Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

how do i remove malware recicler virus on external hard drive and not


  • This topic is locked This topic is locked

#1
Gustavb64

Gustavb64

    New Member

  • Member
  • Pip
  • 1 posts
OTL Extras logfile created on: 2012/09/23 08:51:39 PM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Mike de Beer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

1.25 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 38.48% Memory free
2.75 Gb Paging File | 1.62 Gb Available in Paging File | 58.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 54.93 Gb Free Space | 39.50% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 6.29 Gb Free Space | 84.32% Space Free | Partition Type: NTFS
Drive F: | 1020.00 Mb Total Space | 1017.66 Mb Free Space | 99.77% Space Free | Partition Type: FAT32
Drive G: | 59.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 465.65 Gb Total Space | 380.51 Gb Free Space | 81.72% Space Free | Partition Type: FAT32
Drive I: | 941.72 Mb Total Space | 11.70 Mb Free Space | 1.24% Space Free | Partition Type: FAT

Computer Name: GUSTAV | User Name: Mike de Beer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4212977608-3304432661-1343176683-1004]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A5A81D-6F7F-429D-B30A-525EF6F9D6BA}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{054E310C-D023-4DAF-8248-FB06818042C6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{09E672D0-A6D7-45E9-8CE0-770BF5F7B90B}" = rport=445 | protocol=6 | dir=out | app=system |
"{13F9016F-C8DD-423A-91D9-5867692E67B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{24C1BFA8-D453-48B4-8A3C-054F9BFDD707}" = lport=137 | protocol=17 | dir=in | app=system |
"{268D3FC3-C07D-4073-BA93-058DB451B405}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{28F20338-6ABA-4E17-9DB3-FAF7F94F1B0E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{292EF030-9897-40A6-80A3-A8FBB0028B7A}" = rport=139 | protocol=6 | dir=out | app=system |
"{2E92D957-3800-42F9-96E6-961E23464605}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EF2F0CE-5B33-40F7-8C4C-8AEB6FA05936}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{323F5C53-F1AF-4C39-B661-DEDE5C56A754}" = lport=2869 | protocol=6 | dir=in | app=system |
"{41EA089C-C573-405F-AA44-BD33A33E62D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{434FF2AD-ADFE-458A-A005-26165BF99C1D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{519B4F81-6444-4EC7-A93C-6BF27E1ED4B1}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{5436FBDE-0A0A-4CD1-A9CD-0E26BD789005}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5BB6B0A9-7E9C-4F09-B785-F5A90797303E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{60AF979E-E370-426B-9DB2-EAC7FF55B118}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{60FD1127-34ED-4D46-B95E-BFC703F3D4C4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{66406CBA-E4D8-4F22-938E-AE3454AF8FF4}" = lport=138 | protocol=17 | dir=in | app=system |
"{69BD7D6B-CB61-4305-B585-8721D4E543B3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{6B2385CE-67CD-4F5D-900E-D4E831602B79}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D4A543A-6C3A-45FF-932F-C37F2054DF1C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7CB49C7E-0440-44B9-8BC5-7545CF5FD859}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{7D4472F2-DD58-43D1-B3C3-DEC777EDC734}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{7EF83F53-EFD1-4A50-9ADC-C41051A02570}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85B9450E-2AFD-4718-9DF8-991D50F1E007}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{888ECB9A-D351-48A8-9572-BB02833AC3FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B5F6560-F738-470A-B4ED-6C9074B08BA1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{900AB584-066F-4CC7-A443-CC361770D02F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{AFCCB4B7-D5D0-419D-9ABD-739BCF523FE0}" = rport=137 | protocol=17 | dir=out | app=system |
"{B05A2C4C-34DC-4E78-80B0-7EBD94C35B84}" = rport=138 | protocol=17 | dir=out | app=system |
"{B312465E-76BD-4DFE-82E5-05B64B65E39A}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{B520FC14-E021-4B18-9188-CF875018F13A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{BD81473E-D8C1-41FA-B6E5-32BEFB2F5056}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE11731B-CA1C-4E9A-9D1E-2653FD7A7EDD}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{C0C212E2-9C8E-4319-A56D-9C3A11DF4468}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9F86C7B-3F89-4BCF-BB34-B79B636E2A0C}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{D40571C6-D5CB-444D-98F5-7878CA274005}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{D73CCCBF-D934-49DB-ADAB-EBE59AE68D4B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{DA50FF9B-5DAA-45C4-8B34-3DE6C2731076}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DC9A25BE-F110-4D61-9448-A85790C55FDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EC58FBB8-940F-4106-84A2-C66C6C3D6B60}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{F6DA37F9-F840-4AD8-8D40-8E25D86FD79C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EA3441-699C-4FF2-81AE-58DD2C53FDE2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{026EC544-18B9-4199-AC4A-C4B219639A38}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{0C3A3162-5C29-426D-BD4F-D301BB5C8574}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{0D93998E-8EC6-40D3-A0E9-1CEB4A2D64A3}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{15A794EB-21B1-4228-8C7D-B4B351701A6B}" = protocol=58 | dir=in | [email protected],-28545 |
"{1B6CF69F-7CC1-45EB-8DCB-7A6581BA9DBA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{2AB77351-0860-42EC-B1D1-E4842E4981BF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{30975953-06B0-4693-8B8D-0EFCF6E14D77}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{30D1E589-9C25-4AE6-ABF8-52DD11898563}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{37B66D7D-02C7-4DED-A07B-89AA25DE6A5E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4D38159E-1067-4AEC-BBE9-9B3829519A43}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{4F9D4B3F-44F2-4E75-87D6-DF2075EB0D6B}" = protocol=58 | dir=out | [email protected],-28546 |
"{520B96FE-4F16-454F-A259-5F5047CB0524}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{5636C5C6-5E91-4A60-8179-061042FFADC1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{57BF090B-921F-45EF-AAFD-D74C9D6740A5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5DE745EA-FA29-48FD-B974-A01858183760}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{75E0AA82-1FBA-44EA-BBC8-F08482CD313A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{821A18DD-BB39-41C1-BDCD-D526B78E7ABB}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{85DEC008-94E8-48A1-A3FD-45BF2FB283BC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{88290A78-5888-4450-A5DD-C5AC95831B3B}" = protocol=1 | dir=out | [email protected],-28544 |
"{8EE5F322-C1D1-4F76-B455-12412E8C521C}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{97EFAC5F-C28E-4356-A1AF-877B7F2C59AE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{9DB867AC-3AEC-41E0-B8D2-BAC42AE643CC}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A2BC0DE6-F032-4B6F-AC15-9B246D970D8C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AA0CB7BC-F2A1-45FB-B1EA-7819A19FAEEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{AAB929B3-25F3-4509-BA82-8349FF3D5A2F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{AAE4BAF7-17DD-4EC9-B59D-792D4C8C8E08}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ACE367B3-6964-4E06-AA63-1E98CD6A1516}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{BA1055AA-CF1F-45C5-9984-B6D1C6CD397D}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{BB8C07A2-674B-4BD8-9613-35A437ADEEF0}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C2D863B9-6BB2-4523-88A9-ECFC5541859B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C4F6D648-0DA9-49F6-B06D-FFD57788DEFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C9B018B6-3A18-4465-B3CB-9BF4BAC3A0D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{CC088299-C918-4993-907A-417114E46378}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{D5590FA1-4216-4F68-994E-3C9B85C57B2F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D5B80E0C-8F2A-4837-9C83-1173C90322C0}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{DB24506C-2AF6-48D7-8325-2BAA663D8388}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{E3224A9C-03A9-4CF7-B60D-B092AC423918}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E5EEDCF5-46EA-497A-9A4A-CAE6A0CA1657}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E9C4B102-9461-495B-B31C-45CC7A40FA34}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0BD60A2-6182-4A4E-95D0-D059A2D34781}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{F11422D6-273C-4392-ABF0-FFE7FC5277A1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F9842D4E-78B6-4AE2-A0CC-5C44B6451577}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{59AA6386-853E-453C-85C6-55392AA6C640}C:\program files\logitech\vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"TCP Query User{628ABEC5-A1B8-44EB-BDF1-74DB888D5F72}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{69F75D4F-2D33-4469-A587-DB513867B008}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{B5246504-518F-4BAF-9621-82658C8A1468}C:\sis\bin\umbrella.exe" = protocol=6 | dir=in | app=c:\sis\bin\umbrella.exe |
"UDP Query User{1D57A5CD-E2C7-4765-BFA0-1EF39DEC67B3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{51A7FA45-8334-4E6E-88A0-BBDC57B4724C}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{5FFEF95F-5A11-427C-909A-D45428E86FE2}C:\program files\logitech\vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"UDP Query User{F14C64F9-509C-49BA-A8B1-6C502D581165}C:\sis\bin\umbrella.exe" = protocol=17 | dir=in | app=c:\sis\bin\umbrella.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
"{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3022EF72-D538-4676-A5B4-F54A469289E8}" = Canon iR1020/1024/1025
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
"{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
"{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
"{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
"{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3A4B5A9-C9CA-7C40-F58A-9BC514BAC3BA}" = Socialbox
"{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
"{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
"{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
"{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
"{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
"{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazing Adventures The Caribbean Secret" = Amazing Adventures The Caribbean Secret
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Car Wash Calendar User_is1" = Car Wash Calendar for Workgroup [version 2.9]
"com.socialbox.socialbox" = Socialbox
"DivX Content Uploader" = DivX Content Uploader
"DVD Shrink_is1" = DVD Shrink 3.2
"F533865EC0BCC4B117B00EA2CE592684CC421D5D" = Windows Driver Package - Broadcom Bluetooth (06/19/2007 6.2.6000.1)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar on IE and Chrome
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar
"PDF Complete" = PDF Complete
"PhotoStitch" = Canon Utilities PhotoStitch
"Seagate File Recovery for WindowsNSIS" = Seagate File Recovery for Windows 2.0
"Searchqu Toolbar" = Windows searchqu Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WNLT" = Web Optimizer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 2012/01/22 12:03:31 PM | Computer Name = GUSTAV | Source = avast! | ID = 33554522
Description =

Error - 2012/01/22 12:03:31 PM | Computer Name = GUSTAV | Source = avast! | ID = 33554522
Description =

Error - 2012/01/22 12:03:34 PM | Computer Name = GUSTAV | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2012/09/19 10:14:02 PM | Computer Name = GUSTAV | Source = WinMgmt | ID = 10
Description =

Error - 2012/09/20 01:41:54 AM | Computer Name = GUSTAV | Source = WinMgmt | ID = 10
Description =

Error - 2012/09/20 09:53:49 AM | Computer Name = GUSTAV | Source = EventSystem | ID = 4621
Description =

Error - 2012/09/20 12:34:19 PM | Computer Name = GUSTAV | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x002cc7f0, process id 0x1050, application start time
0x01cd974dc6bac001.

Error - 2012/09/20 12:34:23 PM | Computer Name = GUSTAV | Source = WinMgmt | ID = 10
Description =

Error - 2012/09/21 04:24:50 AM | Computer Name = GUSTAV | Source = WinMgmt | ID = 10
Description =

Error - 2012/09/21 07:21:49 AM | Computer Name = GUSTAV | Source = EventSystem | ID = 4621
Description =

Error - 2012/09/22 12:01:29 PM | Computer Name = GUSTAV | Source = WinMgmt | ID = 10
Description =

Error - 2012/09/23 02:46:01 AM | Computer Name = GUSTAV | Source = WinMgmt | ID = 10
Description =

Error - 2012/09/23 02:52:28 AM | Computer Name = GUSTAV | Source = EventSystem | ID = 4621
Description =

Error - 2012/09/23 01:14:49 PM | Computer Name = GUSTAV | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 2011/03/10 11:32:50 PM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/03/24 01:58:55 PM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/04/14 03:44:53 AM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/05/16 01:30:25 PM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/07/07 01:50:05 AM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/07/18 07:05:04 AM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/08/30 04:36:57 PM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/08/31 11:11:55 PM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/08/31 11:13:56 PM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/10/31 03:31:03 AM | Computer Name = GUSTAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2012/09/21 04:23:43 AM | Computer Name = GUSTAV | Source = Dhcp | ID = 1002
Description = The IP address lease 20.20.20.31 for the Network Card with network
address 002100BBE05C has been denied by the DHCP server 20.20.20.254 (The DHCP
Server sent a DHCPNACK message).

Error - 2012/09/21 04:23:57 AM | Computer Name = GUSTAV | Source = Print | ID = 19
Description = The print spooler failed to share printer Send To OneNote 2007 with
shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used
by others on the network.

Error - 2012/09/21 04:24:51 AM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =

Error - 2012/09/21 04:24:51 AM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =

Error - 2012/09/22 12:01:29 PM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =

Error - 2012/09/22 12:01:29 PM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =

Error - 2012/09/23 02:46:01 AM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =

Error - 2012/09/23 02:46:01 AM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =

Error - 2012/09/23 01:14:49 PM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =

Error - 2012/09/23 01:14:49 PM | Computer Name = GUSTAV | Source = Service Control Manager | ID = 7000
Description =


< End of report >
OTL logfile created on: 2012/09/23 08:51:36 PM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Mike de Beer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

1.25 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 38.48% Memory free
2.75 Gb Paging File | 1.62 Gb Available in Paging File | 58.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 54.93 Gb Free Space | 39.50% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 6.29 Gb Free Space | 84.32% Space Free | Partition Type: NTFS
Drive F: | 1020.00 Mb Total Space | 1017.66 Mb Free Space | 99.77% Space Free | Partition Type: FAT32
Drive G: | 59.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 465.65 Gb Total Space | 380.51 Gb Free Space | 81.72% Space Free | Partition Type: FAT32
Drive I: | 941.72 Mb Total Space | 11.70 Mb Free Space | 1.24% Space Free | Partition Type: FAT

Computer Name: GUSTAV | User Name: Mike de Beer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 20:23:06 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Mike de Beer\Desktop\OTL.exe
PRC - [2012/08/15 11:55:04 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/06/06 11:41:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/11/28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe
PRC - [2008/03/13 19:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008/01/21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/16 01:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 01:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/23 15:40:04 | 000,167,256 | ---- | M] () -- C:\Program Files\Web Assistant\Extension32.dll
MOD - [2012/06/13 18:01:39 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/13 18:01:38 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012/06/13 17:58:54 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 17:58:42 | 001,592,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/10 18:37:33 | 000,998,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 18:35:34 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 18:35:28 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/10 18:34:45 | 000,679,936 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll
MOD - [2012/05/10 18:34:38 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 18:32:58 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 18:32:03 | 006,621,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/10 18:30:51 | 007,953,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 18:30:39 | 011,492,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009/04/11 08:28:21 | 000,368,640 | ---- | M] () -- C:\windows\System32\msjetoledb40.dll
MOD - [2009/03/30 06:42:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 06:42:17 | 002,933,760 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/05/21 11:38:12 | 000,159,744 | ---- | M] () -- C:\windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/09/23 19:54:56 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 15:40:04 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/08/16 13:44:18 | 000,362,104 | ---- | M] () [Auto | Running] -- C:\windows\System32\dmwu.exe -- (WebOptimizer)
SRV - [2011/11/28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/04/22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/28 16:48:42 | 000,549,256 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2008/05/12 15:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/05/08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/10/19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/16 01:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMUVC.sys -- (VMUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MIKEDE~1\AppData\Local\Temp\nsysaudm.sys -- (nsysaudm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2011/11/28 19:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 19:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 19:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 19:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 19:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 19:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/05/15 00:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/06/28 16:48:43 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\windows\System32\drivers\amon.sys -- (AMON)
DRV - [2009/06/28 16:48:42 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2009/06/19 10:33:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/11 06:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/22 22:14:45 | 000,021,638 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2008/05/21 12:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/21 12:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 11:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/03/07 13:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 14:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/11/26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/10/15 16:27:10 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/15 16:27:10 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1396957
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6R8wW2SUW6&i=26
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://za.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 CD 76 04 C0 E5 C9 01 [binary data]
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\URLSearchHook: {f592709f-ff4a-4862-b659-4afabda56312} - No CLSID value found
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{004868D2-C928-40BD-B31D-B1B2CFBA57A1}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...earch&AF=100582
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPB_enZA329
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1396957
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8wW2SUW6&i=26
IE - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@ei.RobotBoom_60.com/Plugin: C:\Program Files\RobotBoom_60EI\Installr\1.bin\NP60EISB.dll (Robot Boom)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Mike de Beer\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/06 14:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2012/09/23 08:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/08/14 17:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike de Beer\AppData\Roaming\mozilla\Extensions
[2010/08/14 17:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike de Beer\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/06/24 06:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Toolbar BHO) - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\Toolbar\WebBrowser: (no name) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - No CLSID value found.
O3 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\Toolbar\WebBrowser: (no name) - {618413C5-0C8D-4D0F-9600-7CED876FA3DF} - No CLSID value found.
O3 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\Toolbar\WebBrowser: (no name) - {F592709F-FF4A-4862-B659-4AFABDA56312} - No CLSID value found.
O3 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004..\Run: [leaew] C:\Users\Mike de Beer\leaew.exe /y File not found
O4 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004..\Run: [Regedit32] C:\windows\system32\regedit.exe File not found
O4 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe File not found
O4 - HKU\S-1-5-21-4212977608-3304432661-1343176683-1004..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32F33D5E-982B-4B7E-84DD-8BB911D9717B}: DhcpNameServer = 168.210.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D09C78DB-CCD5-4259-9B4D-E4A8E46FCF91}: NameServer = 196.207.36.251 196.207.36.254
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9550~1\Datamngr\datamngr.dll) - C:\Program Files\Windows searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9550~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mike de Beer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike de Beer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/25 22:00:10 | 000,000,066 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2008/03/13 22:39:50 | 000,000,070 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{029a4202-b28c-11e0-894f-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{029a4202-b28c-11e0-894f-0024814affb6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{0cba24d8-dc30-11de-be0d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cba24d8-dc30-11de-be0d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{152d78be-10e6-11df-baf3-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{152d78be-10e6-11df-baf3-0024814affb6}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{30fd97bc-f506-11de-968b-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{30fd97bc-f506-11de-968b-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{30fd97be-f506-11de-968b-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{30fd97be-f506-11de-968b-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{38ffbd80-dbf5-11de-ae37-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{38ffbd80-dbf5-11de-ae37-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{3b0a5c08-b643-11de-a675-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{3b0a5c08-b643-11de-a675-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{3b0a5c09-b643-11de-a675-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{3b0a5c09-b643-11de-a675-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{3c8a4483-b5af-11de-9fdd-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{3c8a4483-b5af-11de-9fdd-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{3d2c3896-b5bd-11de-bc52-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d2c3896-b5bd-11de-bc52-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{847fd66f-e17f-11de-8c99-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{847fd66f-e17f-11de-8c99-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{847fd690-e17f-11de-8c99-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{847fd690-e17f-11de-8c99-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{888adfd8-b5a4-11de-9693-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{888adfd8-b5a4-11de-9693-806e6f6e6963}\Shell\AutoRun\command - "" = G:\starter.exe
O33 - MountPoints2\{94cfc40c-201a-11de-8bae-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94cfc40c-201a-11de-8bae-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{983e2625-599c-11df-9331-0024814affb6}\Shell\AutoRun\command - "" = G:\SRMP-A3.exe
O33 - MountPoints2\{9d25ec4e-b65c-11de-868e-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{9d25ec4e-b65c-11de-868e-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{9d25ec4f-b65c-11de-868e-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{9d25ec4f-b65c-11de-868e-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{9f24780a-628c-11e1-8653-8a867beb1f9e}\Shell - "" = AutoRun
O33 - MountPoints2\{9f24780a-628c-11e1-8653-8a867beb1f9e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a2e0a0bf-b009-11df-99f9-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e0a0bf-b009-11df-99f9-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{a2e0a0c2-b009-11df-99f9-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e0a0c2-b009-11df-99f9-0024814affb6}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{a5457f2a-ad1b-11e0-82b4-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{a5457f2a-ad1b-11e0-82b4-0024814affb6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a833f29e-81f4-11df-b413-0024814affb6}\Shell\AutoRun\command - "" = BUD\KNOW\DRG.exe
O33 - MountPoints2\{a833f29e-81f4-11df-b413-0024814affb6}\Shell\open\command - "" = BUD\KNOW\DRG.exe
O33 - MountPoints2\{ad613b04-ab4a-11df-aa21-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{ad613b04-ab4a-11df-aa21-0024814affb6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ad613b05-ab4a-11df-aa21-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{ad613b05-ab4a-11df-aa21-0024814affb6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bcd1b7c4-d924-11de-86ba-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{bcd1b7c4-d924-11de-86ba-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{bcd1b7c6-d924-11de-86ba-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{bcd1b7c6-d924-11de-86ba-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{c1b4cdd3-d9f5-11de-bfe4-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{c1b4cdd3-d9f5-11de-bfe4-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{cd3856e0-1fb0-11de-b077-002100bbe05c}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3856e0-1fb0-11de-b077-002100bbe05c}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{cd3856e8-1fb0-11de-b077-002100bbe05c}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3856e8-1fb0-11de-b077-002100bbe05c}\Shell\AutoRun\command - "" = G:\VMC_PBStarter.exe
O33 - MountPoints2\{dc04a623-e634-11df-bd80-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{dc04a623-e634-11df-bd80-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{dc04a625-e634-11df-bd80-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{dc04a625-e634-11df-bd80-0024814affb6}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{e337d180-fc2c-11de-9e07-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{e337d180-fc2c-11de-9e07-0024814affb6}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{fd05fc67-616f-11df-8712-0024814affb6}\Shell - "" = AutoRun
O33 - MountPoints2\{fd05fc67-616f-11df-8712-0024814affb6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 19:55:32 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Mike de Beer\Desktop\OTL.exe
[2012/09/18 14:17:57 | 000,000,000 | ---D | C] -- C:\Users\Mike de Beer\Desktop\2012090913_42_04_jpg
[2012/09/11 19:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\RobotBoom_60EI
[2012/09/06 14:42:04 | 000,000,000 | ---D | C] -- C:\windows\System32\ARFC
[2012/09/06 14:42:03 | 000,000,000 | ---D | C] -- C:\windows\System32\WNLT
[2012/09/02 12:30:28 | 000,000,000 | ---D | C] -- C:\Users\Mike de Beer\AppData\Roaming\start
[2012/08/30 20:47:48 | 000,000,000 | ---D | C] -- C:\Users\Mike de Beer\Documents\Zibulo Planning
[2011/03/16 14:04:39 | 013,145,360 | ---- | C] (Hewlett-Packard ) -- C:\Program Files\sp41377.exe
[2010/09/11 17:32:50 | 001,046,720 | ---- | C] (Driver Mender ) -- C:\Users\Mike de Beer\DriverMender.exe
[2010/09/11 12:13:45 | 007,954,288 | ---- | C] (Ellora Assets Corporation ) -- C:\Users\Mike de Beer\FreemakeVideoDownloader_1.1.14.exe

========== Files - Modified Within 30 Days ==========

[2012/09/23 20:54:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 20:51:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 20:30:00 | 000,000,298 | ---- | M] () -- C:\windows\tasks\Updater.job
[2012/09/23 20:23:06 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Mike de Beer\Desktop\OTL.exe
[2012/09/23 20:00:41 | 000,669,346 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/23 20:00:41 | 000,133,762 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/23 19:24:03 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/23 19:14:09 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 19:14:09 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 19:14:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/23 08:52:32 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2012/09/22 18:09:38 | 000,075,264 | ---- | M] () -- C:\Users\Mike de Beer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/20 11:36:26 | 000,855,913 | ---- | M] () -- C:\Users\Mike de Beer\Documents\zibulovmpplanssep2012.zip
[2012/09/20 09:00:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/09/19 15:21:25 | 000,078,454 | ---- | M] () -- C:\Users\Mike de Beer\Desktop\20120919134443334 elmar.pdf
[2012/09/18 14:03:25 | 000,293,784 | ---- | M] () -- C:\Users\Mike de Beer\Desktop\2012090913_42_04_jpg.zip
[2012/09/17 11:08:10 | 000,029,892 | ---- | M] () -- C:\Users\Mike de Beer\Documents\SHE REPRESENTATIVE MEETING MINUTES 29 August 2012.pdf
[2012/09/11 16:23:35 | 000,002,627 | ---- | M] () -- C:\Users\Mike de Beer\Desktop\Microsoft Office Word 2007.lnk
[2012/09/05 14:08:52 | 000,842,933 | ---- | M] () -- C:\Users\Mike de Beer\Documents\3455- Rigid Dumper Cat 777B 1.9.2011.pdf
[2012/09/05 11:51:06 | 000,145,556 | ---- | M] () -- C:\Users\Mike de Beer\Documents\2012.09.05 Change management for Roads at hard park.pdf
[2012/09/03 16:19:44 | 000,040,673 | ---- | M] () -- C:\Users\Mike de Beer\Documents\ZF_Contactors Certificate_JEFF_Aug 2012.pdf
[2012/09/03 16:17:28 | 000,803,847 | ---- | M] () -- C:\Users\Mike de Beer\Documents\SHE-REC-001 PLANNED TASK OBSERVATION.pdf
[2012/09/03 13:06:09 | 000,057,557 | ---- | M] () -- C:\Users\Mike de Beer\Documents\ZF_Payment_certificates_Anglo_Aug2012.pdf
[2012/09/03 12:56:12 | 000,051,333 | ---- | M] () -- C:\Users\Mike de Beer\Documents\ZF_Payment_certificates_Anglo_Aug2012.pdf.lqyay2l.partial
[2012/08/30 11:15:57 | 000,371,524 | ---- | M] () -- C:\Users\Mike de Beer\Documents\Environmental inspection_OC only_23 Aug 2012.pdf
[2012/08/28 10:00:23 | 000,530,342 | ---- | M] () -- C:\Users\Mike de Beer\Desktop\FIN-REC-009 EXPENDITURE REIMBURSEMENT CLAIM FORM FOR EMPLOYEES.pdf
[2012/08/28 09:47:32 | 000,002,585 | ---- | M] () -- C:\Users\Mike de Beer\Desktop\Microsoft Office Excel 2007.lnk

========== Files Created - No Company Name ==========

[2012/09/20 11:36:26 | 000,855,913 | ---- | C] () -- C:\Users\Mike de Beer\Documents\zibulovmpplanssep2012.zip
[2012/09/19 15:21:25 | 000,078,454 | ---- | C] () -- C:\Users\Mike de Beer\Desktop\20120919134443334 elmar.pdf
[2012/09/18 14:03:25 | 000,293,784 | ---- | C] () -- C:\Users\Mike de Beer\Desktop\2012090913_42_04_jpg.zip
[2012/09/17 11:08:09 | 000,029,892 | ---- | C] () -- C:\Users\Mike de Beer\Documents\SHE REPRESENTATIVE MEETING MINUTES 29 August 2012.pdf
[2012/09/06 14:42:04 | 000,362,104 | ---- | C] () -- C:\windows\System32\dmwu.exe
[2012/09/06 14:42:04 | 000,028,160 | ---- | C] () -- C:\windows\System32\ImHttpComm.dll
[2012/09/05 14:08:52 | 000,842,933 | ---- | C] () -- C:\Users\Mike de Beer\Documents\3455- Rigid Dumper Cat 777B 1.9.2011.pdf
[2012/09/05 11:51:06 | 000,145,556 | ---- | C] () -- C:\Users\Mike de Beer\Documents\2012.09.05 Change management for Roads at hard park.pdf
[2012/09/03 16:19:44 | 000,040,673 | ---- | C] () -- C:\Users\Mike de Beer\Documents\ZF_Contactors Certificate_JEFF_Aug 2012.pdf
[2012/09/03 16:16:57 | 000,803,847 | ---- | C] () -- C:\Users\Mike de Beer\Documents\SHE-REC-001 PLANNED TASK OBSERVATION.pdf
[2012/09/03 13:06:09 | 000,057,557 | ---- | C] () -- C:\Users\Mike de Beer\Documents\ZF_Payment_certificates_Anglo_Aug2012.pdf
[2012/09/03 12:56:10 | 000,051,333 | ---- | C] () -- C:\Users\Mike de Beer\Documents\ZF_Payment_certificates_Anglo_Aug2012.pdf.lqyay2l.partial
[2012/08/30 11:15:56 | 000,371,524 | ---- | C] () -- C:\Users\Mike de Beer\Documents\Environmental inspection_OC only_23 Aug 2012.pdf
[2012/08/28 10:00:23 | 000,530,342 | ---- | C] () -- C:\Users\Mike de Beer\Desktop\FIN-REC-009 EXPENDITURE REIMBURSEMENT CLAIM FORM FOR EMPLOYEES.pdf
[2012/03/15 20:20:47 | 000,000,680 | ---- | C] () -- C:\Users\Mike de Beer\AppData\Local\d3d9caps.dat
[2012/01/22 18:59:35 | 000,075,264 | ---- | C] () -- C:\Users\Mike de Beer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 20:47:57 | 000,134,453 | ---- | C] () -- C:\Users\Mike de Beer\AppData\Roaming\userenv.xml.urlencode
[2012/01/11 20:38:06 | 000,100,794 | ---- | C] () -- C:\Users\Mike de Beer\AppData\Roaming\userenv.xml
[2011/11/01 10:51:13 | 000,374,592 | ---- | C] () -- C:\Users\Mike de Beer\SysInspector-GUSTAV-111101-1039.zip
[2011/08/31 16:01:43 | 000,878,150 | ---- | C] () -- C:\Users\Mike de Beer\Water Management Plan Aug 2011.pdf
[2011/08/19 11:26:20 | 010,898,456 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2011/08/19 11:26:20 | 000,336,408 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2011/08/19 11:26:20 | 000,104,472 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2011/08/13 19:57:31 | 000,000,104 | ---- | C] () -- C:\Users\Mike de Beer\Computer - Shortcut.lnk
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 08:48:54 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2010/11/05 06:55:44 | 000,000,158 | ---- | C] () -- C:\windows\ricdb.ini
[2010/11/05 06:55:36 | 000,003,623 | ---- | C] () -- C:\windows\System32\RCA9E1A0.dat
[2010/11/05 06:55:32 | 000,000,062 | ---- | C] () -- C:\windows\System32\RPCS.ini
[2010/10/21 14:30:53 | 000,000,235 | ---- | C] () -- C:\windows\PCViewer.INI
[2010/10/14 20:12:20 | 000,000,004 | ---- | C] () -- C:\windows\vx86036.dat
[2010/10/14 20:11:11 | 000,000,068 | ---- | C] () -- C:\windows\Crypkey.ini
[2010/10/14 20:10:49 | 000,027,648 | R--- | C] () -- C:\windows\Setup_ck.exe
[2010/10/14 20:10:49 | 000,021,638 | ---- | C] () -- C:\windows\System32\Ckldrv.sys
[2010/10/14 20:10:49 | 000,018,432 | ---- | C] () -- C:\windows\Setup_ck.dll
[2010/10/14 20:10:49 | 000,011,776 | ---- | C] () -- C:\windows\Ckrfresh.exe
[2010/09/21 22:20:09 | 001,135,080 | ---- | C] () -- C:\Users\Mike de Beer\yahoomailuploader_0.5.exe
[2010/09/15 19:53:48 | 000,022,478 | ---- | C] () -- C:\Users\Mike de Beer\AppData\Roaming\UserTile.png
[2010/09/11 17:43:38 | 018,499,623 | ---- | C] () -- C:\Users\Mike de Beer\vlc-1.0.5-win32.exe
[2010/09/11 12:06:53 | 001,769,472 | ---- | C] () -- C:\Users\Mike de Beer\vlc-1.1.4-win32.exe
[2009/05/28 10:59:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/03/07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/03/07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

========== ZeroAccess Check ==========

[2006/11/02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/02 09:01:56 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\AVG10
[2009/04/03 09:03:52 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\BitDefender
[2012/04/16 04:32:07 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Canon
[2011/08/13 08:28:01 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\com.socialbox.socialbox
[2011/07/12 04:50:17 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\CupidChat
[2011/09/09 05:11:44 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\driveridentifier
[2012/04/06 08:45:01 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Easy MP3 Recorder
[2011/11/01 10:23:47 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\ESET
[2011/08/12 14:07:01 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\FlirtChat
[2012/06/24 06:09:57 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\FreeAudioPack
[2009/04/04 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\GARMIN
[2009/08/30 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Image Zone Express
[2009/07/01 15:47:02 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\InterVideo
[2011/09/30 13:05:46 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Leadertech
[2009/12/23 07:21:33 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Nokia
[2011/09/15 16:16:31 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\PC Cleaners
[2010/01/08 13:57:52 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\PC Suite
[2010/09/15 19:53:32 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\PeerNetworking
[2009/08/29 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Printer Info Cache
[2011/02/20 04:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Research In Motion
[2011/10/03 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Seagate
[2009/08/30 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Skinux
[2011/04/14 20:57:32 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\SmartDraw
[2010/02/03 20:20:24 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\SpinTop
[2010/02/03 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\SpinTop Games
[2012/09/02 12:30:28 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\start
[2011/11/01 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\support
[2010/08/14 17:54:56 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\TomTom
[2009/04/02 20:19:17 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Vodafone
[2012/03/09 13:44:32 | 000,000,000 | ---D | M] -- C:\Users\Mike de Beer\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9B27D3A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3325D6E9

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Gustavb64,

Welcome to Geekstogo.

Please download Malwarebytes' Anti-Malware from Here

Ensure your external harddrive is attached and on.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Finally in this post

  • Close all windows and open OTL again.
  • Click the None button at the top.
  • Under the Custom Scan box paste this in:
    netstat -ano | find "16464" /c
    netstat -ano | find "16465" /c
    netstat -ano | find "16470" /c
    netstat -ano | find "16471" /c
    netstat -ano | find "21810" /c
    netstat -ano | find "22292" /c
    netstat -ano | find "34354" /c
    netstat -ano | find "34355" /c
    /md5start
    services.*
    wbemess.dill
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
So when you return please post
  • MBAM report
  • aswMBR log
  • OTL.txt

  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP