My computer has started running very slow and Mozilla is having problems connecting via LAN (cable) and keeps losing the connection. My sons laptop connects wirelessly and works fine.
I have followed your removal guide and attached the Logs. Cannot run GMER, not sure if that is because i'm running Windows 7 X64.
Hope this is enough information.
Any help much appreciated.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4304
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/07/2010 08:48:46
mbam-log-2010-07-12 (08-48-46).txt
Scan type: Quick scan
Objects scanned: 129632
Time elapsed: 2 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL LOG
OTL logfile created on: 7/12/2010 8:58:59 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Neil\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689.82 Gb Total Space | 636.52 Gb Free Space | 92.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NEIL-PC
Current User Name: Neil
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/12 08:58:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Downloads\OTL.exe
PRC - [2010/07/05 16:16:44 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/27 10:21:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/27 10:21:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 18:07:02 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/06/07 18:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/05 14:09:38 | 000,729,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2009/09/26 06:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/09/26 06:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/03 11:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
========== Modules (SafeList) ==========
MOD - [2010/07/12 08:58:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Downloads\OTL.exe
MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/17 16:40:54 | 000,117,568 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/11 09:04:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/07 18:07:12 | 000,524,784 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
SRV - [2010/06/07 18:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/14 20:07:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/05 13:57:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/05 13:56:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/06/28 21:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/12 17:07:22 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/10/02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/30 01:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/30 01:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/21 21:50:48 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:64bit: - [2009/07/27 07:50:06 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/11 09:40:42 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/30 06:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/06/07 18:07:18 | 000,056,304 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
DRV - [2010/06/07 18:07:12 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
DRV - [2010/05/26 16:42:01 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/27 15:17:41 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/27 15:17:41 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/16 01:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090916.024\ex64.sys -- (NAVEX15)
DRV - [2009/09/16 01:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090916.024\eng64.sys -- (NAVENG)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USSMB/2
IE - HKCU\..\URLSearchHook: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...lcache=2&hl=en"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2504091&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 10:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/30 07:07:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 10:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/30 07:07:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 10:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/30 07:07:54 | 000,000,000 | ---D | M]
[2010/02/12 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Mozilla\Extensions
[2010/07/11 10:44:13 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\extensions
[2010/07/09 07:17:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/03 11:05:21 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/17 14:03:28 | 000,000,903 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\searchplugins\conduit.xml
[2010/06/17 10:59:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/17 10:59:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/12 17:31:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2010/06/17 10:59:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/01/10 12:19:46 | 000,389,632 | ---- | M] (InfoMill Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\Npgfxv.dll
[1997/07/25 17:11:50 | 000,304,128 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\Pngdll.dll
[2010/02/01 20:32:07 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/01 20:32:07 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/01 20:32:07 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/01 20:32:07 | 000,002,014 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\foxstart.xml
[2010/02/01 20:32:07 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Isohunt-vuze Toolbar) - {6C3A1DE1-94CA-4AD6-ACDF-C1324ADC487B} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\LIVESSP.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\LIVESSP.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/07/12 08:45:32 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\Malwarebytes
[2010/07/12 08:45:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/12 08:45:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/12 08:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/12 08:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/12 08:44:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/12 08:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/12 08:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/03 11:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/06/29 21:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/29 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/29 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/29 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/29 21:12:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/29 17:14:21 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/18 08:55:48 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\Ableton
[2010/06/18 08:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010/06/17 21:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/17 21:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/09 19:52:57 | 000,000,000 | ---D | C] -- C:\Users\Neil\Desktop\Joe college
[2010/06/09 13:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/06/04 06:42:02 | 000,248,832 | ---- | C] (Infomill Ltd) -- C:\Windows\SysWow64\imgfxtif.dll
[2010/05/23 19:32:17 | 000,000,000 | ---D | C] -- C:\Users\Neil\Documents\Canon Utilities
[2010/05/22 13:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
========== Files - Modified Within 90 Days ==========
[2010/07/12 08:59:14 | 004,456,448 | -HS- | M] () -- C:\Users\Neil\NTUSER.DAT
[2010/07/12 08:47:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 08:47:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 08:45:29 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 08:44:04 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/12 08:44:04 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/12 08:44:04 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/12 08:43:51 | 000,001,102 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/12 08:43:43 | 000,000,922 | ---- | M] () -- C:\Users\Neil\Desktop\NTREGOPT.lnk
[2010/07/12 08:43:43 | 000,000,903 | ---- | M] () -- C:\Users\Neil\Desktop\ERUNT.lnk
[2010/07/12 08:41:25 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 08:41:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 08:39:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 08:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 08:39:40 | 504,713,215 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 08:39:06 | 002,618,275 | -H-- | M] () -- C:\Users\Neil\AppData\Local\IconCache.db
[2010/07/09 07:23:26 | 000,132,608 | ---- | M] () -- C:\Users\Neil\Documents\PhotoTrekBooking Neil Callaway Keyhaven.wps
[2010/07/09 07:23:26 | 000,002,226 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\wklnhst.dat
[2010/07/03 11:05:50 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/07/03 11:05:50 | 000,001,846 | ---- | M] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/30 07:07:55 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/29 21:13:41 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/29 17:14:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/06/29 12:30:52 | 000,012,951 | ---- | M] () -- C:\Users\Neil\Documents\Travelodge address.docx
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 21:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 21:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 21:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 21:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 21:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/24 16:42:50 | 000,050,948 | ---- | M] () -- C:\Users\Neil\Documents\crest_transfer_form.pdf
[2010/06/10 15:44:31 | 002,346,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/22 13:25:27 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2010/05/22 13:20:13 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/16 11:21:01 | 006,321,664 | ---- | M] () -- C:\Users\Neil\Documents\Publication1 mum.pub
========== Files Created - No Company Name ==========
[2010/07/12 08:45:29 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 08:43:51 | 000,001,102 | ---- | C] () -- C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/12 08:43:43 | 000,000,922 | ---- | C] () -- C:\Users\Neil\Desktop\NTREGOPT.lnk
[2010/07/12 08:43:43 | 000,000,903 | ---- | C] () -- C:\Users\Neil\Desktop\ERUNT.lnk
[2010/07/07 14:54:48 | 000,132,608 | ---- | C] () -- C:\Users\Neil\Documents\PhotoTrekBooking Neil Callaway Keyhaven.wps
[2010/07/03 11:05:50 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/07/03 11:05:50 | 000,001,846 | ---- | C] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/29 21:13:41 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/29 12:30:51 | 000,012,951 | ---- | C] () -- C:\Users\Neil\Documents\Travelodge address.docx
[2010/06/24 16:42:50 | 000,050,948 | ---- | C] () -- C:\Users\Neil\Documents\crest_transfer_form.pdf
[2010/06/09 13:31:46 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/09 13:31:45 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 13:25:27 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2010/05/22 13:20:13 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2010/04/15 17:28:32 | 006,321,664 | ---- | C] () -- C:\Users\Neil\Documents\Publication1 mum.pub
[2010/02/19 09:44:38 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/12 17:07:35 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2010/02/05 13:57:21 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/05 13:57:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/05 13:57:20 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2010/02/05 13:57:20 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2010/02/05 13:57:20 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2010/02/05 13:57:20 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2010/02/05 13:57:20 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2010/02/05 13:57:20 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2010/02/05 13:57:19 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2010/02/05 13:57:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2010/02/05 13:57:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2010/02/05 13:57:19 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2010/02/05 13:57:19 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2010/02/05 13:57:19 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2010/02/05 13:57:19 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009/08/26 06:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/06/18 08:55:48 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Ableton
[2010/07/10 09:55:09 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Azureus
[2010/03/13 14:49:23 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Canon
[2010/02/19 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\NVD
[2010/02/28 12:33:30 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\SoftGrid Client
[2010/02/18 15:13:44 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Template
[2010/02/19 09:45:28 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\TP
[2010/03/05 17:57:54 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Trusteer
[2010/06/01 17:00:17 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/05 22:46:35 | 000,004,340 | RH-- | M] () -- C:\dell.sdr
[2010/07/12 08:39:40 | 504,713,215 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 08:39:42 | 2104,610,815 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL logfile created on: 7/12/2010 8:58:59 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Neil\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689.82 Gb Total Space | 636.52 Gb Free Space | 92.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NEIL-PC
Current User Name: Neil
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/12 08:58:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Downloads\OTL.exe
PRC - [2010/07/05 16:16:44 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/27 10:21:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/27 10:21:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 18:07:02 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/06/07 18:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/05 14:09:38 | 000,729,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2009/09/26 06:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/09/26 06:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/03 11:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
========== Modules (SafeList) ==========
MOD - [2010/07/12 08:58:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Downloads\OTL.exe
MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/17 16:40:54 | 000,117,568 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/11 09:04:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/07 18:07:12 | 000,524,784 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
SRV - [2010/06/07 18:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/14 20:07:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/05 13:57:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/05 13:56:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/06/28 21:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/12 17:07:22 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/10/02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/30 01:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/30 01:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/21 21:50:48 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:64bit: - [2009/07/27 07:50:06 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/11 09:40:42 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/30 06:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/06/07 18:07:18 | 000,056,304 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
DRV - [2010/06/07 18:07:12 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
DRV - [2010/05/26 16:42:01 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/27 15:17:41 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/27 15:17:41 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/16 01:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090916.024\ex64.sys -- (NAVEX15)
DRV - [2009/09/16 01:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090916.024\eng64.sys -- (NAVENG)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USSMB/2
IE - HKCU\..\URLSearchHook: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...lcache=2&hl=en"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2504091&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 10:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/30 07:07:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 10:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/30 07:07:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 10:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/30 07:07:54 | 000,000,000 | ---D | M]
[2010/02/12 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Mozilla\Extensions
[2010/07/11 10:44:13 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\extensions
[2010/07/09 07:17:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/03 11:05:21 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/17 14:03:28 | 000,000,903 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\fk7qa7h5.default\searchplugins\conduit.xml
[2010/06/17 10:59:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/17 10:59:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/12 17:31:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2010/06/17 10:59:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/01/10 12:19:46 | 000,389,632 | ---- | M] (InfoMill Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\Npgfxv.dll
[1997/07/25 17:11:50 | 000,304,128 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\Pngdll.dll
[2010/02/01 20:32:07 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/01 20:32:07 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/01 20:32:07 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/01 20:32:07 | 000,002,014 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\foxstart.xml
[2010/02/01 20:32:07 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Isohunt-vuze Toolbar) - {6C3A1DE1-94CA-4AD6-ACDF-C1324ADC487B} - C:\Program Files (x86)\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\LIVESSP.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\LIVESSP.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/07/12 08:45:32 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\Malwarebytes
[2010/07/12 08:45:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/12 08:45:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/12 08:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/12 08:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/12 08:44:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/12 08:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/12 08:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/03 11:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/06/29 21:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/29 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/29 21:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/29 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/29 21:12:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/29 17:14:21 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/18 08:55:48 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\Ableton
[2010/06/18 08:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010/06/17 21:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/17 21:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/09 19:52:57 | 000,000,000 | ---D | C] -- C:\Users\Neil\Desktop\Joe college
[2010/06/09 13:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/06/04 06:42:02 | 000,248,832 | ---- | C] (Infomill Ltd) -- C:\Windows\SysWow64\imgfxtif.dll
[2010/05/23 19:32:17 | 000,000,000 | ---D | C] -- C:\Users\Neil\Documents\Canon Utilities
[2010/05/22 13:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
========== Files - Modified Within 90 Days ==========
[2010/07/12 08:59:14 | 004,456,448 | -HS- | M] () -- C:\Users\Neil\NTUSER.DAT
[2010/07/12 08:47:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 08:47:09 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 08:45:29 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 08:44:04 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/12 08:44:04 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/12 08:44:04 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/12 08:43:51 | 000,001,102 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/12 08:43:43 | 000,000,922 | ---- | M] () -- C:\Users\Neil\Desktop\NTREGOPT.lnk
[2010/07/12 08:43:43 | 000,000,903 | ---- | M] () -- C:\Users\Neil\Desktop\ERUNT.lnk
[2010/07/12 08:41:25 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 08:41:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 08:39:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 08:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 08:39:40 | 504,713,215 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 08:39:06 | 002,618,275 | -H-- | M] () -- C:\Users\Neil\AppData\Local\IconCache.db
[2010/07/09 07:23:26 | 000,132,608 | ---- | M] () -- C:\Users\Neil\Documents\PhotoTrekBooking Neil Callaway Keyhaven.wps
[2010/07/09 07:23:26 | 000,002,226 | ---- | M] () -- C:\Users\Neil\AppData\Roaming\wklnhst.dat
[2010/07/03 11:05:50 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/07/03 11:05:50 | 000,001,846 | ---- | M] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/30 07:07:55 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/29 21:13:41 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/29 17:14:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/06/29 12:30:52 | 000,012,951 | ---- | M] () -- C:\Users\Neil\Documents\Travelodge address.docx
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 21:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 21:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 21:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 21:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 21:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/24 16:42:50 | 000,050,948 | ---- | M] () -- C:\Users\Neil\Documents\crest_transfer_form.pdf
[2010/06/10 15:44:31 | 002,346,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/22 13:25:27 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2010/05/22 13:20:13 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/16 11:21:01 | 006,321,664 | ---- | M] () -- C:\Users\Neil\Documents\Publication1 mum.pub
========== Files Created - No Company Name ==========
[2010/07/12 08:45:29 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 08:43:51 | 000,001,102 | ---- | C] () -- C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/12 08:43:43 | 000,000,922 | ---- | C] () -- C:\Users\Neil\Desktop\NTREGOPT.lnk
[2010/07/12 08:43:43 | 000,000,903 | ---- | C] () -- C:\Users\Neil\Desktop\ERUNT.lnk
[2010/07/07 14:54:48 | 000,132,608 | ---- | C] () -- C:\Users\Neil\Documents\PhotoTrekBooking Neil Callaway Keyhaven.wps
[2010/07/03 11:05:50 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/07/03 11:05:50 | 000,001,846 | ---- | C] () -- C:\Users\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/29 21:13:41 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/29 12:30:51 | 000,012,951 | ---- | C] () -- C:\Users\Neil\Documents\Travelodge address.docx
[2010/06/24 16:42:50 | 000,050,948 | ---- | C] () -- C:\Users\Neil\Documents\crest_transfer_form.pdf
[2010/06/09 13:31:46 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/09 13:31:45 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 13:25:27 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2010/05/22 13:20:13 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2010/04/15 17:28:32 | 006,321,664 | ---- | C] () -- C:\Users\Neil\Documents\Publication1 mum.pub
[2010/02/19 09:44:38 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/12 17:07:35 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2010/02/05 13:57:21 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/05 13:57:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/05 13:57:20 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2010/02/05 13:57:20 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2010/02/05 13:57:20 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2010/02/05 13:57:20 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2010/02/05 13:57:20 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2010/02/05 13:57:20 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2010/02/05 13:57:20 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2010/02/05 13:57:19 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2010/02/05 13:57:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2010/02/05 13:57:19 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2010/02/05 13:57:19 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2010/02/05 13:57:19 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2010/02/05 13:57:19 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2010/02/05 13:57:19 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2010/02/05 13:57:19 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2010/02/05 13:57:19 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009/08/26 06:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/06/18 08:55:48 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Ableton
[2010/07/10 09:55:09 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Azureus
[2010/03/13 14:49:23 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Canon
[2010/02/19 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\NVD
[2010/02/28 12:33:30 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\SoftGrid Client
[2010/02/18 15:13:44 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Template
[2010/02/19 09:45:28 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\TP
[2010/03/05 17:57:54 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Trusteer
[2010/06/01 17:00:17 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/05 22:46:35 | 000,004,340 | RH-- | M] () -- C:\dell.sdr
[2010/07/12 08:39:40 | 504,713,215 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 08:39:42 | 2104,610,815 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >