab (Reg Error: Key error.)
O33 - MountPoints2\{10e6d5c5-e0e5-11df-94e2-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{10e6d5c5-e0e5-11df-94e2-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10e6d5e9-e0e5-11df-94e2-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{10e6d5e9-e0e5-11df-94e2-00137763f795}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{28150ec1-0001-11e2-a122-90f782d56abf}\Shell - "" = AutoRun
O33 - MountPoints2\{28150ec1-0001-11e2-a122-90f782d56abf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3036c031-abcd-11df-b48e-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{3036c031-abcd-11df-b48e-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\Shell - "" = AutoRun
O33 - MountPoints2\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\Shell - "" = AutoRun
O33 - MountPoints2\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d9776a13-5022-11e2-8fa5-967db84d3f49}\Shell - "" = AutoRun
O33 - MountPoints2\{d9776a13-5022-11e2-8fa5-967db84d3f49}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\Shell - "" = AutoRun
O33 - MountPoints2\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\Shell - "" = AutoRun
O33 - MountPoints2\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebb9e315-cee8-11de-80b0-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9e315-cee8-11de-80b0-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebb9e317-cee8-11de-80b0-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9e317-cee8-11de-80b0-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebb9e31a-cee8-11de-80b0-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9e31a-cee8-11de-80b0-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ee19981a-2453-11df-9f79-00137763f795}\Shell - "" = AutoRun
O33 - MountPoints2\{ee19981a-2453-11df-9f79-00137763f795}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
C:\Windows\c20232.exe

click run fix post the log it gives.

reboot the pc, open OTL click the None button at the top, copy and paste this in the custom scan/fixes box

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
createrestorepoint
%systemroot%\*. /mp /s
C:\*.*
showhidden
C:\c2*.exe /s

click run scan post the log it gives.

The Reamer · 01-02-2013 7:29pm

Ok it was silent all day and I thought it had resoved but at abou 1630 i got a right blast of gunfire so obviously not.

Anyway, after running the first fix, the computer automatically rebooted and I got the following Log:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4C350B19-6CA1-4569-B14C-296D8D65300B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C350B19-6CA1-4569-B14C-296D8D65300B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e6d5c5-e0e5-11df-94e2-00137763f795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10e6d5c5-e0e5-11df-94e2-00137763f795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e6d5c5-e0e5-11df-94e2-00137763f795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10e6d5c5-e0e5-11df-94e2-00137763f795}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e6d5e9-e0e5-11df-94e2-00137763f795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10e6d5e9-e0e5-11df-94e2-00137763f795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10e6d5e9-e0e5-11df-94e2-00137763f795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10e6d5e9-e0e5-11df-94e2-00137763f795}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28150ec1-0001-11e2-a122-90f782d56abf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28150ec1-0001-11e2-a122-90f782d56abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28150ec1-0001-11e2-a122-90f782d56abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28150ec1-0001-11e2-a122-90f782d56abf}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3036c031-abcd-11df-b48e-00137763f795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3036c031-abcd-11df-b48e-00137763f795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3036c031-abcd-11df-b48e-00137763f795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3036c031-abcd-11df-b48e-00137763f795}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a01bf72-6bd5-11e1-84df-dfb35bc26eb1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59db6ba0-3615-11e0-a79d-923c2b1e7fb5}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9776a00-5022-11e2-8fa5-9229ff5adec4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9776a13-5022-11e2-8fa5-967db84d3f49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9776a13-5022-11e2-8fa5-967db84d3f49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9776a13-5022-11e2-8fa5-967db84d3f49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9776a13-5022-11e2-8fa5-967db84d3f49}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9db19fc-69d9-11e1-ac90-ed51aef582c6}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9db1a1c-69d9-11e1-ac90-ed51aef582c6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebb9e315-cee8-11de-80b0-00137763f795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebb9e315-cee8-11de-80b0-00137763f795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebb9e315-cee8-11de-80b0-00137763f795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebb9e315-cee8-11de-80b0-00137763f795}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebb9e317-cee8-11de-80b0-00137763f795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebb9e317-cee8-11de-80b0-00137763f795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebb9e317-cee8-11de-80b0-00137763f795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebb9e317-cee8-11de-80b0-00137763f795}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebb9e31a-cee8-11de-80b0-00137763f795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebb9e31a-cee8-11de-80b0-00137763f795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebb9e31a-cee8-11de-80b0-00137763f795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebb9e31a-cee8-11de-80b0-00137763f795}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee19981a-2453-11df-9f79-00137763f795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee19981a-2453-11df-9f79-00137763f795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee19981a-2453-11df-9f79-00137763f795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee19981a-2453-11df-9f79-00137763f795}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 100285 bytes
->Temporary Internet Files folder emptied: 672332 bytes

User: J. Lonergan
->Temp folder emptied: 727513554 bytes
->Temporary Internet Files folder emptied: 2658310602 bytes
->Java cache emptied: 4868780 bytes
->Flash cache emptied: 1151 bytes

User: J05D1~1~LON
->Temp folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 252690579 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,475.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: J. Lonergan
->Flash cache emptied: 492 bytes

User: J05D1~1~LON

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: J. Lonergan
->Java cache emptied: 0 bytes

User: J05D1~1~LON

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < C:\Windows\c20232.exe> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 02012013_180528
Files\Folders moved on Reboot...
File\Folder C:\Users\J. Lonergan\AppData\Local\Temp\Low\hsperfdata_J. Lonergan\6108 not found!
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QAXUFRD5\groupFileExchange[1].htm moved successfully.
File\Folder C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QAXUFRD5\push[1].htm not found!
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PXGNFC9Z\ads[7].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PXGNFC9Z\frame[1].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PXGNFC9Z\search[4].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PXGNFC9Z\showthread[7].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKLOVBW9\ads[5].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKLOVBW9\frame[1].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKLOVBW9\topframe[1].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFPJBK5Y\blank[1].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFPJBK5Y\search[1].htm moved successfully.
C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\Y2KW2WKX\index[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\Y2KW2WKX\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\W2354Z2A\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\W2354Z2A\rss_cacher[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\afr[1].htm moved successfully.
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\data_sync[1].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\pd[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\pd[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\pd[3].htm moved successfully.
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\pd[4].htm not found!
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\pd[5].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\rss_cacher[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\rss_cacher[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\rss_cacher[4].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\rss_cacher[5].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\rss_cacher[6].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\CF5YOZ9Q\st[1] moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\B7NCBF9I\afr[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\B7NCBF9I\OpenX-Ireland[5].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\B7NCBF9I\pd[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\B7NCBF9I\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\B7NCBF9I\rss_cacher[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\B7NCBF9I\rss_cacher[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\AWJV6CY9\160x600[1].htm moved successfully.
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\AWJV6CY9\160x600[2].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\AWJV6CY9\OpenX-Ireland[3].htm moved successfully.
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\AWJV6CY9\pd[1].htm not found!
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\AWJV6CY9\pd[2].htm not found!
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\AWJV6CY9\st[1] not found!
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\AWJV6CY9\st[2] not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\7H2YSKCV\pd[1].htm moved successfully.
File\Folder C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\pd[1].htm not found!
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[10].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[11].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[4].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[5].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[6].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[7].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[8].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\rss_cacher[9].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\7G4C6XD8\st[8] moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\2PEYAEBR\cms-2-frame[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\2PEYAEBR\pd[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\2PEYAEBR\pd[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\2PEYAEBR\ros[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\2PEYAEBR\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\20E3OIK3\afr[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\20E3OIK3\index[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\20E3OIK3\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\20E3OIK3\rss_cacher[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\20E3OIK3\rss_cacher[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1IJNB2RC\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\index[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\OpenX-Ireland[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\pd[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\pd[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\pd[4].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\rss_cacher[1].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\rss_cacher[2].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\rss_cacher[3].htm moved successfully.
C:\Windows\temp\Temporary Internet Files\Content.IE5\1ETWOYHW\rss_cacher[4].htm moved successfully.
File\Folder C:\Windows\temp\fla13B4.tmp not found!
File\Folder C:\Windows\temp\fla1D36.tmp not found!
C:\Windows\temp\fla4779.tmp moved successfully.
C:\Windows\temp\fla5186.tmp moved successfully.
C:\Windows\temp\flaA419.tmp moved successfully.
C:\Windows\temp\flaD44A.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

The second fix gave the following log:

OTL logfile created on: 01/02/2013 18:31:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\J. Lonergan\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.49% Memory free
3.50 Gb Paging File | 2.70 Gb Available in Paging File | 77.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.05 Gb Total Space | 42.43 Gb Free Space | 61.44% Space Free | Partition Type: NTFS
Drive

| 70.00 Gb Total Space | 69.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: SAMSUNG_R60 | User Name: J. Lonergan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: ATICustomerCare - hkey= - key= - C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: Freecorder FLV Service - hkey= - key= - File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0A33FC70-B565-FB58-EE64-FD7BFE5858D3} - Java (Sun)
ActiveX: {0e8d0700-75df-11d3-8b4a-0008c7450c4a} - Document Express DjVu Plug-in
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {283512D8-91E4-B355-9FFD-ADDE442DC0CB} - Browser Customizations
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {399CCE5F-D966-A586-D392-93520669DF92} - Java (Sun)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A003D024-453E-DB8D-688C-ACAF7112CE27} - Microsoft Windows Media Player 12.0
ActiveX: {BF8721D3-B5D4-B91D-F676-FDDAC949E354} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA8330DD-9699-76CD-A5DF-A1B3220CF10D} - Microsoft Windows Media Player 12.0
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\IR41_32.DLL (Intel(R) Corporation)
Unable to save MBR. Invalid drive designation: 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< C:\*.* >
[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 12:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/11/12 00:39:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/11/05 09:54:52 | 000,000,328 | ---- | M] () -- C:\dlcf.log
[2013/02/01 18:19:52 | 1407,844,352 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/08 03:18:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/08 03:18:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/02/01 18:19:53 | 1877,127,168 | -HS- | M] () -- C:\pagefile.sys
[2012/11/23 21:36:56 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/10/24 14:23:13 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/11 16:57:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2012/11/23 21:32:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Autodesk\AutoCAD 2013\UserDataCache
[2009/11/11 16:57:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2008/07/21 22:16:25 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\7.00
[2009/07/14 04:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/11/11 16:58:06 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/12/27 16:35:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2011/10/02 22:10:57 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2009/11/11 16:57:47 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2008/07/21 22:16:25 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\7.00
[2009/07/14 04:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/11/11 16:58:06 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/12/27 16:35:07 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2009/07/14 02:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2011/01/20 22:04:45 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData
[2011/05/18 18:43:03 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2011/01/20 22:05:26 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2011/03/01 07:59:55 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2011/01/20 22:05:31 | 000,000,000 | RH-D | M] -- C:\Users\Guest\AppData\Local\Microsoft\Windows\Burn\Burn
[2011/05/18 18:30:25 | 000,000,000 | RH-D | M] -- C:\Users\Guest\AppData\Local\Microsoft\Windows\Burn\Burn1
[2011/01/20 22:04:49 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Local\VirtualStore\ProgramData
[2011/01/20 22:05:30 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/03/01 08:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2011/03/01 07:59:52 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2011/03/01 07:59:53 | 000,000,000 | -H-D | M] -- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009/11/11 17:08:45 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\AppData
[2009/11/11 18:32:04 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2009/11/11 17:51:47 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2013/01/28 17:52:52 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2009/11/11 17:25:36 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\AppData\Local\Microsoft\Media Player\Art Cache
[2012/12/27 10:51:24 | 000,000,000 | RH-D | M] -- C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Burn\Burn
[2009/11/11 17:52:43 | 000,000,000 | RH-D | M] -- C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Burn\Burn1
[2010/08/17 19:47:54 | 000,000,000 | RH-D | M] -- C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Burn\Burn2
[2010/12/09 23:07:59 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2009/11/11 18:03:37 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2012/09/16 19:55:17 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\Documents\Engines\Honda\EU
[2012/09/16 19:55:17 | 000,000,000 | -H-D | M] -- C:\Users\J. Lonergan\Documents\Engines\Honda\USA
[2013/01/30 17:55:36 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 02:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010/03/10 21:18:15 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/11/11 16:58:11 | 000,000,000 | -H-D | M] -- C:\Windows\ehome\Samsung
[2009/11/11 16:58:57 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/11/11 16:58:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2010/10/29 20:48:14 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
[2009/11/11 16:58:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Recorded TV\TempRec
[2010/10/09 10:44:05 | 000,000,000 | -H-D | M] -- C:\Windows\System32\GroupPolicy
[2010/12/04 15:18:40 | 000,000,000 | -H-D | M] -- C:\Windows\System32\GroupPolicyUsers

< C:\c2*.exe /s >

< >

< End of report >

So where to next?

Thanks for your help so far by the way.

ASJ112 · 01-02-2013 8:18pm

download malwarebytes, update it, run a quick scan, post that log here

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

The Reamer · 01-02-2013 8:48pm

OK that's been done. It scanned and found 16 objects. Log as follows:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.01.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
J. Lonergan :: SAMSUNG_R60 [limited]
Protection: Enabled
01/02/2013 19:29:56
MBAM-log-2013-02-01 (19-47-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244521
Time elapsed: 13 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 14
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKCU\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\ykgee3362.exe (Trojan.Agent) -> No action taken.
C:\Windows\pn8.exe (Trojan.Agent) -> No action taken.
(end)

ASJ112 · 01-02-2013 9:28pm

Hows it running now, the gunshot still there ?

If so, download and run combofix, post the log it gives

http://www.bleepingcomputer.com/download/combofix/

The Reamer · 01-02-2013 9:40pm

Well I just ran the scan, I didn't remove the 16 detected items yet. Should I?

Anyway I won't know for a few days whether it's gone or not because sometimes it can not occur for (haha, one shot just there:)) a half a day or so and then return.

ASJ112 · 01-02-2013 9:51pm

oops missed that, yes have mbam fix those. actually go ahead with the combofix step now.

The Reamer · 01-02-2013 10:45pm

OK I have removed the 16 detected objects from Malwarebytes and the shooting noise is still there.

Now I have ran Combofix and rebooted and so far (30 minutes) I have not yet heard any shooting. Combofix gave this log:

**Oh yeah I have to go now but I will check back tomorrow. Thanks so much for all your help!

ComboFix 13-02-01.04 - J. Lonergan 01/02/2013 21:05:35.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.1790.933 [GMT 0:00]
Running from: C:\Users\J. Lonergan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89Z7IBZ6\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\security\Database\tmp.edb

((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))

2013-02-01 20:52:51 . 2013-02-01 20:52:51 54016 ----a-w- C:\Windows\system32\drivers\iobc.sys
2013-02-01 19:28:38 . 2013-02-01 19:28:38

d

w- C:\Users\J. Lonergan\AppData\Roaming\Malwarebytes
2013-02-01 19:28:27 . 2013-02-01 19:28:27

d

w- C:\ProgramData\Malwarebytes
2013-02-01 19:28:25 . 2013-02-01 19:28:30

d

w- C:\Program Files\Malwarebytes' Anti-Malware
2013-02-01 19:28:25 . 2012-12-14 16:49:28 21104 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-02-01 18:05:28 . 2013-02-01 18:05:28

d

w- C:\_OTL
2013-02-01 07:57:54 . 2013-01-15 02:49:22 6991832 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87EEF603-1C15-41B7-8C52-845C5DEE42D0}\mpengine.dll
2013-01-30 16:07:07 . 2012-08-23 14:10:40 12288 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-30 16:07:06 . 2012-08-23 14:44:32 14848 ----a-w- C:\Windows\system32\drivers\rdpvideominiport.sys
2013-01-30 16:07:04 . 2012-08-23 14:10:04 13312 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-30 16:07:04 . 2012-08-23 13:52:25 12800 ----a-w- C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-01-30 16:07:02 . 2012-08-23 14:40:25 49664 ----a-w- C:\Windows\system32\drivers\TsUsbFlt.sys
2013-01-30 16:07:00 . 2012-08-23 13:18:14 37376 ----a-w- C:\Windows\system32\tsgqec.dll
2013-01-30 16:06:59 . 2012-08-23 13:47:20 46592 ----a-w- C:\Windows\system32\MsRdpWebAccess.dll
2013-01-30 16:06:59 . 2012-08-23 13:46:20 16896 ----a-w- C:\Windows\system32\wksprtPS.dll
2013-01-30 16:06:59 . 2012-08-23 13:32:59 32768 ----a-w- C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-01-30 16:06:59 . 2012-08-23 11:40:43 56320 ----a-w- C:\Windows\system32\TSWbPrxy.exe
2013-01-30 16:06:59 . 2012-08-23 11:15:57 269312 ----a-w- C:\Windows\system32\aaclient.dll
2013-01-30 16:06:58 . 2012-08-23 14:48:14 221184 ----a-w- C:\Windows\system32\rdpudd.dll
2013-01-30 16:06:58 . 2012-08-23 11:32:48 317440 ----a-w- C:\Windows\system32\wksprt.exe
2013-01-30 16:06:58 . 2012-08-23 11:12:17 192000 ----a-w- C:\Windows\system32\rdpendp_winip.dll
2013-01-30 16:06:57 . 2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\system32\mstsc.exe
2013-01-30 16:06:57 . 2012-08-23 10:08:49 2739712 ----a-w- C:\Windows\system32\rdpcorets.dll
2013-01-30 16:06:56 . 2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\system32\mstscax.dll
2013-01-30 16:06:04 . 2013-01-30 16:04:57 740840

w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30644D5A-032F-4CF3-8B2E-1021D91179B3}\gapaengine.dll
2013-01-30 16:05:06 . 2013-01-15 02:49:22 6991832 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-30 15:59:37 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\system32\qdvd.dll
2013-01-30 15:59:32 . 2012-08-24 17:05:54 136560 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2013-01-30 15:59:32 . 2012-08-24 16:57:40 247808 ----a-w- C:\Windows\system32\schannel.dll
2013-01-30 15:59:31 . 2012-08-24 17:02:54 369856 ----a-w- C:\Windows\system32\drivers\cng.sys
2013-01-30 15:59:31 . 2012-08-24 16:56:48 1039360 ----a-w- C:\Windows\system32\lsasrv.dll
2013-01-30 15:04:35 . 2012-08-22 17:16:46 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys
2013-01-30 15:04:34 . 2012-07-04 19:45:31 33280 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
2013-01-30 15:04:34 . 2012-07-04 19:45:30 33280 ----a-w- C:\Windows\system32\drivers\rndismpx.sys
2013-01-30 15:03:34 . 2012-08-21 20:12:27 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe
2013-01-30 15:03:24 . 2012-10-03 16:58:30 1293680 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-01-30 15:03:24 . 2012-10-03 16:42:26 242176 ----a-w- C:\Windows\system32\nlasvc.dll
2013-01-30 15:03:24 . 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\system32\netcorehc.dll
2013-01-30 15:03:24 . 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\system32\ncsi.dll
2013-01-30 15:03:24 . 2012-10-03 16:40:35 499712 ----a-w- C:\Windows\system32\iphlpsvc.dll
2013-01-30 15:03:24 . 2012-08-22 17:16:46 240496 ----a-w- C:\Windows\system32\drivers\netio.sys
2013-01-30 15:03:24 . 2012-08-22 17:16:36 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-01-30 15:03:23 . 2012-10-03 16:42:26 52224 ----a-w- C:\Windows\system32\nlaapi.dll
2013-01-30 15:03:23 . 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\system32\netevent.dll
2013-01-30 15:03:23 . 2012-10-03 15:21:38 35328 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2013-01-30 15:02:36 . 2012-11-23 02:48:41 49152 ----a-w- C:\Windows\system32\taskhost.exe
2013-01-30 15:02:32 . 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\system32\dhcpcsvc6.dll
2013-01-30 15:02:32 . 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\system32\dhcpcore6.dll
2013-01-30 11:27:40 . 2013-01-30 11:27:40

d

w- C:\Users\J. Lonergan\AppData\Roaming\Thunderbird
2013-01-30 11:27:40 . 2013-01-30 11:27:40

d

w- C:\Users\J. Lonergan\AppData\Local\Thunderbird
2013-01-29 19:33:09 . 2013-01-29 19:34:20

d

w- C:\Program Files\Microsoft Security Client
2013-01-29 18:58:44 . 2013-01-29 18:58:45

d

w- C:\Windows\system32\SPReview
2013-01-29 18:57:40 . 2013-01-29 18:57:42

d

w- C:\Windows\system32\EventProviders
2013-01-29 18:54:16 . 2013-01-08 04:57:31 6991832 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{130474F0-CA11-4705-BA81-6E8C9AA09154}\mpengine.dll
2013-01-29 18:50:11 . 2011-03-25 02:58:07 284672 ----a-w- C:\Windows\system32\drivers\usbport.sys
2013-01-29 18:50:11 . 2011-03-25 02:57:58 43008 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2013-01-29 18:50:10 . 2011-03-25 02:58:37 258560 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2013-01-29 18:50:10 . 2011-03-25 02:58:06 75776 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2013-01-29 18:50:10 . 2011-03-25 02:57:58 20480 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2013-01-29 18:50:10 . 2011-03-25 02:57:56 24064 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2013-01-29 18:50:10 . 2011-03-25 02:57:53 5888 ----a-w- C:\Windows\system32\drivers\usbd.sys
2013-01-29 18:45:58 . 2010-11-20 12:29:59 520064 ----a-w- C:\Windows\system32\mcupdate_GenuineIntel.dll
2013-01-29 18:43:59 . 2010-11-20 12:21:39 21504 ----a-w- C:\Windows\system32\wsdchngr.dll
2013-01-29 18:36:35 . 2011-03-11 05:39:00 143744 ----a-w- C:\Windows\system32\drivers\nvstor.sys
2013-01-29 18:36:35 . 2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\system32\esent.dll
2013-01-29 18:36:34 . 2011-03-11 05:39:00 117120 ----a-w- C:\Windows\system32\drivers\nvraid.sys
2013-01-29 18:36:33 . 2011-03-11 05:39:05 148864 ----a-w- C:\Windows\system32\drivers\storport.sys
2013-01-29 18:36:33 . 2011-03-11 05:38:51 332160 ----a-w- C:\Windows\system32\drivers\iaStorV.sys
2013-01-29 18:36:33 . 2011-03-11 05:38:37 80256 ----a-w- C:\Windows\system32\drivers\amdsata.sys
2013-01-29 18:36:33 . 2011-03-11 05:38:37 22400 ----a-w- C:\Windows\system32\drivers\amdxata.sys
2013-01-29 18:36:32 . 2011-03-11 05:31:07 74240 ----a-w- C:\Windows\system32\fsutil.exe
2013-01-29 18:10:02 . 2012-07-06 19:23:23 393728 ----a-w- C:\Windows\system32\drivers\bthport.sys
2013-01-29 18:10:02 . 2011-04-28 03:15:03 60416 ----a-w- C:\Windows\system32\drivers\BTHUSB.SYS
2013-01-29 18:10:02 . 2010-11-20 12:17:11 219648 ----a-w- C:\Windows\system32\fsquirt.exe
2013-01-29 18:04:20 . 2013-01-29 18:04:20

d

w- C:\Users\J. Lonergan\AppData\Local\Apps
2013-01-29 17:02:43 . 2013-01-29 17:02:43

d

w- C:\Users\J. Lonergan\AppData\Local\Programs
2013-01-28 19:01:08 . 2013-01-28 19:01:08

d

w- C:\Windows\system32\Adobe
2013-01-28 18:57:24 . 2013-01-28 18:57:24

d

w- C:\Users\J. Lonergan\AppData\Local\Macromedia
2013-01-28 18:56:03 . 2013-01-28 18:56:03

d

w- C:\Users\J. Lonergan\AppData\Local\Mozilla
2013-01-28 18:17:54 . 2013-01-28 18:17:54

d

w- C:\Users\J. Lonergan\AppData\Local\ElevatedDiagnostics
2013-01-11 17:53:47 . 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\system32\atmfd.dll
2013-01-11 17:53:47 . 2010-09-30 06:47:59 70656 ----a-w- C:\Windows\system32\fontsub.dll
2013-01-11 17:53:46 . 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\system32\atmlib.dll
2013-01-11 16:36:17 . 2012-07-26 03:39:21 526952 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2013-01-11 16:36:17 . 2012-07-26 03:39:21 47720 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2013-01-11 16:36:17 . 2012-07-26 02:46:47 9728 ----a-w- C:\Windows\system32\Wdfres.dll
2013-01-11 16:35:00 . 2012-07-26 03:20:40 73216 ----a-w- C:\Windows\system32\WUDFSvc.dll
2013-01-11 16:35:00 . 2012-07-26 03:20:40 172032 ----a-w- C:\Windows\system32\WUDFPlatform.dll
2013-01-11 16:35:00 . 2012-07-26 02:33:43 66560 ----a-w- C:\Windows\system32\drivers\WUDFPf.sys
2013-01-11 16:35:00 . 2012-07-26 02:32:51 155136 ----a-w- C:\Windows\system32\drivers\WUDFRd.sys
2013-01-11 16:34:59 . 2012-07-26 03:20:40 38912 ----a-w- C:\Windows\system32\WUDFCoinstaller.dll
2013-01-11 16:34:58 . 2012-07-26 03:21:03 196608 ----a-w- C:\Windows\system32\WUDFHost.exe
2013-01-11 16:34:58 . 2012-07-26 03:20:40 613888 ----a-w- C:\Windows\system32\WUDFx.dll
2013-01-11 16:33:39 . 2012-03-01 05:46:57 19824 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2013-01-11 16:33:39 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\system32\wmi.dll
2013-01-11 16:33:38 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\system32\imagehlp.dll
2013-01-11 16:01:31 . 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\system32\msxml3.dll
2013-01-11 16:01:31 . 2010-06-26 03:24:10 2048 ----a-w- C:\Windows\system32\msxml3r.dll
2013-01-11 16:01:20 . 2012-05-05 07:46:52 400896 ----a-w- C:\Windows\system32\srcore.dll
2013-01-11 16:01:20 . 2010-11-20 12:17:34 262656 ----a-w- C:\Windows\system32\rstrui.exe
2013-01-11 15:59:15 . 2012-11-30 04:53:34 169984 ----a-w- C:\Windows\system32\winsrv.dll
2013-01-11 15:58:59 . 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\system32\cdosys.dll
2013-01-11 15:57:57 . 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\system32\msxml6.dll
2013-01-11 15:56:59 . 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\system32\msscntrs.dll
2013-01-11 15:55:57 . 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\system32\timedate.cpl
2013-01-11 15:55:53 . 2011-10-15 05:38:59 534528 ----a-w- C:\Windows\system32\EncDec.dll
2013-01-11 15:55:49 . 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\system32\poqexec.exe
2013-01-11 15:55:47 . 2011-04-22 19:14:16 27008 ----a-w- C:\Windows\system32\drivers\Diskdump.sys
2013-01-11 15:31:40 . 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-01-11 15:30:16 . 2011-02-03 05:54:43 219008 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2013-01-11 15:30:16 . 2010-11-20 12:29:47 728448 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2013-01-11 15:30:16 . 2010-11-20 11:56:47 107520 ----a-w- C:\Windows\system32\cdd.dll
2013-01-11 15:17:28 . 2012-06-02 22:19:33 53784 ----a-w- C:\Windows\system32\wuauclt.exe
2013-01-11 15:17:28 . 2012-06-02 22:19:33 45080 ----a-w- C:\Windows\system32\wups2.dll
2013-01-11 15:17:27 . 2012-06-02 22:19:17 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
2013-01-11 15:17:27 . 2012-06-02 22:12:32 2422272 ----a-w- C:\Windows\system32\wucltux.dll
2013-01-11 15:17:18 . 2012-06-02 22:19:32 35864 ----a-w- C:\Windows\system32\wups.dll
2013-01-11 15:17:18 . 2012-06-02 22:19:23 577048 ----a-w- C:\Windows\system32\wuapi.dll
2013-01-11 15:17:18 . 2012-06-02 22:12:13 88576 ----a-w- C:\Windows\system32\wudriver.dll
2013-01-11 15:17:12 . 2012-06-02 15:19:42 171904 ----a-w- C:\Windows\system32\wuwebv.dll
2013-01-11 15:17:12 . 2012-06-02 15:12:20 33792 ----a-w- C:\Windows\system32\wuapp.exe
2013-01-11 14:55:25 . 2013-01-11 14:55:26

d

w- C:\Windows\Panther
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-01-30 14:15:18 . 2009-07-14 02:05:42 152576 ----a-w- C:\Windows\system32\msclmd.dll
2013-01-30 10:53:21 . 2009-10-03 11:28:51 232336

w- C:\Windows\system32\MpSigStub.exe
2013-01-28 19:04:43 . 2012-11-12 21:09:45 697864 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-01-28 19:04:42 . 2012-02-03 20:39:47 74248 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-12-19 15:36:24 . 2012-12-27 09:27:24 188328 ----a-w- C:\Windows\system32\drivers\VBoxDrv.sys
2012-12-19 15:36:10 . 2012-12-19 15:36:10 104872 ----a-w- C:\Windows\system32\drivers\VBoxNetAdp.sys
2012-12-19 15:35:16 . 2012-12-27 09:27:04 94632 ----a-w- C:\Windows\system32\drivers\VBoxUSBMon.sys
2012-12-19 15:35:16 . 2012-12-19 15:35:16 84904 ----a-w- C:\Windows\system32\drivers\VBoxUSB.sys
2012-11-16 17:57:42 . 2012-11-16 17:57:42 3584 ----a-r- C:\Users\J. Lonergan\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-11-08 11:29:12 . 2012-11-08 11:29:12 1402312 ----a-w- C:\Windows\system32\msxml4.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\J. Lonergan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\J. Lonergan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\J. Lonergan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-12-23 22:07:30 492544 ----a-w- C:\Program Files\Classic Shell\ClassicExplorer32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\J. Lonergan\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 10:53:36 4441920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 06:40:50 857648]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 03:27:50 6273568]
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe" [2010-12-23 22:07:32 91648]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 09:21:28 648072]
"ADSK DLMSession"="C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 17:32:20 1632216]
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 23:01:38 383424]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 17:19:44 947176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 16:49:28 512360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"NoHotStart"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 12:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-14 18:24:46 307200 ----a-r- C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 10:57:36 1451520 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [x]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\system32\Drivers\SABI.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;C:\Windows\system32\DRIVERS\kmdfmemio.sys [x]
S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x86.sys [x]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBAMPROTECTOR
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
Contents of the 'Scheduled Tasks' folder
2013-02-01 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 21:09:46 . 2013-01-28 19:04:43]

Supplementary Scan

uStart Page = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 193.1.186.2 193.1.186.3
TCP: Interfaces\{F90B6120-35A6-483D-B3D2-89690019C166}: NameServer = 62.40.32.33 8.8.8.8

File Associations

.scr=AutoCADScriptFile
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
HKU-Default-RunOnce-FlashPlayerUpdate - C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Freecorder FLV Service - C:\Program Files\Freecorder\FLVSrvc.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
AddRemove-Nokia PC Suite - C:\ProgramData\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_web.exe

**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
CreateFile("[URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL]"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
**************************************************************************

LOCKED REGISTRY KEYS

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{553891B7-A0D5-4526-BE18-D3CE461D6310}"=hex:51,66,7a,6c,4c,1d,38,12,d9,92,2b,
51,e7,ee,48,00,c1,0e,90,8e,43,43,27,04
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{449D0D6E-2412-4E61-B68F-1CB625CD9E52}"=hex:51,66,7a,6c,4c,1d,38,12,00,0e,8e,
40,20,6a,0f,0b,c9,99,5f,f6,20,93,da,46
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:17,93,29,e3,46,fe,cd,01
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,0a,0a,fb,04,b5,09,46,bd,11,39,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,0a,0a,fb,04,b5,09,46,bd,11,39,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Completion time: 2013-02-01 21:32:31
ComboFix-quarantined-files.txt 2013-02-01 21:32:31
Pre-Run: 45,091,282,944 bytes free
Post-Run: 45,195,243,520 bytes free
- - End Of File - - 8D637FF192FDEFA98D9AF1445C7D378C

ASJ112 · 01-02-2013 11:20pm

run tdsskiller and aswmbr and post the logs from them

http://www.bleepingcomputer.com/download/tdsskiller/
http://www.bleepingcomputer.com/download/aswmbr/

The Reamer · 05-02-2013 1:07pm

It's still there. The logs for the above two scans as follows:

TDSkiller(attached image)

ASWMBR

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-05 12:00:59

12:00:59.348 OS Version: Windows 6.1.7601 Service Pack 1
12:00:59.348 Number of processors: 2 586 0xF0D
12:00:59.358 ComputerName: SAMSUNG_R60 UserName: J. Lonergan
12:01:10.318 Initialize success
12:01:23.738 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:01:23.738 Disk 0 Vendor: Size: 0MB BusType: 0
12:01:23.748 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007a
12:01:23.748 Disk 1 Vendor: Size: 0MB BusType: 0
12:01:23.758 Device \Driver\atapi -> DriverStartIo 85e850ae
12:01:23.778 Disk 0 MBR read successfully
12:01:23.788 Disk 0 MBR scan
12:01:23.798 Disk 0 unknown MBR code
12:01:23.808 Disk 0 MBR hidden
12:01:23.818 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
12:01:23.838 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 70706 MB offset 20973568
12:01:23.868 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71679 MB offset 165779456
12:01:23.938 Disk 0 scanning C:\Windows\system32\drivers
12:01:33.788 Service scanning
12:02:15.127 Modules scanning
12:02:28.735 Disk 0 trace - called modules:
12:02:28.737 ntoskrnl.exe >>UNKNOWN [0x85e84a2e]<<
12:02:28.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ce15c0]
12:02:28.738 \Driver\Disk[0x85ce06b0] -> IRP_MJ_READ -> 0x85e84a2e
12:02:28.738 Scan finished successfully
12:03:37.236 Disk 0 MBR has been saved successfully to "C:\Users\J. Lonergan\Desktop\MBR.dat"
12:03:37.256 The log file has been saved successfully to "C:\Users\J. Lonergan\Desktop\aswMBR.txt"
______________________________________________________

I didn't apply the fix as I got a warning as shown in the second image

ASJ112 · 05-02-2013 1:49pm

You can apply the fix with aswmbr

The Reamer · 05-02-2013 8:58pm

Fix applied and rebooted.

It's still banging away from time to time.

JJJJNR · 05-02-2013 9:07pm

Download this live CD and boot from it, it will remove everything.

ftp://rescuedisk.kaspersky-labs.com/rescuedisk/

The Reamer · 07-02-2013 12:21pm

I rebooted and I haven't heard it since yesterday morning. I'd say it is probably solved.

Random "gunshot" sound effect from laptop - virus?

Comments