Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Program that claims that I have broken the law and need to pay a 100


  • This topic is locked This topic is locked

#1
PageNotFound.exe

PageNotFound.exe

    Member

  • Member
  • PipPip
  • 11 posts
Hello, AVG popped up with a notice about a piece of Malware being detected, and promptly restarted my computer (I didn't catch the name of the Malware, I wasnt expecting it to restart the computer). After I had logged in, I was presented with this:

http://dl.dropbox.co...7, 20 15 24.jpg

If you cannot read it, it basically is saying that my computer has been locked due illegal being viewed, and that if I am to re-gain use of my computer, I need to pay a 100 fine.

I am still able to Ctrl-Alt-Del out of it and access Task Manager, but I was unable to see any out of the ordinary processes, and when I shut-down the computer I briefly see my desktop before the Shutting Down screen appears.

I booted up in Safe Mode with no problems, and ran OTL as you specified.

-------------------

OTL logfile created on: 27/12/2011 20:31:34 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Deborah\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 80.95% Memory free
5.99 Gb Paging File | 5.47 Gb Available in Paging File | 91.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.69 Gb Total Space | 293.47 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.03 Gb Free Space | 60.27% Space Free | Partition Type: NTFS

Computer Name: DEBORAH-PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Deborah\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (lxdi_device) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (LtcyCfgSvc) -- C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (LADF_SBVM) -- C:\Windows\System32\drivers\ladfSBVMi386.sys (Logitech)
DRV - (LADF_DHP2) -- C:\Windows\System32\drivers\ladfDHP2i386.sys (Logitech)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (LVUVC) Logitech QuickCam Ultra Vision(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (SiBulk) -- C:\Windows\System32\drivers\EsonicBulk.sys (Silicon Laboratories)
DRV - (TarFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Razer USA Ltd.)
DRV - (whfltr2k) -- C:\Windows\System32\drivers\whfltr2k.sys ()
DRV - (LtcyCfgWDM) -- C:\Windows\System32\drivers\LtcyCfgWDM.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1080718
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar....tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com...id=80150&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....fr=ytff-ybf&p="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ybf"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ybf"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Deborah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/10 08:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/03/25 16:22:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 19:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 08:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/29 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 19:26:21 | 000,000,000 | ---D | M]

[2010/05/03 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions
[2010/05/03 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/05 13:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/23 10:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions
[2010/07/23 06:49:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 08:44:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/31 00:24:41 | 000,000,000 | ---D | M] (CoolChaser Layout Auto Insert) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2011/11/18 17:25:06 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\[email protected]
[2011/12/23 10:00:56 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\[email protected]
[2011/04/01 20:24:04 | 000,002,292 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\inbox-search.xml
[2010/01/31 00:25:00 | 000,001,753 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\search-the-web.xml
[2011/12/23 10:02:53 | 000,001,524 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\swagbuckscom.xml
[2011/11/13 08:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/22 17:26:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/13 08:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 15:12:23 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 15:12:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 15:12:23 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/10/03 15:12:23 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/03 15:12:23 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2010/05/07 20:15:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [WheelMouse] C:\Stinger Mouse Driver\wh_exec.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Deborah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
F3 - HKCU WinNT: Load - (C:\Users\Deborah\AppData\Local\Temp\D4E5D80EA8CCAD4CEFFB.exe) -C:\Users\Deborah\AppData\Local\Temp\D4E5D80EA8CCAD4CEFFB.exe (Movi Ucynetud)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.sefto.../WhlCompMgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{440C48B4-5D11-4CD6-813E-20CBCD4E5072}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E636149E-6F81-4A0D-A30F-D4D15E2C4B1A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1b82a3ae-ff90-11df-9cb4-001ec9679b82}\Shell - "" = AutoRun
O33 - MountPoints2\{1b82a3ae-ff90-11df-9cb4-001ec9679b82}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 20:31:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
[2011/12/27 20:27:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/12/27 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Malwarebytes
[2011/12/23 08:53:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Homework
[2011/12/19 19:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/12/19 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/12/17 20:32:56 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\Adam_Reece
[2011/12/16 17:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UKCS Connect Plugins
[2011/12/12 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\screens
[2011/12/10 14:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\UKCS Connect Plugins
[2011/12/10 14:06:25 | 000,000,000 | ---D | C] -- C:\UKCS_Temp
[2011/12/09 19:16:04 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\phongless
[2011/12/02 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Facade
[2011/12/02 17:59:55 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\redsn0w_win_0.9.6b5
[2011/11/30 18:31:34 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\Sumotori Dreams
[2011/11/30 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Registry Mechanic
[2011/11/29 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\Facebook
[2011/11/29 20:22:38 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Deborah\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2007/06/11 15:14:54 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2007/06/11 15:14:52 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2007/06/11 15:14:50 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2007/05/17 16:06:54 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/05/17 16:05:36 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/05/17 16:00:54 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/05/17 16:00:50 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/05/17 16:00:08 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/05/17 15:58:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/05/17 15:58:38 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/05/17 15:58:12 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/05/17 15:55:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/05/17 15:55:12 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/05/17 15:54:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 20:31:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
[2011/12/27 20:27:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/12/27 20:26:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/27 20:25:53 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 20:24:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/12/27 20:18:51 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 20:18:51 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 18:34:09 | 000,458,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 18:28:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1001UA.job
[2011/12/27 17:28:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/12/27 07:24:00 | 141,583,922 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/26 20:28:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/12/26 19:28:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1001Core.job
[2011/12/26 19:00:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/12/24 14:14:46 | 001,402,226 | ---- | M] () -- C:\Users\Deborah\Desktop\meet_the_christmas.jpg
[2011/12/24 07:23:56 | 000,620,194 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/12/19 19:34:03 | 000,197,206 | ---- | M] () -- C:\Windows\hpoins30.dat
[2011/12/19 19:31:08 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/19 19:31:08 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/19 19:26:07 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 19:25:45 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 19:25:21 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 19:24:54 | 000,002,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/02 18:06:40 | 578,084,840 | ---- | M] () -- C:\Users\Deborah\Desktop\iPad1,1_4.2.1_8C148_Restore.ipsw
[2011/12/01 22:06:42 | 000,608,256 | ---- | M] () -- C:\Users\Deborah\Desktop\blackra1n.exe
[2011/11/29 20:22:42 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Deborah\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/11/29 07:07:42 | 003,584,014 | ---- | M] () -- C:\Users\Deborah\Desktop\MATHS.pdf
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 14:14:45 | 001,402,226 | ---- | C] () -- C:\Users\Deborah\Desktop\meet_the_christmas.jpg
[2011/12/19 19:26:07 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 19:25:45 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 19:25:21 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 19:24:54 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/19 19:22:33 | 000,197,206 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011/12/19 19:22:33 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011/12/02 18:02:44 | 578,084,840 | ---- | C] () -- C:\Users\Deborah\Desktop\iPad1,1_4.2.1_8C148_Restore.ipsw
[2011/12/01 22:09:13 | 005,298,620 | ---- | C] () -- C:\Users\Deborah\Desktop\greenpois0n.exe
[2011/12/01 22:09:13 | 000,002,744 | ---- | C] () -- C:\Users\Deborah\Desktop\README
[2011/12/01 22:06:40 | 000,608,256 | ---- | C] () -- C:\Users\Deborah\Desktop\blackra1n.exe
[2011/11/29 20:23:09 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/11/29 20:23:05 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/11/29 07:07:39 | 003,584,014 | ---- | C] () -- C:\Users\Deborah\Desktop\MATHS.pdf
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/01/03 20:07:57 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/22 00:48:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/10/27 23:19:20 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/10/17 01:23:01 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010/09/29 11:34:38 | 000,075,096 | ---- | C] () -- C:\Windows\System32\LADFCoinst_i386.dll
[2010/08/26 14:58:28 | 000,150,212 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2010/08/26 14:58:28 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2010/06/18 22:15:27 | 000,205,636 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/16 13:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/05/02 13:47:09 | 000,000,562 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/27 10:34:34 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/09 10:36:56 | 000,006,144 | ---- | C] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 10:50:37 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/04 10:10:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/11 00:01:44 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/08 15:21:13 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2009/07/24 15:05:26 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,458,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:13:33 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0002.dll
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 08:07:56 | 001,506,304 | ---- | C] () -- C:\Program Files\Voice Manager.exe
[2009/07/05 21:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/29 14:58:01 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/05/19 16:16:04 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/22 21:52:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/09/22 21:52:32 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/09/22 21:52:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/09/22 21:52:12 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/09/21 20:34:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/18 22:41:45 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/05/22 08:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/03/30 15:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2006/08/01 06:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2005/12/25 23:24:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\LtcyCfgWDM.sys

========== LOP Check ==========

[2011/03/25 21:45:04 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\.minecraft
[2010/03/31 15:40:57 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Armagetron
[2010/06/26 16:27:38 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Audacity
[2011/02/10 09:08:11 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\AVG
[2011/02/10 08:56:39 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\AVG10
[2011/10/26 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\DAEMON Tools Lite
[2010/09/26 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\DAEMON Tools Net
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\dBpoweramp
[2010/02/09 21:35:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Fit3DLive
[2010/03/03 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\GameTracker
[2010/05/03 11:05:58 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\GARMIN
[2010/05/02 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\gtk-2.0
[2011/03/22 21:31:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Gyazo
[2011/10/26 13:40:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Hardcore
[2010/05/18 06:44:42 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\HLSW
[2009/11/21 03:05:43 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\ijjigame
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Lexmark Productivity Studio
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\LG Electronics
[2010/10/23 22:11:46 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\ManyCam
[2010/01/23 18:06:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Nokia
[2010/01/23 18:06:00 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Nokia Ovi Suite
[2011/10/26 14:12:59 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Notepad++
[2011/12/21 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\OnLive App
[2010/01/23 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\PC Suite
[2011/10/26 11:42:41 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Philipp Winterberg
[2009/11/04 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Publish Providers
[2011/04/01 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\RebateInformer
[2010/06/08 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Reg Tool
[2011/11/30 13:07:20 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Registry Mechanic
[2010/01/31 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Screaming Bee
[2009/11/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Sony
[2009/12/21 21:24:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Subversion
[2011/05/25 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\SystemRequirementsLab
[2010/05/03 11:12:10 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Thunderbird
[2009/11/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TomTom
[2009/11/04 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Trusteer
[2010/02/11 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TS3Client
[2011/05/02 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TuneAid
[2010/01/24 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Unity
[2009/12/18 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\X-Chat 2
[2011/12/26 20:28:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/12/27 17:28:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/12/26 19:00:00 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/01/04 19:05:48 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/03/02 15:38:12 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\䍰ɩ
[2011/03/02 15:38:12 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\䍰ɩ

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >

Thanks in advance
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets try this first

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    F3 - HKCU WinNT: Load - (C:\Users\Deborah\AppData\Local\Temp\D4E5D80EA8CCAD4CEFFB.exe) -C:\Users\Deborah\AppData\Local\Temp\D4E5D80EA8CCAD4CEFFB.exe (Movi Ucynetud)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#3
PageNotFound.exe

PageNotFound.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 27/12/2011 21:36:04 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Deborah\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.05% Memory free
5.99 Gb Paging File | 5.40 Gb Available in Paging File | 90.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.69 Gb Total Space | 299.97 Gb Free Space | 65.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.03 Gb Free Space | 60.27% Space Free | Partition Type: NTFS

Computer Name: DEBORAH-PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 20:31:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
PRC - [2011/11/13 08:42:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/29 20:38:28 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/13 08:42:46 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/26 01:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/05/20 02:00:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/09 04:53:33 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/07 14:31:40 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/18 14:08:02 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 15:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007/06/11 14:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2005/12/25 23:24:00 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe -- (LtcyCfgSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/15 16:44:24 | 000,228,208 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/02 17:54:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/29 11:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfSBVMi386.sys -- (LADF_SBVM)
DRV - [2010/09/29 11:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ladfDHP2i386.sys -- (LADF_DHP2)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/26 03:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/26 03:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 01:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/08/03 15:24:18 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:24:16 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:24:12 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/26 00:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/11/18 17:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/10/07 08:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2009/10/07 08:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 08:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/24 15:05:26 | 002,074,464 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 22:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/08/28 23:53:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/08/28 23:53:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/01/21 09:22:08 | 000,104,960 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2007/07/30 01:28:46 | 000,015,744 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsonicBulk.sys -- (SiBulk)
DRV - [2007/04/11 16:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2007/01/26 01:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2005/12/25 23:24:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LtcyCfgWDM.sys -- (LtcyCfgWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1080718
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar....tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com...id=80150&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....fr=ytff-ybf&p="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ybf"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ybf"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Deborah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/10 08:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/03/25 16:22:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 19:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 08:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/29 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 19:26:21 | 000,000,000 | ---D | M]

[2010/05/03 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions
[2010/05/03 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/05 13:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/23 10:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions
[2010/07/23 06:49:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 08:44:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/31 00:24:41 | 000,000,000 | ---D | M] (CoolChaser Layout Auto Insert) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2011/11/18 17:25:06 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\[email protected]
[2011/12/23 10:00:56 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\[email protected]
[2011/04/01 20:24:04 | 000,002,292 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\inbox-search.xml
[2010/01/31 00:25:00 | 000,001,753 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\search-the-web.xml
[2011/12/23 10:02:53 | 000,001,524 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\swagbuckscom.xml
[2011/11/13 08:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/22 17:26:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/13 08:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 15:12:23 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 15:12:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 15:12:23 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/10/03 15:12:23 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/03 15:12:23 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/27 21:21:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [WheelMouse] C:\Stinger Mouse Driver\wh_exec.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Deborah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.sefto.../WhlCompMgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{440C48B4-5D11-4CD6-813E-20CBCD4E5072}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E636149E-6F81-4A0D-A30F-D4D15E2C4B1A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1b82a3ae-ff90-11df-9cb4-001ec9679b82}\Shell - "" = AutoRun
O33 - MountPoints2\{1b82a3ae-ff90-11df-9cb4-001ec9679b82}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 20:31:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
[2011/12/27 20:27:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/12/27 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Malwarebytes
[2011/12/23 08:53:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Homework
[2011/12/19 19:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/12/19 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/12/17 20:32:56 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\Adam_Reece
[2011/12/16 17:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UKCS Connect Plugins
[2011/12/12 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\screens
[2011/12/10 14:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\UKCS Connect Plugins
[2011/12/10 14:06:25 | 000,000,000 | ---D | C] -- C:\UKCS_Temp
[2011/12/09 19:16:04 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\phongless
[2011/12/02 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Facade
[2011/12/02 17:59:55 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\redsn0w_win_0.9.6b5
[2011/11/30 18:31:34 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\Sumotori Dreams
[2011/11/30 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Registry Mechanic
[2011/11/29 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\Facebook
[2011/11/29 20:22:38 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Deborah\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2007/06/11 15:14:54 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2007/06/11 15:14:52 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2007/06/11 15:14:50 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2007/05/17 16:06:54 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/05/17 16:05:36 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/05/17 16:00:54 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/05/17 16:00:50 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/05/17 16:00:08 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/05/17 15:58:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/05/17 15:58:38 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/05/17 15:58:12 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/05/17 15:55:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/05/17 15:55:12 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/05/17 15:54:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 21:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/27 21:28:50 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 21:27:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/12/27 21:21:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/27 20:31:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
[2011/12/27 20:27:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/12/27 20:18:51 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 20:18:51 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 18:34:09 | 000,458,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 18:28:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1001UA.job
[2011/12/27 17:28:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/12/27 07:24:00 | 141,583,922 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/26 20:28:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/12/26 19:28:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1001Core.job
[2011/12/26 19:00:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/12/24 14:14:46 | 001,402,226 | ---- | M] () -- C:\Users\Deborah\Desktop\meet_the_christmas.jpg
[2011/12/24 07:23:56 | 000,620,194 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/12/19 19:34:03 | 000,197,206 | ---- | M] () -- C:\Windows\hpoins30.dat
[2011/12/19 19:31:08 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/19 19:31:08 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/19 19:26:07 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 19:25:45 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 19:25:21 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 19:24:54 | 000,002,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/02 18:06:40 | 578,084,840 | ---- | M] () -- C:\Users\Deborah\Desktop\iPad1,1_4.2.1_8C148_Restore.ipsw
[2011/12/01 22:06:42 | 000,608,256 | ---- | M] () -- C:\Users\Deborah\Desktop\blackra1n.exe
[2011/11/29 20:22:42 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Deborah\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/11/29 07:07:42 | 003,584,014 | ---- | M] () -- C:\Users\Deborah\Desktop\MATHS.pdf
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 14:14:45 | 001,402,226 | ---- | C] () -- C:\Users\Deborah\Desktop\meet_the_christmas.jpg
[2011/12/19 19:26:07 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 19:25:45 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 19:25:21 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 19:24:54 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/19 19:22:33 | 000,197,206 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011/12/19 19:22:33 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011/12/02 18:02:44 | 578,084,840 | ---- | C] () -- C:\Users\Deborah\Desktop\iPad1,1_4.2.1_8C148_Restore.ipsw
[2011/12/01 22:09:13 | 005,298,620 | ---- | C] () -- C:\Users\Deborah\Desktop\greenpois0n.exe
[2011/12/01 22:09:13 | 000,002,744 | ---- | C] () -- C:\Users\Deborah\Desktop\README
[2011/12/01 22:06:40 | 000,608,256 | ---- | C] () -- C:\Users\Deborah\Desktop\blackra1n.exe
[2011/11/29 20:23:09 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/11/29 20:23:05 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/11/29 07:07:39 | 003,584,014 | ---- | C] () -- C:\Users\Deborah\Desktop\MATHS.pdf
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/01/03 20:07:57 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/22 00:48:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/10/27 23:19:20 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/10/17 01:23:01 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010/09/29 11:34:38 | 000,075,096 | ---- | C] () -- C:\Windows\System32\LADFCoinst_i386.dll
[2010/08/26 14:58:28 | 000,150,212 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2010/08/26 14:58:28 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2010/06/18 22:15:27 | 000,205,636 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/16 13:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/05/02 13:47:09 | 000,000,562 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/27 10:34:34 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/09 10:36:56 | 000,006,144 | ---- | C] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 10:50:37 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/04 10:10:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/11 00:01:44 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/08 15:21:13 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2009/07/24 15:05:26 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,458,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:13:33 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0002.dll
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 08:07:56 | 001,506,304 | ---- | C] () -- C:\Program Files\Voice Manager.exe
[2009/07/05 21:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/29 14:58:01 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/05/19 16:16:04 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/22 21:52:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/09/22 21:52:32 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/09/22 21:52:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/09/22 21:52:12 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/09/21 20:34:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/18 22:41:45 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/05/22 08:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/03/30 15:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2006/08/01 06:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2005/12/25 23:24:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\LtcyCfgWDM.sys

========== LOP Check ==========

[2011/03/25 21:45:04 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\.minecraft
[2010/03/31 15:40:57 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Armagetron
[2010/06/26 16:27:38 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Audacity
[2011/02/10 09:08:11 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\AVG
[2011/02/10 08:56:39 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\AVG10
[2011/10/26 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\DAEMON Tools Lite
[2010/09/26 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\DAEMON Tools Net
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\dBpoweramp
[2010/02/09 21:35:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Fit3DLive
[2010/03/03 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\GameTracker
[2010/05/03 11:05:58 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\GARMIN
[2010/05/02 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\gtk-2.0
[2011/03/22 21:31:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Gyazo
[2011/10/26 13:40:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Hardcore
[2010/05/18 06:44:42 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\HLSW
[2009/11/21 03:05:43 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\ijjigame
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Lexmark Productivity Studio
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\LG Electronics
[2010/10/23 22:11:46 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\ManyCam
[2010/01/23 18:06:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Nokia
[2010/01/23 18:06:00 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Nokia Ovi Suite
[2011/10/26 14:12:59 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Notepad++
[2011/12/21 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\OnLive App
[2010/01/23 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\PC Suite
[2011/10/26 11:42:41 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Philipp Winterberg
[2009/11/04 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Publish Providers
[2011/04/01 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\RebateInformer
[2010/06/08 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Reg Tool
[2011/11/30 13:07:20 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Registry Mechanic
[2010/01/31 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Screaming Bee
[2009/11/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Sony
[2009/12/21 21:24:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Subversion
[2011/05/25 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\SystemRequirementsLab
[2010/05/03 11:12:10 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Thunderbird
[2009/11/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TomTom
[2009/11/04 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Trusteer
[2010/02/11 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TS3Client
[2011/05/02 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TuneAid
[2010/01/24 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Unity
[2009/12/18 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\X-Chat 2
[2011/12/26 20:28:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/12/27 17:28:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/12/26 19:00:00 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/01/04 19:05:48 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/03/02 15:38:12 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\䍰ɩ
[2011/03/02 15:38:12 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\䍰ɩ

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >


--------



aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-27 21:39:13
-----------------------------
21:39:13.806 OS Version: Windows 6.1.7600
21:39:13.806 Number of processors: 2 586 0xF0B
21:39:13.807 ComputerName: DEBORAH-PC UserName: Deborah
21:39:14.907 Initialize success
21:39:54.016 AVAST engine defs: 11122702
21:40:02.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:40:02.221 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
21:40:04.237 Disk 0 MBR read successfully
21:40:04.240 Disk 0 MBR scan
21:40:04.245 Disk 0 Windows 7 default MBR code
21:40:04.249 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
21:40:04.267 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 145408
21:40:04.280 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466628 MB offset 21116928
21:40:04.286 Disk 0 scanning sectors +976771072
21:40:04.368 Disk 0 scanning C:\Windows\system32\drivers
21:40:16.135 Service scanning
21:40:17.336 Modules scanning
21:40:24.880 Disk 0 trace - called modules:
21:40:24.894 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:40:24.894 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b497c8]
21:40:24.894 3 CLASSPNP.SYS[8b30859e] -> nt!IofCallDriver -> [0x85a32860]
21:40:24.894 5 ACPI.sys[8ab623b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85a47908]
21:40:25.948 AVAST engine scan C:\Windows
21:40:28.098 AVAST engine scan C:\Windows\system32
21:42:03.377 AVAST engine scan C:\Windows\system32\drivers
21:42:12.493 AVAST engine scan C:\Users\Deborah
21:50:40.422 AVAST engine scan C:\ProgramData
21:52:35.504 Scan finished successfully
21:56:32.189 Disk 0 MBR has been saved successfully to "C:\Users\Deborah\Desktop\MBR.dat"
21:56:32.195 The log file has been saved successfully to "C:\Users\Deborah\Desktop\aswMBR.txt"


--------


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122704

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

27/12/2011 22:04:42
mbam-log-2011-12-27 (22-04-42).txt

Scan type: Quick scan
Objects scanned: 187189
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you now able to access your desktop ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 8118
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 8118

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
PageNotFound.exe

PageNotFound.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 27/12/2011 22:39:51 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Deborah\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.29% Memory free
5.99 Gb Paging File | 4.83 Gb Available in Paging File | 80.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.69 Gb Total Space | 300.07 Gb Free Space | 65.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.03 Gb Free Space | 60.27% Space Free | Partition Type: NTFS

Computer Name: DEBORAH-PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 20:31:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
PRC - [2011/11/13 08:42:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/07/16 04:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 09:45:10 | 000,764,232 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/10/05 09:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files\Logitech\G35\G35.exe
PRC - [2010/08/26 01:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/26 01:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 07:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/04/09 04:53:33 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2009/12/09 08:56:08 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/07 14:31:40 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/28 15:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/11/10 21:08:34 | 000,098,304 | ---- | M] () -- C:\Stinger Mouse Driver\wh_exec.exe
PRC - [2007/06/11 14:14:52 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/05/11 13:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2005/12/25 23:24:00 | 000,005,120 | ---- | M] () -- C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/29 20:38:28 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/13 08:42:46 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/14 02:27:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 02:27:14 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 02:27:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/12/01 01:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/12/01 01:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/12/01 01:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2007/11/10 21:08:36 | 000,036,864 | ---- | M] () -- C:\Stinger Mouse Driver\wh_hook.dll
MOD - [2007/11/10 21:08:34 | 000,098,304 | ---- | M] () -- C:\Stinger Mouse Driver\wh_exec.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/26 01:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/05/20 02:00:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/09 04:53:33 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/07 14:31:40 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/18 14:08:02 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 15:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007/06/11 14:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2005/12/25 23:24:00 | 000,005,120 | ---- | M] () [Auto | Running] -- C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe -- (LtcyCfgSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/15 16:44:24 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/02 17:54:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/29 11:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ladfSBVMi386.sys -- (LADF_SBVM)
DRV - [2010/09/29 11:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ladfDHP2i386.sys -- (LADF_DHP2)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/26 03:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/26 03:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 01:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/08/03 15:24:18 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:24:16 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:24:12 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/26 00:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/11/18 17:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/10/07 08:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2009/10/07 08:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 08:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/24 15:05:26 | 002,074,464 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 22:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/08/28 23:53:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/08/28 23:53:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/01/21 09:22:08 | 000,104,960 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2007/07/30 01:28:46 | 000,015,744 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsonicBulk.sys -- (SiBulk)
DRV - [2007/04/11 16:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2007/01/26 01:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2005/12/25 23:24:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LtcyCfgWDM.sys -- (LtcyCfgWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1080718
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar....tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com...id=80150&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....fr=ytff-ybf&p="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ybf"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ybf"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Deborah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/10 08:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/03/25 16:22:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 19:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 08:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/29 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 19:26:21 | 000,000,000 | ---D | M]

[2010/05/03 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions
[2010/05/03 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/05 13:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/23 10:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions
[2010/07/23 06:49:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 08:44:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/31 00:24:41 | 000,000,000 | ---D | M] (CoolChaser Layout Auto Insert) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
[2011/11/18 17:25:06 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\[email protected]
[2011/12/23 10:00:56 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\extensions\[email protected]
[2011/04/01 20:24:04 | 000,002,292 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\inbox-search.xml
[2010/01/31 00:25:00 | 000,001,753 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\search-the-web.xml
[2011/12/23 10:02:53 | 000,001,524 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\lcbkhoyn.default\searchplugins\swagbuckscom.xml
[2011/11/13 08:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/22 17:26:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/13 08:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 15:12:23 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 15:12:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 15:12:23 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/10/03 15:12:23 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/03 15:12:23 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/27 22:35:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [WheelMouse] C:\Stinger Mouse Driver\wh_exec.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Deborah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.sefto.../WhlCompMgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{440C48B4-5D11-4CD6-813E-20CBCD4E5072}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E636149E-6F81-4A0D-A30F-D4D15E2C4B1A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1b82a3ae-ff90-11df-9cb4-001ec9679b82}\Shell - "" = AutoRun
O33 - MountPoints2\{1b82a3ae-ff90-11df-9cb4-001ec9679b82}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 21:57:14 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Deborah\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/27 21:39:11 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Deborah\Desktop\aswMBR.exe
[2011/12/27 20:31:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
[2011/12/27 20:27:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/12/27 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Malwarebytes
[2011/12/23 08:53:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Homework
[2011/12/19 19:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/12/19 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/12/17 20:32:56 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\Adam_Reece
[2011/12/16 17:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UKCS Connect Plugins
[2011/12/12 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\screens
[2011/12/10 14:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\UKCS Connect Plugins
[2011/12/10 14:06:25 | 000,000,000 | ---D | C] -- C:\UKCS_Temp
[2011/12/09 19:16:04 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\phongless
[2011/12/02 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Facade
[2011/12/02 17:59:55 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\redsn0w_win_0.9.6b5
[2011/11/30 18:31:34 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\Sumotori Dreams
[2011/11/30 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Registry Mechanic
[2011/11/29 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\Facebook
[2011/11/29 20:22:38 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Deborah\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2007/06/11 15:14:54 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2007/06/11 15:14:52 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2007/06/11 15:14:50 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2007/05/17 16:06:54 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/05/17 16:05:36 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/05/17 16:00:54 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/05/17 16:00:50 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/05/17 16:00:08 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/05/17 15:58:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/05/17 15:58:38 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/05/17 15:58:12 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/05/17 15:55:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/05/17 15:55:12 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/05/17 15:54:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 22:44:04 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 22:44:04 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/27 22:36:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/27 22:36:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/12/27 22:35:53 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 22:35:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/27 21:57:33 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Deborah\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/27 21:56:32 | 000,000,512 | ---- | M] () -- C:\Users\Deborah\Desktop\MBR.dat
[2011/12/27 21:39:11 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Deborah\Desktop\aswMBR.exe
[2011/12/27 20:31:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.scr
[2011/12/27 20:27:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/12/27 18:34:09 | 000,458,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 18:28:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1001UA.job
[2011/12/27 17:28:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/12/27 07:24:00 | 141,583,922 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/26 20:28:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/12/26 19:28:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1001Core.job
[2011/12/26 19:00:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/12/24 14:14:46 | 001,402,226 | ---- | M] () -- C:\Users\Deborah\Desktop\meet_the_christmas.jpg
[2011/12/24 07:23:56 | 000,620,194 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/12/19 19:34:03 | 000,197,206 | ---- | M] () -- C:\Windows\hpoins30.dat
[2011/12/19 19:31:08 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/19 19:31:08 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/19 19:26:07 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 19:25:45 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 19:25:21 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 19:24:54 | 000,002,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/02 18:06:40 | 578,084,840 | ---- | M] () -- C:\Users\Deborah\Desktop\iPad1,1_4.2.1_8C148_Restore.ipsw
[2011/12/01 22:06:42 | 000,608,256 | ---- | M] () -- C:\Users\Deborah\Desktop\blackra1n.exe
[2011/11/29 20:22:42 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Deborah\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/11/29 07:07:42 | 003,584,014 | ---- | M] () -- C:\Users\Deborah\Desktop\MATHS.pdf
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/27 21:56:32 | 000,000,512 | ---- | C] () -- C:\Users\Deborah\Desktop\MBR.dat
[2011/12/24 14:14:45 | 001,402,226 | ---- | C] () -- C:\Users\Deborah\Desktop\meet_the_christmas.jpg
[2011/12/19 19:26:07 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 19:25:45 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 19:25:21 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 19:24:54 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/19 19:22:33 | 000,197,206 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011/12/19 19:22:33 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011/12/02 18:02:44 | 578,084,840 | ---- | C] () -- C:\Users\Deborah\Desktop\iPad1,1_4.2.1_8C148_Restore.ipsw
[2011/12/01 22:09:13 | 005,298,620 | ---- | C] () -- C:\Users\Deborah\Desktop\greenpois0n.exe
[2011/12/01 22:09:13 | 000,002,744 | ---- | C] () -- C:\Users\Deborah\Desktop\README
[2011/12/01 22:06:40 | 000,608,256 | ---- | C] () -- C:\Users\Deborah\Desktop\blackra1n.exe
[2011/11/29 20:23:09 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/11/29 20:23:05 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/11/29 07:07:39 | 003,584,014 | ---- | C] () -- C:\Users\Deborah\Desktop\MATHS.pdf
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/01/03 20:07:57 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/22 00:48:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/10/27 23:19:20 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/10/17 01:23:01 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010/09/29 11:34:38 | 000,075,096 | ---- | C] () -- C:\Windows\System32\LADFCoinst_i386.dll
[2010/08/26 14:58:28 | 000,150,212 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2010/08/26 14:58:28 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2010/06/18 22:15:27 | 000,205,636 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/16 13:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/05/02 13:47:09 | 000,000,562 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/27 10:34:34 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/09 10:36:56 | 000,006,144 | ---- | C] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 10:50:37 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/04 10:10:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/11 00:01:44 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/08 15:21:13 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2009/07/24 15:05:26 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,458,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:13:33 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0002.dll
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 08:07:56 | 001,506,304 | ---- | C] () -- C:\Program Files\Voice Manager.exe
[2009/07/05 21:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/29 14:58:01 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/05/19 16:16:04 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/22 21:52:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/09/22 21:52:32 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/09/22 21:52:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/09/22 21:52:12 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/09/21 20:34:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/18 22:41:45 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/05/22 08:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/03/30 15:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2006/08/01 06:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2005/12/25 23:24:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\LtcyCfgWDM.sys

========== LOP Check ==========

[2011/03/25 21:45:04 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\.minecraft
[2010/03/31 15:40:57 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Armagetron
[2010/06/26 16:27:38 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Audacity
[2011/02/10 09:08:11 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\AVG
[2011/02/10 08:56:39 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\AVG10
[2011/10/26 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\DAEMON Tools Lite
[2010/09/26 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\DAEMON Tools Net
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\dBpoweramp
[2010/02/09 21:35:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Fit3DLive
[2010/03/03 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\GameTracker
[2010/05/03 11:05:58 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\GARMIN
[2010/05/02 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\gtk-2.0
[2011/03/22 21:31:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Gyazo
[2011/10/26 13:40:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Hardcore
[2010/05/18 06:44:42 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\HLSW
[2009/11/21 03:05:43 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\ijjigame
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Lexmark Productivity Studio
[2009/11/04 10:39:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\LG Electronics
[2010/10/23 22:11:46 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\ManyCam
[2010/01/23 18:06:53 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Nokia
[2010/01/23 18:06:00 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Nokia Ovi Suite
[2011/10/26 14:12:59 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Notepad++
[2011/12/21 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\OnLive App
[2010/01/23 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\PC Suite
[2011/10/26 11:42:41 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Philipp Winterberg
[2009/11/04 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Publish Providers
[2011/04/01 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\RebateInformer
[2010/06/08 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Reg Tool
[2011/11/30 13:07:20 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Registry Mechanic
[2010/01/31 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Screaming Bee
[2009/11/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Sony
[2009/12/21 21:24:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Subversion
[2011/05/25 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\SystemRequirementsLab
[2010/05/03 11:12:10 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Thunderbird
[2009/11/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TomTom
[2009/11/04 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Trusteer
[2010/02/11 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TS3Client
[2011/05/02 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\TuneAid
[2010/01/24 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Unity
[2009/12/18 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\X-Chat 2
[2011/12/26 20:28:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000Core.job
[2011/12/27 17:28:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3544165439-1176164352-1535213105-1000UA.job
[2011/12/26 19:00:00 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/01/04 19:05:48 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/03/02 15:38:12 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\䍰ɩ
[2011/03/02 15:38:12 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\䍰ɩ

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >



Yes, I can now access my desktop.
Could you explain exactly what kind of Malware this is, and how it works? (Unless you were planning to anyway :v )
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is just a scam - and a very poor execution of a ransomware programme. The idea is for you to send them some money and then they just take it and run

One final check now for orphans I feel

On completion of this can you let me know of any outstanding problems, before I remove my rubbish :)

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP