Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random Program opens and closes in time frame of one second. [Closed]


  • This topic is locked This topic is locked

#1
sinfieldl

sinfieldl

    Member

  • Member
  • PipPip
  • 13 posts
Hello, I am running Windows 7 and for the last 4 days a unknown random programs opens and closes for about 1 second every 2-3 minutes. I have run virus scans and Windows Cleanup!.
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, sinfieldl! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for sinfieldl only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


First, we will start off with some scans:


Step 1

Posted Image Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL.txt
  • Extras.txt
  • aswMBR.txt

  • 0

#3
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey thanks for your reply! Have had alittle trouble and sadly couldn't complete the OTL scan. The reason being an error came up stating 'Cannot create file c:\User\Lewis\Downloads\cmd.bat
  • 0

#4
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Run OTL with this script instead:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT

  • 0

#5
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here are the logs :)

OTL -

OTL logfile created on: 4/10/2012 12:55:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lewis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.18% Memory free
5.99 Gb Paging File | 4.24 Gb Available in Paging File | 70.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 218.05 Gb Free Space | 76.94% Space Free | Partition Type: NTFS

Computer Name: LEWIS-PC | User Name: Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 12:54:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lewis\Downloads\OTL(2).exe
PRC - [2012/04/04 17:06:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/03 19:11:35 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
PRC - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lewis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/27 13:29:07 | 000,246,112 | ---- | M] () -- C:\ProgramData\OnlineUpdate\ouc.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

Extra -

OTL Extras logfile created on: 4/10/2012 12:55:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lewis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.18% Memory free
5.99 Gb Paging File | 4.24 Gb Available in Paging File | 70.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 218.05 Gb Free Space | 76.94% Space Free | Partition Type: NTFS

Computer Name: LEWIS-PC | User Name: Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}" = Windows 7 Logon Background Changer
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CleanUp!" = CleanUp!
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Dell Dock" = Dell Dock
"Game Maker 7.0" = Game Maker 7.0
"Inform 7" = Inform 7
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"Logitech Vid" = Logitech Vid HD
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"MTN [email protected]" = MTN Online
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Rapport_msi" = Rapport
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-702fdb76-0bae-4ceb-95c3-259d8f87fadf" = Cinema Tycoon

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2012 4:31:59 AM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/6/2012 9:56:58 AM | Computer Name = Lewis-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4fc Start
Time: 01cd13fd043aec7d Termination Time: 13 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 4/7/2012 3:27:02 AM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/7/2012 3:27:02 AM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/7/2012 7:30:03 AM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/7/2012 7:30:03 AM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/7/2012 6:33:27 PM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/7/2012 6:33:27 PM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/8/2012 9:00:44 AM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/8/2012 9:00:44 AM | Computer Name = Lewis-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ Broadcom Wireless LAN Events ]
Error - 4/3/2012 11:19:03 AM | Computer Name = Lewis-PC | Source = WLAN-Tray | ID = 0
Description = 16:19:03, Tue, Apr 03, 12 Error - Adaptername ID is not available within
the policy manager

[ Dell Events ]
Error - 7/21/2011 2:30:11 PM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/10/2011 9:06:49 AM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/10/2011 9:06:49 AM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/25/2011 5:12:57 PM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/25/2011 5:12:57 PM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/28/2011 8:06:31 AM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/28/2011 8:06:31 AM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/15/2011 5:13:51 PM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/15/2011 5:13:51 PM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/28/2011 6:13:22 PM | Computer Name = Lewis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 2/23/2012 2:22:02 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 08:21:55 - Error connecting to the internet. 08:21:55 - Unable
to contact server..

Error - 2/25/2012 1:50:54 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 07:50:54 - Error connecting to the internet. 07:50:54 - Unable
to contact server..

Error - 2/25/2012 1:51:04 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 07:50:59 - Error connecting to the internet. 07:50:59 - Unable
to contact server..

Error - 3/4/2012 5:57:58 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 11:57:58 - Error connecting to the internet. 11:57:58 - Unable
to contact server..

Error - 3/4/2012 5:58:08 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 11:58:03 - Error connecting to the internet. 11:58:03 - Unable
to contact server..

Error - 3/5/2012 5:23:03 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 11:23:03 - Error connecting to the internet. 11:23:03 - Unable
to contact server..

Error - 3/5/2012 5:23:13 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 11:23:08 - Error connecting to the internet. 11:23:08 - Unable
to contact server..

Error - 3/14/2012 2:43:44 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 08:43:44 - Error connecting to the internet. 08:43:44 - Unable
to contact server..

Error - 3/14/2012 2:44:05 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 08:43:49 - Error connecting to the internet. 08:43:49 - Unable
to contact server..

Error - 3/20/2012 2:43:47 AM | Computer Name = Lewis-PC | Source = MCUpdate | ID = 0
Description = 08:43:39 - Error connecting to the internet. 08:43:39 - Unable
to contact server..

[ System Events ]
Error - 4/9/2012 6:15:31 PM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MTN
Online. OUC service to connect.

Error - 4/9/2012 6:15:31 PM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7000
Description = The MTN Online. OUC service failed to start due to the following error:
%%1053

Error - 4/10/2012 5:11:51 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MTN
Online. OUC service to connect.

Error - 4/10/2012 5:11:51 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7000
Description = The MTN Online. OUC service failed to start due to the following error:
%%1053

Error - 4/10/2012 5:59:34 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MTN
Online. OUC service to connect.

Error - 4/10/2012 5:59:34 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7000
Description = The MTN Online. OUC service failed to start due to the following error:
%%1053

Error - 4/10/2012 7:37:55 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MTN
Online. OUC service to connect.

Error - 4/10/2012 7:37:55 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7000
Description = The MTN Online. OUC service failed to start due to the following error:
%%1053

Error - 4/10/2012 7:39:29 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 4/10/2012 7:39:59 AM | Computer Name = Lewis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >

aswMBR.txt -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 13:15:35
-----------------------------
13:15:35.171 OS Version: Windows x64 6.1.7601 Service Pack 1
13:15:35.171 Number of processors: 2 586 0x170A
13:15:35.172 ComputerName: LEWIS-PC UserName: Lewis
13:15:36.556 Initialize success
13:15:36.951 AVAST engine defs: 12041001
13:15:49.884 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:15:49.887 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
13:15:49.903 Disk 0 MBR read successfully
13:15:49.905 Disk 0 MBR scan
13:15:49.909 Disk 0 Windows VISTA default MBR code
13:15:49.912 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:15:49.929 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
13:15:49.946 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
13:15:49.966 Disk 0 scanning C:\Windows\system32\drivers
13:16:02.141 Service scanning
13:16:30.992 Modules scanning
13:16:31.004 Disk 0 trace - called modules:
13:16:31.061 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:16:31.419 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800324f060]
13:16:31.435 3 CLASSPNP.SYS[fffff88001dc643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002f1c050]
13:16:33.157 AVAST engine scan C:\Windows
13:16:36.601 AVAST engine scan C:\Windows\system32
13:19:07.582 AVAST engine scan C:\Windows\system32\drivers
13:19:19.680 AVAST engine scan C:\Users\Lewis
13:22:05.783 AVAST engine scan C:\ProgramData
13:26:17.650 Scan finished successfully
13:28:27.796 Disk 0 MBR has been saved successfully to "C:\Users\Lewis\Desktop\MBR.dat"
13:28:27.804 The log file has been saved successfully to "C:\Users\Lewis\Desktop\aswMBR.txt"
  • 0

#6
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Please post all of the OTL log as it is incomplete.
If that was all that was in the OTL.txt file then run OTL with the script again and post the resulting log.
  • 0

#7
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 4/10/2012 12:55:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lewis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.18% Memory free
5.99 Gb Paging File | 4.24 Gb Available in Paging File | 70.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 218.05 Gb Free Space | 76.94% Space Free | Partition Type: NTFS

Computer Name: LEWIS-PC | User Name: Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 12:54:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lewis\Downloads\OTL(2).exe
PRC - [2012/04/04 17:06:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/03 19:11:35 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
PRC - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lewis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/27 13:29:07 | 000,246,112 | ---- | M] () -- C:\ProgramData\OnlineUpdate\ouc.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/04 17:06:03 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/03 18:35:45 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/02/16 08:40:24 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/15 12:50:38 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 12:49:57 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 12:49:39 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 12:49:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 12:49:26 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 12:49:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 12:49:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 12:49:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 12:48:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 19:11:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/04/30 20:46:08 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 19:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/25 11:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)
SRV - [2012/04/03 19:11:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/27 13:29:07 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\MTN Online\UpdateDog\ouc.exe -- (MTN Online. RunOuc)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/03/14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/22 19:41:12 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/11 12:48:52 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/03/07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/01/27 13:29:16 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/01/27 13:29:15 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/01/27 13:29:15 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/01/27 13:29:15 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/27 13:29:14 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/15 06:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/25 19:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam for Notebooks Deluxe(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 12:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/03/11 12:48:52 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/03/11 12:48:52 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/15 21:15:21 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/05/16 23:10:03 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24[1].gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{B18E500C-2663-4D4E-B7CE-61CFB92C7CD7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3E9AD9E2-20EF-47CE-AA52-7E7EEBD57A11}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\..\SearchScopes,DefaultScope = {E5AE0FAE-0BD1-4C0E-B87B-C8D0BB99AB55}
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\..\SearchScopes\{E5AE0FAE-0BD1-4C0E-B87B-C8D0BB99AB55}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..keyword.URL: "http://www.google.co...nt&hl=en-GB&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 15:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/05 08:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/29 18:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewis\AppData\Roaming\Mozilla\Extensions
[2012/02/10 16:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\uy8tfmav.default\extensions
[2011/06/10 20:01:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\uy8tfmav.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/01 13:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/09 17:46:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/19 15:54:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\LEWIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UY8TFMAV.DEFAULT\EXTENSIONS\[email protected]
[2012/04/04 17:06:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 19:02:40 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 19:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 19:02:40 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 19:02:40 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 19:02:40 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Gmail = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Jolette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DE43533-B76F-4C83-864F-7D88E8E1A02B}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{643427AD-64D2-4657-B65F-A7624025B5D7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71C3509D-6425-4F1A-B0C2-EA8C77BBDD42}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2E4A1C-2F3F-49AF-98A0-9CB501845517}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8D406BF-0672-4BBB-A39D-B651AD30E1C1}: NameServer = 209.212.96.1 209.212.97.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0bd65c9a-48e2-11e1-b347-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{0bd65c9a-48e2-11e1-b347-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{18502c38-172d-11e1-b7e4-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{18502c38-172d-11e1-b7e4-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e6704c4-15a9-11e1-bd7e-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{4e6704c4-15a9-11e1-bd7e-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4fb4861f-15dd-11e1-9ea6-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{4fb4861f-15dd-11e1-9ea6-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{56769f83-12c7-11e1-b5d1-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{56769f83-12c7-11e1-b5d1-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{56769f91-12c7-11e1-b5d1-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{56769f91-12c7-11e1-b5d1-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5e49b9ad-1675-11e1-b8ed-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{5e49b9ad-1675-11e1-b8ed-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5e49b9bc-1675-11e1-b8ed-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{5e49b9bc-1675-11e1-b8ed-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c2ef0d8-53bf-11e1-a598-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{6c2ef0d8-53bf-11e1-a598-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{79a2e8df-0e9c-11e1-b77d-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{79a2e8df-0e9c-11e1-b77d-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{82817190-15a2-11e1-9c37-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{82817190-15a2-11e1-9c37-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{828171aa-15a2-11e1-9c37-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{828171aa-15a2-11e1-9c37-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9221ecf0-0e21-11e1-b65a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{9221ecf0-0e21-11e1-b65a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9221ed0e-0e21-11e1-b65a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{9221ed0e-0e21-11e1-b65a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9221eda9-0e21-11e1-b65a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{9221eda9-0e21-11e1-b65a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a613b30f-140e-11e1-b193-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{a613b30f-140e-11e1-b193-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a613b33f-140e-11e1-b193-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{a613b33f-140e-11e1-b193-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a613b34b-140e-11e1-b193-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{a613b34b-140e-11e1-b193-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{aae525b2-141e-11e1-95c0-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{aae525b2-141e-11e1-95c0-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9262010-166c-11e1-b415-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{b9262010-166c-11e1-b415-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b926201e-166c-11e1-b415-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{b926201e-166c-11e1-b415-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9262028-166c-11e1-b415-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{b9262028-166c-11e1-b415-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf5d2382-57c9-11e1-b878-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{cf5d2382-57c9-11e1-b878-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf69461c-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf69461c-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf69462a-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf69462a-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf694635-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf694635-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf694672-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf694672-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf69467f-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf69467f-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf6946bf-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6946bf-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf6946ca-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6946ca-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf6946d8-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6946d8-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d25461ac-75b1-11e1-b5c1-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{d25461ac-75b1-11e1-b5c1-001e101f7fb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012/04/08 23:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012/04/08 23:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp!
[2012/04/06 15:12:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/04/04 12:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/04/03 18:35:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/03 16:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineUpdate
[2012/04/03 16:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\log
[2012/03/29 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\Lewis\AppData\Roaming\Media Player Classic
[2012/03/19 15:54:45 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 13:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/10 12:45:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 12:45:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 12:45:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 12:42:30 | 004,061,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/10 12:42:30 | 001,853,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/10 12:42:30 | 000,005,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/10 12:39:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 12:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/10 12:37:18 | 2413,056,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 22:33:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/07 08:20:24 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/03 16:17:12 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/03 16:17:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/29 10:11:04 | 000,020,903 | ---- | M] () -- C:\Users\Lewis\Desktop\Lesson 26 - Key Points.odt
[2012/03/28 18:44:55 | 380,277,611 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/28 10:40:09 | 000,702,468 | ---- | M] () -- C:\Users\Lewis\Desktop\The_Oke_Manual.pdf
[2012/03/18 20:07:51 | 000,294,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/06 15:13:01 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/06 15:13:01 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/03 18:35:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/28 10:40:09 | 000,702,468 | ---- | C] () -- C:\Users\Lewis\Desktop\The_Oke_Manual.pdf
[2012/03/27 10:03:05 | 000,020,903 | ---- | C] () -- C:\Users\Lewis\Desktop\Lesson 26 - Key Points.odt
[2012/01/10 20:26:08 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/02 19:09:46 | 000,000,017 | ---- | C] () -- C:\Users\Lewis\AppData\Local\resmon.resmoncfg
[2011/05/08 14:03:47 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2011/04/29 18:58:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/12 15:25:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/11/20 10:35:16 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\OpenOffice.org
[2012/01/12 06:15:25 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\SoftGrid Client
[2011/11/25 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\WildTangent
[2011/12/15 15:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\Windows Live Writer
[2012/04/10 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\Dropbox
[2011/07/14 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\go
[2011/07/30 13:43:06 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\Leadertech
[2011/04/30 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\OpenOffice.org
[2011/05/02 14:06:38 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\PCDr
[2012/04/03 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\SoftGrid Client
[2011/11/22 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\SystemRequirementsLab
[2012/01/10 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\TP
[2012/03/29 10:33:17 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\Train2Game
[2012/04/07 08:20:24 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/25 12:52:23 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/10 13:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/12/12 15:11:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/12 15:12:20 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/12 15:11:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/12 15:12:06 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/12 15:12:20 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/12 15:12:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/12 15:12:20 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/12 15:12:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/12 15:12:20 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/12 15:11:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/12 15:12:06 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/12 15:11:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Temp1234\Windows\System32\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Temp1234\Windows\System32\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Temp1234\Windows\System32\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/12 15:12:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/12 15:12:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >
  • 0

#8
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Please uninstall the following program via Control Panel > Uninstall a program (if present):

  • Java™ 6 Update 21 (64-bit)


Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Download AVPTool from here to your desktop.

Run the programme you have just downloaded to your desktop (it will be randomly named).


First we will run a virus scan

Click the cog in the upper right.

Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan.

Posted Image

Allow AVP to delete all infections found.
Once it has finished select report tab (last tab).
Select Detected threads report from the left and press Save button.
Save it to your desktop and attach to your next post.


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information.

Posted Image


On completion click the link to locate the zip file to upload and attach to your next post.

Posted Image


Step 4

Can you attach a screenshot of the program that pops up?


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • AVPTool Report
  • avptool_sysinfo.zip
  • Screenshot of the unknown program

  • 0

#9
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL Fix -

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File/Folder C:\Windows\*.tmp not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lewis\Downloads\cmd.bat deleted successfully.
C:\Users\Lewis\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jolette
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lewis
->Temp folder emptied: 30199157 bytes
->Temporary Internet Files folder emptied: 15651399 bytes
->Java cache emptied: 13750186 bytes
->FireFox cache emptied: 75535436 bytes
->Google Chrome cache emptied: 7782804 bytes
->Flash cache emptied: 508 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 137.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04112012_184406

Files\Folders moved on Reboot...
C:\Users\Lewis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL.txt -

OTL logfile created on: 4/11/2012 6:49:44 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lewis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.61% Memory free
5.99 Gb Paging File | 4.34 Gb Available in Paging File | 72.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 218.58 Gb Free Space | 77.13% Space Free | Partition Type: NTFS

Computer Name: LEWIS-PC | User Name: Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/09 17:38:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lewis\Downloads\OTL.exe
PRC - [2012/04/04 17:06:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lewis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/27 13:29:07 | 000,246,112 | ---- | M] () -- C:\ProgramData\OnlineUpdate\ouc.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/04 17:06:03 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/03 18:35:45 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/02/16 08:40:24 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/15 12:50:38 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 12:49:57 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 12:49:39 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 12:49:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 12:49:26 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 12:49:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 12:49:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 12:49:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 12:48:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 19:11:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/30 20:46:08 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 19:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/25 11:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)
SRV - [2012/04/03 19:11:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/27 13:29:07 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\MTN Online\UpdateDog\ouc.exe -- (MTN Online. RunOuc)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/03/14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/22 19:41:12 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/11 12:48:52 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/03/07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/01/27 13:29:16 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/01/27 13:29:15 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/01/27 13:29:15 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/01/27 13:29:15 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/27 13:29:14 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/15 06:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/25 19:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam for Notebooks Deluxe(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 12:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/03/11 12:48:52 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/03/11 12:48:52 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/15 21:15:21 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/05/16 23:10:03 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24[1].gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{B18E500C-2663-4D4E-B7CE-61CFB92C7CD7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3E9AD9E2-20EF-47CE-AA52-7E7EEBD57A11}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\..\SearchScopes,DefaultScope = {E5AE0FAE-0BD1-4C0E-B87B-C8D0BB99AB55}
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\..\SearchScopes\{E5AE0FAE-0BD1-4C0E-B87B-C8D0BB99AB55}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2115640975-848287457-3689859785-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..keyword.URL: "http://www.google.co...nt&hl=en-GB&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 15:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/05 08:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/29 18:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewis\AppData\Roaming\Mozilla\Extensions
[2012/02/10 16:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\uy8tfmav.default\extensions
[2011/06/10 20:01:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\uy8tfmav.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/01 13:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/09 17:46:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/19 15:54:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\LEWIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UY8TFMAV.DEFAULT\EXTENSIONS\[email protected]
[2012/04/04 17:06:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 19:02:40 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 19:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 19:02:40 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 19:02:40 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 19:02:40 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Gmail = C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Jolette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DE43533-B76F-4C83-864F-7D88E8E1A02B}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{643427AD-64D2-4657-B65F-A7624025B5D7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71C3509D-6425-4F1A-B0C2-EA8C77BBDD42}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2E4A1C-2F3F-49AF-98A0-9CB501845517}: NameServer = 209.212.96.1 209.212.97.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8D406BF-0672-4BBB-A39D-B651AD30E1C1}: NameServer = 209.212.96.1 209.212.97.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0bd65c9a-48e2-11e1-b347-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{0bd65c9a-48e2-11e1-b347-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{18502c38-172d-11e1-b7e4-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{18502c38-172d-11e1-b7e4-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e6704c4-15a9-11e1-bd7e-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{4e6704c4-15a9-11e1-bd7e-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4fb4861f-15dd-11e1-9ea6-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{4fb4861f-15dd-11e1-9ea6-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{56769f83-12c7-11e1-b5d1-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{56769f83-12c7-11e1-b5d1-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{56769f91-12c7-11e1-b5d1-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{56769f91-12c7-11e1-b5d1-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5e49b9ad-1675-11e1-b8ed-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{5e49b9ad-1675-11e1-b8ed-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5e49b9bc-1675-11e1-b8ed-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{5e49b9bc-1675-11e1-b8ed-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c2ef0d8-53bf-11e1-a598-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{6c2ef0d8-53bf-11e1-a598-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{79a2e8df-0e9c-11e1-b77d-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{79a2e8df-0e9c-11e1-b77d-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{82817190-15a2-11e1-9c37-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{82817190-15a2-11e1-9c37-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{828171aa-15a2-11e1-9c37-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{828171aa-15a2-11e1-9c37-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9221ecf0-0e21-11e1-b65a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{9221ecf0-0e21-11e1-b65a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9221ed0e-0e21-11e1-b65a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{9221ed0e-0e21-11e1-b65a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9221eda9-0e21-11e1-b65a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{9221eda9-0e21-11e1-b65a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a613b30f-140e-11e1-b193-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{a613b30f-140e-11e1-b193-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a613b33f-140e-11e1-b193-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{a613b33f-140e-11e1-b193-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a613b34b-140e-11e1-b193-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{a613b34b-140e-11e1-b193-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{aae525b2-141e-11e1-95c0-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{aae525b2-141e-11e1-95c0-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9262010-166c-11e1-b415-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{b9262010-166c-11e1-b415-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b926201e-166c-11e1-b415-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{b926201e-166c-11e1-b415-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9262028-166c-11e1-b415-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{b9262028-166c-11e1-b415-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf5d2382-57c9-11e1-b878-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{cf5d2382-57c9-11e1-b878-001e101f36d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf69461c-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf69461c-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf69462a-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf69462a-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf694635-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf694635-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf694672-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf694672-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf69467f-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf69467f-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf6946bf-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6946bf-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf6946ca-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6946ca-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf6946d8-15aa-11e1-b62a-f04da2bd1468}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6946d8-15aa-11e1-b62a-f04da2bd1468}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d25461ac-75b1-11e1-b5c1-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{d25461ac-75b1-11e1-b5c1-001e101f7fb6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 21:50:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/08 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012/04/08 23:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012/04/08 23:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp!
[2012/04/06 15:12:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/04/04 12:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/04/03 18:35:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/03 16:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineUpdate
[2012/04/03 16:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\log
[2012/03/29 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\Lewis\AppData\Roaming\Media Player Classic
[2012/03/19 15:54:45 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

========== Files - Modified Within 30 Days ==========

[2012/04/11 18:54:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 18:54:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 18:51:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/11 18:46:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 18:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 18:46:09 | 2413,056,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 18:45:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 07:53:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/10 13:28:27 | 000,000,512 | ---- | M] () -- C:\Users\Lewis\Desktop\MBR.dat
[2012/04/10 12:42:30 | 004,061,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/10 12:42:30 | 001,853,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/10 12:42:30 | 000,005,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/07 08:20:24 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/03 16:17:12 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/03 16:17:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/29 10:11:04 | 000,020,903 | ---- | M] () -- C:\Users\Lewis\Desktop\Lesson 26 - Key Points.odt
[2012/03/28 18:44:55 | 380,277,611 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/28 10:40:09 | 000,702,468 | ---- | M] () -- C:\Users\Lewis\Desktop\The_Oke_Manual.pdf
[2012/03/18 20:07:51 | 000,294,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/10 13:28:27 | 000,000,512 | ---- | C] () -- C:\Users\Lewis\Desktop\MBR.dat
[2012/04/06 15:13:01 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/06 15:13:01 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/03 18:35:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/28 10:40:09 | 000,702,468 | ---- | C] () -- C:\Users\Lewis\Desktop\The_Oke_Manual.pdf
[2012/03/27 10:03:05 | 000,020,903 | ---- | C] () -- C:\Users\Lewis\Desktop\Lesson 26 - Key Points.odt
[2012/01/10 20:26:08 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/02 19:09:46 | 000,000,017 | ---- | C] () -- C:\Users\Lewis\AppData\Local\resmon.resmoncfg
[2011/05/08 14:03:47 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2011/04/29 18:58:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/12 15:25:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/11/20 10:35:16 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\OpenOffice.org
[2012/01/12 06:15:25 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\SoftGrid Client
[2011/11/25 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\WildTangent
[2011/12/15 15:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jolette\AppData\Roaming\Windows Live Writer
[2012/04/11 18:47:57 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\Dropbox
[2011/07/14 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\go
[2011/07/30 13:43:06 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\Leadertech
[2011/04/30 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\OpenOffice.org
[2011/05/02 14:06:38 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\PCDr
[2012/04/03 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\SoftGrid Client
[2011/11/22 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\SystemRequirementsLab
[2012/01/10 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\TP
[2012/03/29 10:33:17 | 000,000,000 | ---D | M] -- C:\Users\Lewis\AppData\Roaming\Train2Game
[2012/04/07 08:20:24 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/25 12:52:23 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/11 18:51:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

AVP report -

Status: Deleted (events: 1)
11/04/2012 19:34:18 Deleted adware not-a-virus:AdWare.Win32.ScreenSaver.e C:\Documents and Settings\Lewis\Downloads\XvidSetup.exe Medium

AVP syn -

<?xml version="1.0" encoding="WINDOWS-1251"?>

<!-- AVZ XML Report -->
-<AVZ CompHash="E6A24748D9FA39E372A0DB09848229BE" MainDBDate="12/30/1899" IsSRDisabled="False" IsAdmin="True" IsWow64="True" Session="" ProfileDir="C:\Users\Lewis" OS_CSDV="Service Pack 1" BootMode="0" OS_Build="7601" OS_MiVer="1" OS_MjVer="6" WinDir="C:\Windows\" LogDate="12.04.2012 20:25:26" Version="4.35"> -<PROCESS> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="AESTSr64.exe" PID="2428"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="ApMsgFwd.exe" PID="4884"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="ApntEx.exe" PID="5112"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="Apoint.exe" PID="1928"/> <ITEM CmdLine=""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" Hidden="0" LegalCopyright="Copyright © 2012 AVAST Software" Descr="avast! Service" CheckResult="0" File="c:\program files\avast software\avast\avastsvc.exe" PID="1684" MD5="4041D31508A2A084DFB42C595854090F" ChageDate="07.03.2012 01:15:14" CreateDate="19.03.2012 15:54:39" Attr="rsAh" Size="44768"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="hidfind.exe" PID="3884"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="HWDeviceService64.exe" PID="2592"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="LVPrcSrv.exe" PID="2636"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="mscorsvw.exe" PID="5780"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="PresentationFontCache.exe" PID="4148"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="quickset.exe" PID="3568"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="sidebar.exe" PID="3916"/> <ITEM CmdLine=""C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"" Hidden="0" LegalCopyright="Copyright © 2000-2010 by Oracle, Inc." Descr="OpenOffice.org 3.3" CheckResult="0" File="c:\program files (x86)\openoffice.org 3\program\soffice.bin" PID="4684" MD5="2337EC951C4AF6E1AF65D10BD9615BEB" ChageDate="17.01.2011 19:08:58" CreateDate="17.01.2011 19:08:58" Attr="rsAh" Size="11314688"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="stacsv64.exe" PID="1064"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="sttray64.exe" PID="3988"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="TrustedInstaller.exe" PID="5368"/> <ITEM CmdLine="" Hidden="1" LegalCopyright="" Descr="" CheckResult="-1" File="wmpnetwk.exe" PID="5264"/> </PROCESS> -<DLL> <ITEM Hidden="0" LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\AVAST Software\Avast\defs\12041200\algo.dll" MD5="77C0B2BAAC6429581CB24B86AD42C0BE" ChageDate="12.04.2012 09:26:32" CreateDate="12.04.2012 20:16:33" Attr="rsAh" Size="1755136" UsedBy="1684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll" MD5="6428F67B001019B215AB38C6AAE3F9F1" ChageDate="30.04.2011 20:46:14" CreateDate="17.01.2011 16:19:08" Attr="rsAh" Size="1740800" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll" MD5="5022DC27017BC9DAC7FD200787BD3933" ChageDate="30.04.2011 20:46:14" CreateDate="19.11.2010 18:46:18" Attr="rsAh" Size="86016" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll" MD5="870D7D7E3427755159416F50F398B0BF" ChageDate="30.04.2011 20:46:11" CreateDate="13.12.2010 16:23:04" Attr="rsAh" Size="379904" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll" MD5="E412851C6A920800065360B1977DD526" ChageDate="30.04.2011 20:46:07" CreateDate="17.01.2011 16:19:02" Attr="rsAh" Size="1033728" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll" MD5="A080588D0B5FDBC0C930488B5ABFE5E9" ChageDate="30.04.2011 20:46:13" CreateDate="19.11.2010 18:45:20" Attr="rsAh" Size="432128" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll" MD5="194BAB0F454994B4471B4E3DF95209AC" ChageDate="30.04.2011 20:46:14" CreateDate="19.11.2010 18:45:56" Attr="rsAh" Size="13312" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll" MD5="8357F8AAF499119B92C17E73F1DDEE03" ChageDate="30.04.2011 20:46:13" CreateDate="19.11.2010 18:45:20" Attr="rsAh" Size="142848" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © Boris Fomitchev" Descr="STLport" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll" MD5="849317E1D56F70F01B4222623141EAB5" ChageDate="30.04.2011 20:46:14" CreateDate="19.11.2010 18:46:06" Attr="rsAh" Size="597504" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll" MD5="5E37D5068D5EC7CEC2C962598D8DAF32" ChageDate="30.04.2011 20:46:12" CreateDate="19.11.2010 18:46:14" Attr="rsAh" Size="358912" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll" MD5="69BABF1DB5AB6593EE5DC93DBF3FE077" ChageDate="30.04.2011 20:46:13" CreateDate="19.11.2010 18:46:20" Attr="rsAh" Size="94208" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll" MD5="E465A716131588374C5057F5153FC25B" ChageDate="30.04.2011 20:46:07" CreateDate="17.01.2011 16:19:04" Attr="rsAh" Size="135680" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © Oracle 1997,2008" Descr="Berkeley DB 4.7 DLL" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll" MD5="45A4202C3C251D4984AEF0B6D97F7498" ChageDate="30.04.2011 20:46:08" CreateDate="17.01.2011 16:19:06" Attr="rsAh" Size="832000" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll" MD5="751AFD0FAC364E9AEAD1E4583EF96920" ChageDate="30.04.2011 20:46:12" CreateDate="17.01.2011 16:19:12" Attr="rsAh" Size="529408" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll" MD5="9D6BC76692767E36A88DA42FA901342D" ChageDate="30.04.2011 20:46:06" CreateDate="17.01.2011 16:19:02" Attr="rsAh" Size="700928" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll" MD5="C1D56A112F1BBCCD7E36055C2979F7EC" ChageDate="30.04.2011 20:46:08" CreateDate="19.11.2010 18:45:36" Attr="rsAh" Size="26112" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll" MD5="730A5E90EA69860EF8610E59CA45D9C3" ChageDate="30.04.2011 20:46:13" CreateDate="17.01.2011 16:19:12" Attr="rsAh" Size="958464" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll" MD5="D724788568FCB034F074C1FE07B39F92" ChageDate="30.04.2011 20:46:13" CreateDate="19.11.2010 18:46:20" Attr="rsAh" Size="531456" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll" MD5="A16DA1A48DC581A004F9F1CF783B6E1A" ChageDate="30.04.2011 20:46:10" CreateDate="17.01.2011 16:19:10" Attr="rsAh" Size="3234816" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll" MD5="B64E8EC81A38E162E9BABD676428B387" ChageDate="30.04.2011 20:46:08" CreateDate="13.12.2010 16:22:36" Attr="rsAh" Size="869888" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll" MD5="4147C03759D12C778E5C7912763CE27B" ChageDate="30.04.2011 20:46:08" CreateDate="13.12.2010 16:22:36" Attr="rsAh" Size="311296" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll" MD5="3BBF605C625AA06DDFDA5E561934DA73" ChageDate="30.04.2011 20:46:11" CreateDate="13.12.2010 16:23:06" Attr="rsAh" Size="2863616" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll" MD5="6158A21DF61E756A21C7A25FA7D3B739" ChageDate="30.04.2011 20:46:12" CreateDate="17.01.2011 16:19:12" Attr="rsAh" Size="2186752" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll" MD5="FE6C91849699C1D0270ED792792C187C" ChageDate="30.04.2011 20:46:13" CreateDate="17.01.2011 16:19:12" Attr="rsAh" Size="3266560" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll" MD5="489E694FB6AB0D504B856C78442C01F0" ChageDate="30.04.2011 20:46:11" CreateDate="19.11.2010 18:46:04" Attr="rsAh" Size="256000" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll" MD5="26E29325CC3EBF33C2D20A95CC024226" ChageDate="30.04.2011 20:46:08" CreateDate="19.11.2010 18:45:36" Attr="rsAh" Size="29184" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll" MD5="453E0E0E7D678A2B623BD6019D3D55C4" ChageDate="30.04.2011 20:46:08" CreateDate="19.11.2010 18:45:36" Attr="rsAh" Size="66560" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright=" Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. " Descr="IBM ICU Common DLL" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll" MD5="97B83B6BD18B47E5FD38A548528BE065" ChageDate="30.04.2011 20:46:08" CreateDate="19.11.2010 18:45:38" Attr="rsAh" Size="951296" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright=" Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. " Descr="ICU Data DLL" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll" MD5="D49B011B3F32368DF036500203A9BB37" ChageDate="30.04.2011 20:46:08" CreateDate="19.11.2010 18:45:36" Attr="rsAh" Size="13914112" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll" MD5="79D9E515D7BE0DE02FFA17389689C322" ChageDate="30.04.2011 20:46:11" CreateDate="17.01.2011 16:19:10" Attr="rsAh" Size="777216" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll" MD5="BE512A227952484657796AD210188898" ChageDate="30.04.2011 20:46:13" CreateDate="19.11.2010 18:45:40" Attr="rsAh" Size="92160" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll" MD5="5042F81BF2DA776B51D4AC434AF18BD4" ChageDate="30.04.2011 20:46:08" CreateDate="17.01.2011 16:19:06" Attr="rsAh" Size="985088" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll" MD5="D4277FF19D395D0E8970396608DC43DE" ChageDate="30.04.2011 20:46:09" CreateDate="17.01.2011 16:19:08" Attr="rsAh" Size="1577984" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll" MD5="CE791DC1CD5633F5A51264E626A399B6" ChageDate="30.04.2011 20:46:14" CreateDate="19.11.2010 18:45:44" Attr="rsAh" Size="51712" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll" MD5="D51CD77F4E2BD4AD6CF06382E0FF65F7" ChageDate="30.04.2011 20:46:13" CreateDate="19.11.2010 18:45:14" Attr="rsAh" Size="452608" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll" MD5="CD991A7EB2056AD9FE08C4D821DC8B77" ChageDate="30.04.2011 20:46:14" CreateDate="19.11.2010 18:45:54" Attr="rsAh" Size="92672" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll" MD5="64FB05B394CD802BFE6B961C88593F83" ChageDate="30.04.2011 20:46:14" CreateDate="19.11.2010 18:46:06" Attr="rsAh" Size="53248" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll" MD5="1BECA7165C185CA415B4E87227E7E9F0" ChageDate="30.04.2011 20:46:07" CreateDate="19.11.2010 18:45:18" Attr="rsAh" Size="396800" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll" MD5="87291C262734D1641094A22AEB2B411B" ChageDate="30.04.2011 20:46:09" CreateDate="13.12.2010 16:22:44" Attr="rsAh" Size="24064" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll" MD5="FB4E257937546E75128482AF67474E1D" ChageDate="30.04.2011 20:46:14" CreateDate="19.11.2010 18:46:06" Attr="rsAh" Size="92672" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll" MD5="C1E8E7BBBAC406221CB371E73F76D585" ChageDate="30.04.2011 20:46:12" CreateDate="19.11.2010 18:46:14" Attr="rsAh" Size="212992" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll" MD5="4F07EFBC26941F71BDB5D545947B8493" ChageDate="30.04.2011 20:46:08" CreateDate="13.12.2010 16:22:38" Attr="rsAh" Size="1649152" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll" MD5="94026DA46785AF78CC3D787FE77B8907" ChageDate="30.04.2011 20:46:12" CreateDate="17.01.2011 16:19:12" Attr="rsAh" Size="257024" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll" MD5="F0C4451C40DBD2105536B5769B2F8528" ChageDate="30.04.2011 20:46:08" CreateDate="17.01.2011 16:19:06" Attr="rsAh" Size="1317376" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright=" Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. " Descr="IBM ICU I18N DLL" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll" MD5="4977099CF7F9E080452B48E68F5E72BC" ChageDate="30.04.2011 20:46:08" CreateDate="19.11.2010 18:45:36" Attr="rsAh" Size="1071616" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll" MD5="D4CF606F2AB9E0CDD29DEB17293A09D6" ChageDate="30.04.2011 20:46:09" CreateDate="13.12.2010 16:22:50" Attr="rsAh" Size="83968" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll" MD5="4DC720299A9BA280F9F245B317538FD0" ChageDate="30.04.2011 20:46:09" CreateDate="13.12.2010 16:22:50" Attr="rsAh" Size="287232" UsedBy="4684"/> <ITEM Hidden="0" LegalCopyright="Copyright © 2010 by Oracle, Inc." Descr="" CheckResult="-1" File="C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll" MD5="768A170571F7E8977CB6F08A6C94F3FB" ChageDate="30.04.2011 20:46:07" CreateDate="19.11.2010 18:45:28" Attr="rsAh" Size="148480" UsedBy="4684"/> </DLL> -<KERNELOBJ> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_dumpfve.sys" MemSize="013000" Base="4961000"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_iaStor.sys" MemSize="39A000" Base="402A000"/> </KERNELOBJ> <Service> </Service> <Drivers> </Drivers> -<AUTORUN> <ITEM CheckResult="-1" File="C:\6a11f58902b819a419e567\DW\DW20.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Program Files\Bonjour\mDNSResponder.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Program Files\Common Files\McAfee\SystemCore\mfehidk_messages.dll" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\mfehidk" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Program Files\Dell\Dell Wir" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\wltrysvc" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Users\Lewis\AppData\Local\Temp\_uninst_21537757.bat" MD5="9228895D0E8236935234636714982A6C" ChageDate="11.04.2012 19:04:16" CreateDate="11.04.2012 19:04:16" Attr="rsAh" Size="364" X3="" X2="C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_21537757.lnk" X1="C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" Type="LNK" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="auditcse.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="lvcod64.dll" X3="vidc.i420" X2="Software\Microsoft\Windows NT\CurrentVersion\Drivers32" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="rdpclip" X3="StartupPrograms" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> </AUTORUN> -<BHO> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\Java\jre6\bin\jp2ssv.dll" Enabled="1" CLSID="{DBC80044-A445-435b-BC74-9C25C1C588A9}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" BHOType="1"/> </BHO> -<ExplorerExt> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="WebCheck" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" ExtName="ColumnHandler" ExtType="2"/> </ExplorerExt> -<PrintEXT> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="EP0SLM01.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="localspl.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="FXSMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="tcpmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="usbmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="WSDMon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="inetpp.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/> </PrintEXT> <TaskScheduler> </TaskScheduler> -<SPI> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" MD5="104A1070E90F1C530328E69B49718841" ChageDate="20.11.2010 13:20:30" CreateDate="19.06.2011 10:47:36" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="E-mail Naming Shim Provider" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" MD5="0B7E85364CB878E2AD531DB7B601A9E5" ChageDate="14.07.2009 02:16:02" CreateDate="14.07.2009 00:54:55" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 02:16:12" CreateDate="14.07.2009 00:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 02:16:12" CreateDate="14.07.2009 00:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 21:03:14" CreateDate="21.09.2010 21:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive NSP" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 21:03:14" CreateDate="21.09.2010 21:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive Local NSP" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" ChageDate="14.07.2009 02:16:19" CreateDate="14.07.2009 00:37:57" Attr="rsAh" Size="20992" SPINaim="NTDS" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 13:19:56" CreateDate="19.06.2011 10:48:37" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/> </SPI> <DPF> </DPF> -<CPL> <ITEM LegalCopyright="Copyright © 1996-2012 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries." Descr="Adobe Flash Player Control Panel Applet" CheckResult="-1" File="C:\Windows\system32\FlashPlayerCPLApp.cpl" MD5="74F989280D4D2D403E002FC03C765933" ChageDate="03.04.2012 19:11:35" CreateDate="06.09.2011 20:26:51" Attr="rsAh" Size="70304" Enabled="1"/> </CPL> <ActiveSetup> </ActiveSetup> <HOSTS> </HOSTS> -<ProtocolExt> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/> </ProtocolExt> -<IPU> <ITEM X2="@%SystemRoot%\System32\termsrv.dll,-268" X1="TermService" Code="1"/> <ITEM X2="@%systemroot%\system32\ssdpsrv.dll,-100" X1="SSDPSRV" Code="1"/> <ITEM X2="@%SystemRoot%\system32\schedsvc.dll,-100" X1="Schedule" Code="1"/> <ITEM Code="2"/> <ITEM Code="3"/> <ITEM Code="5"/> <ITEM X1="-1" Code="8"/> </IPU> -<WIZARD-TSW> <ITEM Fixed="0" Level="3" ID="58"/> <ITEM Fixed="0" Level="3" ID="59"/> <ITEM Fixed="0" Level="1" ID="60"/> <ITEM Fixed="0" Level="2" ID="61"/> <ITEM Fixed="0" Level="1" ID="66"/> </WIZARD-TSW> </AVZ>

I am unable to get a screenshot of the unknown program as it is too quick.
  • 0

#10
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

You need to attach avptool_sysinfo.zip to your next reply.
You can do this by using the Attachments feature underneath the reply box.
  • 0

Advertisements


#11
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here it is.

Attached Files


  • 0

#12
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Re-run AVPTool.
  • Select the Manual Disinfection tab and press Script execution.

    Posted Image

  • Where it states Insert text script in the following box copy the below script and press Run script.
    Copy from Begin until End.

    Posted Image


    begin  
    SetAVZPMStatus(True);  
    SearchRootkit(true, true);  
    SetAVZGuardStatus(True);  
     BC_DeleteFile('C:\Users\Lewis\AppData\Local\Temp\_uninst_99642562.bat');  
     DeleteFile('C:\Users\Lewis\AppData\Local\Temp\_uninst_99642562.bat');  
     BC_DeleteFile('C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_99642562.lnk');  
     DeleteFile('C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_99642562.lnk');  
    BC_ImportDeletedList;  
    ExecuteSysClean;  
    BC_Activate;  
    RebootWindows(true);  
    end.
  • Your system will reboot on completion, if it does not please do so yourself.
  • On completion please run another analysis scan and attach the zip file.

Step 2

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

  • avptool_sysinfo.zip
  • ComboFix.txt

  • 0

#13
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 12-04-14.02 - Lewis 14/04/2012 13:15:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3068.1747 [GMT 1:00]
Running from: c:\users\Lewis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lewis\AppData\Local\Temp\1516199\5039654.exe
c:\users\Lewis\AppData\Local\Temp\1516199\advdis.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\avlib.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\avpgs.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\avpgui.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\avs.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\avspm.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\avzkrnl.dll
c:\users\Lewis\AppData\Local\Temp\1516199\avzscan.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\base64.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\base64p.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\basegui.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\avengine.dll
c:\users\Lewis\AppData\Local\Temp\1516199\bases\avpcure.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\kavbase.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\kavsys.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\kjim.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\klavemu.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\mark.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\pbs.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\qscan.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bases\vlns.kdl
c:\users\Lewis\AppData\Local\Temp\1516199\bl.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\btdisk.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\btimages.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\buffer.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\clldr.dll
c:\users\Lewis\AppData\Local\Temp\1516199\crpthlpr.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\dbghelp.dll
c:\users\Lewis\AppData\Local\Temp\1516199\deflate.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\diffs.dll
c:\users\Lewis\AppData\Local\Temp\1516199\dmap.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\dtreg.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\filemap.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\fsdrvplg.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\fssync.dll
c:\users\Lewis\AppData\Local\Temp\1516199\hashmd5.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\hashsha1.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\icheck3.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\inflate.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\inifile.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\kldw.exe
c:\users\Lewis\AppData\Local\Temp\1516199\klsrlsvc.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\mailmsg.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\mdb.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\mdmap.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\memmng.dll
c:\users\Lewis\AppData\Local\Temp\1516199\memmodsc.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\memscan.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\minizip.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\mkavio.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\msoe.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\msvcm80.dll
c:\users\Lewis\AppData\Local\Temp\1516199\msvcp80.dll
c:\users\Lewis\AppData\Local\Temp\1516199\msvcr80.dll
c:\users\Lewis\AppData\Local\Temp\1516199\ndetect.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\netdtls.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\nfio.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\ntfsstrm.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\ods.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\params.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\passdmap.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\prloader.dll
c:\users\Lewis\AppData\Local\Temp\1516199\procmon.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\propmap.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\proxydet.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\prremote.dll
c:\users\Lewis\AppData\Local\Temp\1516199\prseqio.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\prtransp.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\prutil.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\pxstub.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\qb.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\quantum.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\regmap.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\report.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\reportdb.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\resip.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\schedule.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\sfdb.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\stat.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\stdcomp.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\stenum2.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\superio.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\syswatch.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\thpimpl.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\timer.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\tm.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\uniarc.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\updater.dll
c:\users\Lewis\AppData\Local\Temp\1516199\urlflt.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\ushata.dll
c:\users\Lewis\AppData\Local\Temp\1516199\volenum.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\wdiskio.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\winreg.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\wmihlpr.ppl
c:\users\Lewis\AppData\Local\Temp\1516199\x64\wmi64.exe
c:\users\Lewis\AppData\Local\Temp\1516199\xorio.ppl
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 11:54 . 2012-04-14 11:54 13312 ----a-w- c:\windows\SysWow64\drivers\vdm2mjmy.sys
2012-04-14 11:54 . 2012-04-14 11:54 11264 ----a-w- c:\windows\SysWow64\drivers\uzm2mjmy.sys
2012-04-14 11:51 . 2012-04-11 16:30 460888 ----a-w- c:\windows\system32\drivers\81619632.sys
2012-04-13 21:24 . 2012-04-14 11:56 -------- d-----w- c:\users\Lewis\Tracing
2012-04-13 21:20 . 2012-04-13 21:20 -------- d-----w- c:\windows\en
2012-04-13 21:15 . 2012-04-13 21:15 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-13 21:13 . 2012-04-13 21:13 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4193d26e1cd19ba03\MeshBetaRemover.exe
2012-04-13 21:13 . 2012-04-13 21:13 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3e4362811cd19ba02\DXSETUP.exe
2012-04-13 21:13 . 2012-04-13 21:13 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3e4362811cd19ba02\dsetup32.dll
2012-04-13 21:13 . 2012-04-13 21:13 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3e4362811cd19ba02\DSETUP.dll
2012-04-13 21:12 . 2012-04-14 09:26 -------- d-----w- c:\users\Lewis\AppData\Local\Windows Live
2012-04-13 17:21 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA89D8E6-7CB1-4935-800D-30422E66F3BF}\mpengine.dll
2012-04-12 02:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 02:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 02:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 02:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 02:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 02:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 02:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 02:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 02:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 02:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 18:04 . 2012-04-11 18:04 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-10 20:50 . 2012-04-10 20:50 -------- d-----w- C:\_OTL
2012-04-08 22:13 . 2012-04-08 22:13 -------- d-----w- c:\program files (x86)\CleanUp!
2012-04-04 16:06 . 2012-04-04 16:06 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-04 16:06 . 2012-04-04 16:06 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-03 18:11 . 2012-04-14 09:11 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 17:35 . 2012-04-14 09:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 17:35 . 2012-04-03 17:35 -------- d-----w- c:\windows\system32\Macromed
2012-04-03 15:16 . 2012-04-14 12:29 -------- d-----w- c:\programdata\OnlineUpdate
2012-04-03 15:16 . 2012-04-04 16:01 -------- d-----w- c:\programdata\log
2012-03-29 13:03 . 2012-03-29 13:03 -------- d-----w- c:\users\Lewis\AppData\Roaming\Media Player Classic
2012-03-19 14:54 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:11 . 2011-09-06 19:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-11 11:48 . 2011-09-05 18:09 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 00:15 . 2011-04-29 17:49 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-04-29 17:49 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-04-29 17:50 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-04-29 17:50 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2011-04-29 17:50 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:01 . 2011-04-29 17:50 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-04-29 17:50 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-04-29 17:50 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 10:28 . 2011-11-21 09:15 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-06 10:26 . 2011-11-21 09:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-06 10:26 . 2011-10-25 18:17 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-25 06:51 . 2011-10-25 18:18 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-25 06:51 . 2011-10-25 18:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-23 07:22 . 2011-11-21 09:04 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-23 07:18 . 2011-04-30 16:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 06:55 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 06:55 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 06:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 06:55 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 06:59 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 06:59 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 06:59 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 12:29 . 2012-01-27 12:29 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-01-27 12:29 . 2012-01-27 12:29 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-01-27 12:29 . 2012-01-27 12:29 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-01-27 12:29 . 2012-01-27 12:29 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-01-27 12:29 . 2012-01-27 12:29 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-01-27 12:29 . 2012-01-27 12:29 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-01-27 12:29 . 2012-01-27 12:29 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-01-27 12:29 . 2012-01-27 12:29 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-01-27 12:29 . 2012-01-27 12:29 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-01-27 12:29 . 2012-01-27 12:29 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-01-27 12:29 . 2012-01-27 12:29 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-01-27 12:29 . 2012-01-27 12:29 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-01-27 12:29 . 2011-11-19 16:04 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-27 12:29 . 2011-11-19 16:04 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-01-25 06:38 . 2012-03-14 06:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 06:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 06:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\users\Jolette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lewis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
_uninst_81619632.lnk - c:\users\Lewis\AppData\Local\Temp\_uninst_81619632.bat [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]
R2 MTN Online. RunOuc;MTN Online. OUC;c:\program files (x86)\MTN Online\UpdateDog\ouc.exe [2012-01-27 246112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-03-22 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 81619632;81619632;c:\windows\system32\DRIVERS\81619632.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-11 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24[1].gadget\WinRing0x64.sys [2011-05-16 22:10 14544]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 09:11]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 17:50]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 17:50]
.
2012-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2DE43533-B76F-4C83-864F-7D88E8E1A02B}: NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{71C3509D-6425-4F1A-B0C2-EA8C77BBDD42}: NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{AD2E4A1C-2F3F-49AF-98A0-9CB501845517}: NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{D8D406BF-0672-4BBB-A39D-B651AD30E1C1}: NameServer = 209.212.96.1 209.212.97.1
FF - ProfilePath - c:\users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\uy8tfmav.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
"ImagePath"="\??\c:\users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24
[1].gadget\WinRing0x64.sys"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\programdata\OnlineUpdate\ouc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-04-14 13:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 12:35
.
Pre-Run: 234,273,779,712 bytes free
Post-Run: 234,062,274,560 bytes free
.
- - End Of File - - 732463D1DCAD48990FF2C949268078E1

Attached Files


  • 0

#14
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
What problems remain?

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll
 
Folder::
c:\users\Lewis\AppData\Local\Temp\1516199


Save this as CFScript.txt, in the same location as ComboFix.exe.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Things I want to see in your next reply

  • What problems remain?
  • ComboFix.txt

  • 0

#15
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 12-04-14.02 - Lewis 14/04/2012 17:41:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3068.1500 [GMT 1:00]
Running from: c:\users\Lewis\Desktop\ComboFix.exe
Command switches used :: c:\users\Lewis\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\TEMP\logishrd\LVPrcInj01.dll"
"c:\windows\TEMP\logishrd\LVPrcInj02.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 16:51 . 2012-04-14 16:51 -------- d-----w- c:\users\Jolette\AppData\Local\temp
2012-04-14 16:51 . 2012-04-14 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 12:19 . 2012-04-14 12:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA89D8E6-7CB1-4935-800D-30422E66F3BF}\offreg.dll
2012-04-14 11:54 . 2012-04-14 11:54 13312 ----a-w- c:\windows\SysWow64\drivers\vdm2mjmy.sys
2012-04-14 11:54 . 2012-04-14 11:54 11264 ----a-w- c:\windows\SysWow64\drivers\uzm2mjmy.sys
2012-04-14 11:51 . 2012-04-11 16:30 460888 ----a-w- c:\windows\system32\drivers\81619632.sys
2012-04-13 21:24 . 2012-04-14 16:22 -------- d-----w- c:\users\Lewis\Tracing
2012-04-13 21:20 . 2012-04-13 21:20 -------- d-----w- c:\windows\en
2012-04-13 21:15 . 2012-04-13 21:15 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-13 21:13 . 2012-04-13 21:13 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4193d26e1cd19ba03\MeshBetaRemover.exe
2012-04-13 21:13 . 2012-04-13 21:13 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3e4362811cd19ba02\DXSETUP.exe
2012-04-13 21:13 . 2012-04-13 21:13 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3e4362811cd19ba02\dsetup32.dll
2012-04-13 21:13 . 2012-04-13 21:13 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3e4362811cd19ba02\DSETUP.dll
2012-04-13 21:12 . 2012-04-14 09:26 -------- d-----w- c:\users\Lewis\AppData\Local\Windows Live
2012-04-13 17:21 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA89D8E6-7CB1-4935-800D-30422E66F3BF}\mpengine.dll
2012-04-12 02:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 02:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 02:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 02:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 02:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 02:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 02:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 02:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 02:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 02:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 18:04 . 2012-04-11 18:04 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-10 20:50 . 2012-04-10 20:50 -------- d-----w- C:\_OTL
2012-04-08 22:13 . 2012-04-08 22:13 -------- d-----w- c:\program files (x86)\CleanUp!
2012-04-04 16:06 . 2012-04-04 16:06 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-04 16:06 . 2012-04-04 16:06 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-03 18:11 . 2012-04-14 09:11 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 17:35 . 2012-04-14 09:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 17:35 . 2012-04-03 17:35 -------- d-----w- c:\windows\system32\Macromed
2012-04-03 15:16 . 2012-04-14 16:53 -------- d-----w- c:\programdata\OnlineUpdate
2012-04-03 15:16 . 2012-04-04 16:01 -------- d-----w- c:\programdata\log
2012-03-29 13:03 . 2012-03-29 13:03 -------- d-----w- c:\users\Lewis\AppData\Roaming\Media Player Classic
2012-03-19 14:54 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 09:11 . 2011-09-06 19:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-11 11:48 . 2011-09-05 18:09 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 00:15 . 2011-04-29 17:49 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-04-29 17:49 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-04-29 17:50 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-04-29 17:50 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2011-04-29 17:50 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:01 . 2011-04-29 17:50 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-04-29 17:50 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-04-29 17:50 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 10:28 . 2011-11-21 09:15 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-06 10:26 . 2011-11-21 09:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-06 10:26 . 2011-10-25 18:17 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-25 06:51 . 2011-10-25 18:18 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-25 06:51 . 2011-10-25 18:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-23 07:22 . 2011-11-21 09:04 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-23 07:18 . 2011-04-30 16:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 06:55 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 06:55 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 06:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 06:55 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 06:59 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 06:59 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 06:59 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 12:29 . 2012-01-27 12:29 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-01-27 12:29 . 2012-01-27 12:29 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-01-27 12:29 . 2012-01-27 12:29 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-01-27 12:29 . 2012-01-27 12:29 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-01-27 12:29 . 2012-01-27 12:29 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-01-27 12:29 . 2012-01-27 12:29 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-01-27 12:29 . 2012-01-27 12:29 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-01-27 12:29 . 2012-01-27 12:29 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-01-27 12:29 . 2012-01-27 12:29 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-01-27 12:29 . 2012-01-27 12:29 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-01-27 12:29 . 2012-01-27 12:29 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-01-27 12:29 . 2012-01-27 12:29 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-01-27 12:29 . 2011-11-19 16:04 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-27 12:29 . 2011-11-19 16:04 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-01-25 06:38 . 2012-03-14 06:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 06:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 06:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( [email protected]_12.30.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-14 12:28 . 2012-04-14 12:28 12407 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-04-14 16:51 . 2012-04-14 16:51 12407 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-04-14 12:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-14 16:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-14 12:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 16:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 12:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 16:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-12 12:56 . 2012-04-14 12:51 53988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-14 16:56 49194 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-29 21:51 . 2012-04-14 16:56 26684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2115640975-848287457-3689859785-1001_UserData.bin
- 2012-04-14 12:29 . 2012-04-14 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 16:52 . 2012-04-14 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 16:52 . 2012-04-14 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-14 12:29 . 2012-04-14 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-14 12:29 . 2009-10-07 00:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-04-14 16:53 . 2009-10-07 00:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-04-14 16:53 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-04-14 12:29 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-04-29 19:43 . 2012-04-14 16:03 393026 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-04-14 16:51 278420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-14 12:28 278420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-29 21:46 . 2012-04-14 16:51 4467804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2115640975-848287457-3689859785-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\users\Jolette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lewis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
_uninst_81619632.lnk - c:\users\Lewis\AppData\Local\Temp\_uninst_81619632.bat [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]
R2 MTN Online. RunOuc;MTN Online. OUC;c:\program files (x86)\MTN Online\UpdateDog\ouc.exe [2012-01-27 246112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-03-22 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 81619632;81619632;c:\windows\system32\DRIVERS\81619632.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-11 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24[1].gadget\WinRing0x64.sys [2011-05-16 22:10 14544]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 09:11]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 17:50]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 17:50]
.
2012-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2DE43533-B76F-4C83-864F-7D88E8E1A02B}: NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{71C3509D-6425-4F1A-B0C2-EA8C77BBDD42}: NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{AD2E4A1C-2F3F-49AF-98A0-9CB501845517}: NameServer = 209.212.96.1 209.212.97.1
TCP: Interfaces\{D8D406BF-0672-4BBB-A39D-B651AD30E1C1}: NameServer = 209.212.96.1 209.212.97.1
FF - ProfilePath - c:\users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\uy8tfmav.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - user.js: general.useragent.extra.brc -
.
"ImagePath"="\??\c:\users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24
[1].gadget\WinRing0x64.sys"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Lewis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\programdata\OnlineUpdate\ouc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-04-14 18:00:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 17:00
ComboFix2.txt 2012-04-14 12:35
.
Pre-Run: 234,499,784,704 bytes free
Post-Run: 234,228,105,216 bytes free
.
- - End Of File - - 7B5B37FDFB87669EBD08F8EF73A65882


The problems that still occure is the program that pops up and closes within a second. Also, i don't know if this is relevent, my skype name has changed to 'jay' and i can't change it back.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP