Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Desktop Icons Enlarged
Options
-
04-09-2013 7:26pm#1
Comments
-
-
I closed all progs and got the two reports, but then thought maybe BB should have been disconnected so deleted reports and ran scan again but only got the one report. So connected BB and ran scan, again only one report as below.
OTL logfile created on: 05/09/2013 19:42:09 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.12% Memory free
5.98 Gb Paging File | 5.12 Gb Available in Paging File | 85.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 121.79 Gb Free Space | 81.76% Space Free | Partition Type: NTFS
Drive I: | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/05 19:21:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Downloads\OTL.exe
PRC - [2013/08/30 08:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/08/30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/05/16 18:34:50 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/16 18:34:50 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
MOD - [2009/11/05 09:33:12 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\SMSPlugin.dll
MOD - [2009/11/05 09:33:12 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\XCodec.dll
MOD - [2009/11/05 09:33:10 | 000,552,960 | ---- | M] () -- C:\Program Files\Broadband to go\atcomm.dll
MOD - [2009/11/05 09:33:10 | 000,151,552 | ---- | M] () -- C:\Program Files\Broadband to go\DetectDev.dll
MOD - [2009/11/05 09:33:10 | 000,135,168 | ---- | M] () -- C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
MOD - [2009/11/05 09:33:10 | 000,090,112 | ---- | M] () -- C:\Program Files\Broadband to go\FileManager.dll
MOD - [2009/11/05 09:33:10 | 000,086,016 | ---- | M] () -- C:\Program Files\Broadband to go\DialUpPlugin.dll
MOD - [2009/11/05 09:33:10 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceOperate.dll
MOD - [2009/11/05 09:33:10 | 000,057,344 | ---- | M] () -- C:\Program Files\Broadband to go\ConfigFilePlugin.dll
MOD - [2009/11/05 09:33:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Broadband to go\NotifyServicePlugin.dll
MOD - [2009/11/05 09:33:10 | 000,014,848 | ---- | M] () -- C:\Program Files\Broadband to go\isaputrace.dll
MOD - [2009/09/19 11:08:04 | 000,118,784 | ---- | M] () -- C:\Program Files\Broadband to go\NetInfoPlugin.dll
MOD - [2009/08/29 16:18:34 | 000,888,832 | ---- | M] () -- C:\Program Files\Broadband to go\NDISAPI.dll
MOD - [2009/07/31 11:26:22 | 000,172,032 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
MOD - [2009/07/30 22:01:08 | 000,110,592 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
========== Services (SafeList) ==========
SRV - [2013/08/30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/08/17 19:40:22 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2013/08/30 08:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 08:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 08:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 08:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 08:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/08/30 08:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 08:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 08:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/08/20 10:22:04 | 000,011,552 | ---- | M] (Glarysoft Ltd) [Kernel | On_Demand | Running] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - [2013/02/12 21:59:12 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/12/23 07:06:56 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 6F 54 2B 11 6D CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.40
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/04 18:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/02/01 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2013/08/03 18:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\mpyr80mt.default-1365264858644\extensions
[2013/08/03 18:12:16 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\mpyr80mt.default-1365264858644\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/07/31 19:43:27 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\mpyr80mt.default-1365264858644\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 19:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 19:40:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/04 18:59:55 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E20DBCB9-0D07-4B6B-8CDB-20EF4FC22E8B}: NameServer = 212.129.64.220 212.129.64.221
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/05 01:34:52 | 000,000,047 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06c7ddf3-9d48-11e2-a388-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{06c7ddf3-9d48-11e2-a388-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{443d39f2-efcf-11e2-a48c-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{443d39f2-efcf-11e2-a48c-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5c1a038c-be4d-11e2-bf1e-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1a038c-be4d-11e2-bf1e-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5c1a0399-be4d-11e2-bf1e-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1a0399-be4d-11e2-bf1e-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6d88a759-9f8f-11e2-8545-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{6d88a759-9f8f-11e2-8545-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9561bfb8-b73c-11e2-af52-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{9561bfb8-b73c-11e2-af52-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{96e86e33-bf17-11e2-bb1e-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{96e86e33-bf17-11e2-bb1e-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{aa349226-9bc3-11e2-a9a0-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{aa349226-9bc3-11e2-a9a0-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bdc479bf-a2ad-11e2-b692-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{bdc479bf-a2ad-11e2-b692-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cfed3ec2-d68e-11e2-aaf9-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{cfed3ec2-d68e-11e2-aaf9-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d5f812ed-9ba2-11e2-93e8-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{d5f812ed-9ba2-11e2-93e8-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d5f812f9-9ba2-11e2-93e8-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{d5f812f9-9ba2-11e2-93e8-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1122df2-b4d9-11e2-b5ae-001b78824770}\Shell - "" = AutoRun
O33 - MountPoints2\{e1122df2-b4d9-11e2-b5ae-001b78824770}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/02 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\SumatraPDF
[2013/09/02 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2013/09/02 20:47:31 | 004,058,096 | ---- | C] (Krzysztof Kowalczyk) -- C:\Users\HP\Desktop\SumatraPDF-2.3.2-install.exe
[2013/08/17 19:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/14 20:12:00 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Any Video Converter Professional
[2013/08/07 19:15:29 | 000,101,664 | ---- | C] (Glarysoft Ltd) -- C:\Windows\System32\BootDefrag.exe
========== Files - Modified Within 30 Days ==========
[2013/09/05 19:35:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/05 19:35:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/05 19:10:54 | 004,132,864 | ---- | M] () -- C:\Users\HP\Documents\My Money.mny
[2013/09/05 19:10:54 | 000,658,112 | R--- | M] () -- C:\Users\HP\Documents\My Money Backup_2013-09-05_191053.mbf
[2013/09/05 18:42:15 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/05 18:42:15 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/05 18:38:52 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/05 18:38:52 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/05 18:37:50 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/09/05 18:36:49 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/09/05 18:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/05 18:33:39 | 2409,082,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/04 18:59:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/09/02 20:47:52 | 004,058,096 | ---- | M] (Krzysztof Kowalczyk) -- C:\Users\HP\Desktop\SumatraPDF-2.3.2-install.exe
[2013/08/30 20:56:31 | 000,641,640 | R--- | M] () -- C:\Users\HP\Documents\My Money Backup_2013-08-30_205629.mbf
[2013/08/30 08:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/30 08:48:13 | 000,177,864 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/30 08:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/30 08:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/30 08:48:12 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/08/30 08:48:12 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/30 08:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/30 08:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/30 08:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/30 08:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/08/27 21:28:14 | 000,633,944 | R--- | M] () -- C:\Users\HP\Documents\My Money Backup_2013-08-27_212812.mbf
[2013/08/26 21:57:32 | 000,000,259 | ---- | M] () -- C:\Users\HP\Desktop\GAS LINE #15 WATCH THIS CAREFULLY.URL
[2013/08/26 19:46:12 | 000,002,616 | ---- | M] () -- C:\Users\HP\Desktop\NEW GAS QUOTE.lnk
[2013/08/26 19:46:12 | 000,002,499 | ---- | M] () -- C:\Users\HP\Desktop\NEW OIL QUOTE.lnk
[2013/08/26 19:46:12 | 000,002,373 | ---- | M] () -- C:\Users\HP\Desktop\REPAIRS TO OIL BOILER QUOTE.lnk
[2013/08/26 19:46:12 | 000,001,820 | ---- | M] () -- C:\Users\HP\Desktop\ELECTRIC QUOTE.lnk
[2013/08/26 19:46:11 | 000,001,098 | ---- | M] () -- C:\Users\HP\Desktop\MY DOCUMENTS.lnk
[2013/08/23 18:11:34 | 000,001,026 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/08/20 10:21:54 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- C:\Windows\System32\BootDefrag.exe
[2013/08/18 19:22:24 | 000,000,221 | ---- | M] () -- C:\Users\HP\Desktop\U Tube to MP3.URL
[2013/08/18 19:02:20 | 000,001,216 | ---- | M] () -- C:\Users\HP\Desktop\MY MUSIC.lnk
[2013/08/15 19:55:59 | 000,060,068 | ---- | M] () -- C:\Users\HP\Desktop\HEADER TANK PIPING.jpg
[2013/08/14 20:10:37 | 000,001,121 | ---- | M] () -- C:\Users\HP\Desktop\Any Video Converter.lnk
========== Files Created - No Company Name ==========
[2013/09/05 19:10:54 | 000,658,112 | R--- | C] () -- C:\Users\HP\Documents\My Money Backup_2013-09-05_191053.mbf
[2013/09/02 20:51:47 | 000,001,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2013/08/30 20:56:31 | 000,641,640 | R--- | C] () -- C:\Users\HP\Documents\My Money Backup_2013-08-30_205629.mbf
[2013/08/27 21:28:14 | 000,633,944 | R--- | C] () -- C:\Users\HP\Documents\My Money Backup_2013-08-27_212812.mbf
[2013/08/26 21:57:32 | 000,000,259 | ---- | C] () -- C:\Users\HP\Desktop\GAS LINE #15 WATCH THIS CAREFULLY.URL
[2013/08/23 20:21:04 | 000,002,373 | ---- | C] () -- C:\Users\HP\Desktop\REPAIRS TO OIL BOILER QUOTE.lnk
[2013/08/23 20:08:11 | 000,002,499 | ---- | C] () -- C:\Users\HP\Desktop\NEW OIL QUOTE.lnk
[2013/08/23 19:55:32 | 000,002,616 | ---- | C] () -- C:\Users\HP\Desktop\NEW GAS QUOTE.lnk
[2013/08/18 19:22:24 | 000,000,221 | ---- | C] () -- C:\Users\HP\Desktop\U Tube to MP3.URL
[2013/08/17 20:30:49 | 000,001,216 | ---- | C] () -- C:\Users\HP\Desktop\MY MUSIC.lnk
[2013/08/15 19:55:58 | 000,060,068 | ---- | C] () -- C:\Users\HP\Desktop\HEADER TANK PIPING.jpg
[2013/08/15 19:53:59 | 000,001,098 | ---- | C] () -- C:\Users\HP\Desktop\MY DOCUMENTS.lnk
[2013/06/28 17:49:54 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 18:06:59 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 18:06:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/16 19:41:00 | 000,000,017 | ---- | C] () -- C:\Users\HP\AppData\Local\resmon.resmoncfg
[2013/06/10 17:36:17 | 000,000,440 | RHS- | C] () -- C:\Users\HP\ntuser.pol
[2013/04/09 17:54:48 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb7mlm.dll
[2013/04/03 18:38:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/02 18:21:33 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/02 18:21:33 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/02/02 16:51:35 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/02/02 16:50:21 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/02/02 16:21:23 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BF3D62E7
< End of report >
This little thing like a flagpole keeps cropping up, you can see the message I get when hoover over it, I've never clicked on it because it seems very suspicious to me.
edit: apparently it's a windows defender message but I dont use WD and have it turned off.
0 -
-
-
-
Advertisement
-
Advertisement