Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Extremely slow Windows Vista [Closed]


  • This topic is locked This topic is locked

#1
Onfinals

Onfinals

    Member

  • Member
  • PipPip
  • 41 posts
Hi, suspected iMesh and/or other P2P software.

This machine is running extremely slow, and a forum techie mentioned that this may in large part be due to iMesh.

Here is the OTL log:

OTL logfile created on: 2013/10/05 06:20:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.50% Memory free
5.90 Gb Paging File | 3.66 Gb Available in Paging File | 62.03% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 69.86 Gb Free Space | 48.46% Space Free | Partition Type: NTFS
Drive D: | 144.15 Gb Total Space | 137.77 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive F: | 56.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
PRC - [2013/07/25 09:46:14 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2013/03/14 11:29:25 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/09/30 18:55:43 | 000,514,048 | ---- | M] () -- C:\Program Files\MTN Online\MTN Online.exe
PRC - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () -- C:\ProgramData\MTN Online\OnlineUpdate\ouc.exe
PRC - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe
PRC - [2011/03/14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/25 14:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/23 07:03:34 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/30 18:55:43 | 000,514,048 | ---- | M] () -- C:\Program Files\MTN Online\MTN Online.exe
MOD - [2011/09/30 18:54:41 | 000,185,344 | ---- | M] () -- C:\Program Files\MTN Online\XFramePlugin.dll
MOD - [2011/09/30 18:54:41 | 000,159,232 | ---- | M] () -- C:\Program Files\MTN Online\XCodec.dll
MOD - [2011/09/30 18:54:41 | 000,106,496 | ---- | M] () -- C:\Program Files\MTN Online\Win7Support.dll
MOD - [2011/09/30 18:54:40 | 000,826,880 | ---- | M] () -- C:\Program Files\MTN Online\SMSUIPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,670,720 | ---- | M] () -- C:\Program Files\MTN Online\SmsAppPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,635,904 | ---- | M] () -- C:\Program Files\MTN Online\USSDUIPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,313,344 | ---- | M] () -- C:\Program Files\MTN Online\StatusBarMgrPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,304,128 | ---- | M] () -- C:\Program Files\MTN Online\ToolBarMgrPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,261,632 | ---- | M] () -- C:\Program Files\MTN Online\sdk.dll
MOD - [2011/09/30 18:54:40 | 000,217,600 | ---- | M] () -- C:\Program Files\MTN Online\SmsSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,156,672 | ---- | M] () -- C:\Program Files\MTN Online\STKSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,142,336 | ---- | M] () -- C:\Program Files\MTN Online\USSDSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,135,168 | ---- | M] () -- C:\Program Files\MTN Online\Trace.dll
MOD - [2011/09/30 18:54:37 | 009,515,520 | ---- | M] () -- C:\Program Files\MTN Online\QtGui4.dll
MOD - [2011/09/30 18:54:37 | 001,148,416 | ---- | M] () -- C:\Program Files\MTN Online\QtNetwork4.dll
MOD - [2011/09/30 18:54:37 | 000,370,176 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qtiff4.dll
MOD - [2011/09/30 18:54:36 | 002,415,104 | ---- | M] () -- C:\Program Files\MTN Online\QtCore4.dll
MOD - [2011/09/30 18:54:35 | 001,101,824 | ---- | M] () -- C:\Program Files\MTN Online\NDISAPI.dll
MOD - [2011/09/30 18:54:35 | 000,562,688 | ---- | M] () -- C:\Program Files\MTN Online\NetInfoUIExPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,545,280 | ---- | M] () -- C:\Program Files\MTN Online\PluginContainer.dll
MOD - [2011/09/30 18:54:35 | 000,381,952 | ---- | M] () -- C:\Program Files\MTN Online\Proxy.dll
MOD - [2011/09/30 18:54:35 | 000,351,232 | ---- | M] () -- C:\Program Files\MTN Online\NetConnectPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,350,720 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qmng4.dll
MOD - [2011/09/30 18:54:35 | 000,278,528 | ---- | M] () -- C:\Program Files\MTN Online\NetInfoSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,269,824 | ---- | M] () -- C:\Program Files\MTN Online\LiveUpdateInterface.dll
MOD - [2011/09/30 18:54:35 | 000,249,856 | ---- | M] () -- C:\Program Files\MTN Online\MenuMgrPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,235,008 | ---- | M] () -- C:\Program Files\MTN Online\NetSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,192,000 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qjpeg4.dll
MOD - [2011/09/30 18:54:35 | 000,180,224 | ---- | M] () -- C:\Program Files\MTN Online\NDISPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,158,720 | ---- | M] () -- C:\Program Files\MTN Online\NetConnectSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,133,120 | ---- | M] () -- C:\Program Files\MTN Online\OSDialup.dll
MOD - [2011/09/30 18:54:35 | 000,131,072 | ---- | M] () -- C:\Program Files\MTN Online\OSNDIS.dll
MOD - [2011/09/30 18:54:35 | 000,101,376 | ---- | M] () -- C:\Program Files\MTN Online\OSAdapt.dll
MOD - [2011/09/30 18:54:35 | 000,093,184 | ---- | M] () -- C:\Program Files\MTN Online\NotifyServicePlugin.dll
MOD - [2011/09/30 18:54:35 | 000,082,944 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qgif4.dll
MOD - [2011/09/30 18:54:35 | 000,081,920 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qico4.dll
MOD - [2011/09/30 18:54:35 | 000,065,536 | ---- | M] () -- C:\Program Files\MTN Online\OSPowerMgr.dll
MOD - [2011/09/30 18:54:35 | 000,062,976 | ---- | M] () -- C:\Program Files\MTN Online\OSCall.dll
MOD - [2011/09/30 18:54:35 | 000,043,008 | ---- | M] () -- C:\Program Files\MTN Online\libgcc_s_dw2-1.dll
MOD - [2011/09/30 18:54:35 | 000,011,362 | ---- | M] () -- C:\Program Files\MTN Online\mingwm10.dll
MOD - [2011/09/30 18:54:34 | 001,077,248 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,796,672 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,550,400 | ---- | M] () -- C:\Program Files\MTN Online\CallAppPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,547,840 | ---- | M] () -- C:\Program Files\MTN Online\CallLogSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,521,728 | ---- | M] () -- C:\Program Files\MTN Online\DeviceMgrUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,439,296 | ---- | M] () -- C:\Program Files\MTN Online\core.dll
MOD - [2011/09/30 18:54:34 | 000,432,640 | ---- | M] () -- C:\Program Files\MTN Online\DialupUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,338,432 | ---- | M] () -- C:\Program Files\MTN Online\DeviceAppPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,301,568 | ---- | M] () -- C:\Program Files\MTN Online\DiagnosisPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,301,056 | ---- | M] () -- C:\Program Files\MTN Online\DeviceSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,264,704 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,238,080 | ---- | M] () -- C:\Program Files\MTN Online\AtCodec.dll
MOD - [2011/09/30 18:54:34 | 000,218,112 | ---- | M] () -- C:\Program Files\MTN Online\Common.dll
MOD - [2011/09/30 18:54:34 | 000,211,968 | ---- | M] () -- C:\Program Files\MTN Online\DialUpPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,176,128 | ---- | M] () -- C:\Program Files\MTN Online\CallSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,157,184 | ---- | M] () -- C:\Program Files\MTN Online\DataServicePlugin.dll
MOD - [2011/09/30 18:54:34 | 000,154,624 | ---- | M] () -- C:\Program Files\MTN Online\GpsSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,123,392 | ---- | M] () -- C:\Program Files\MTN Online\ATR2SMgr.dll
MOD - [2011/09/30 18:54:34 | 000,119,296 | ---- | M] () -- C:\Program Files\MTN Online\LayoutPlugin.dll
MOD - [2011/02/22 12:52:16 | 000,520,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\pompeius.dll
MOD - [2011/02/22 12:52:16 | 000,059,904 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\zlib1.dll
MOD - [2009/01/16 03:28:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/22 00:32:02 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/03/14 11:29:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MTN Online\UpdateDog\ouc.exe -- (MTN Online. RunOuc)
SRV - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/05/27 20:31:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/14 21:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (btwrchid)
DRV - [2013/09/24 06:37:15 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130924.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/23 07:03:31 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/09/02 07:21:17 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131004.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/02 07:21:16 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131004.035\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 11:00:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/27 11:00:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/14 03:30:21 | 000,392,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20131004.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/07/25 09:46:26 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/07/25 09:46:24 | 000,222,192 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/07/25 09:46:24 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/03/29 14:17:12 | 007,346,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2013/03/22 00:32:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2013/03/22 00:30:48 | 000,052,128 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2013/03/22 00:29:52 | 000,042,144 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2012/07/06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/05/04 14:21:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 08:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2012/03/29 08:28:34 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012/03/29 08:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012/03/29 08:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/02/25 18:02:26 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/30 18:19:00 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/01/30 18:19:00 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2010/12/24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 12:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2009/01/16 04:46:52 | 004,305,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/28 16:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/01/26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...travelmate_5730
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enZA331
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2013/05/26 23:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/10/04 09:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/05 12:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/05 12:55:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Leon\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files\PDF Suite\PDFIEHelper.dll (Interactive Brands)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files\PDF Suite\PDFIEPlugin.dll (Interactive Brands)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DJT790] "f:\hp plotter software\setup.exe" /mode nextstepsreboot File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\MTN Online\MTN Online.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CC42E9F-43AF-4946-BD74-10DF3CA1C9CA}: DhcpNameServer = 10.123.11.20 10.123.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{539FBF7E-C6B6-4FCD-BE9F-F51F784CEAE5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C959CEB2-B764-4DB7-B98D-7C538C41525B}: NameServer = 209.212.96.1 208.67.220.220
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/25 08:05:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/03/03 02:56:55 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dadfec6-eb83-11e0-bcd1-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2ce0b3a7-e9b3-11e0-80eb-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3b7-e9b3-11e0-80eb-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3c4-e9b3-11e0-80eb-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3d8-e9b3-11e0-80eb-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{356e5eb6-a796-11de-8333-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell - "" = AutoRun
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7df7bdae-a6a5-11de-b4b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell - "" = AutoRun
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell - "" = AutoRun
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell - "" = AutoRun
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{acbe0366-a6a2-11de-977b-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell\AutoRun\command - "" = H:\HPIP.exe
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell - "" = AutoRun
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell - "" = AutoRun
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/05 06:19:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/04 22:01:43 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/10/04 22:01:34 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/09/23 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2013/09/12 07:00:46 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{57BE9338-0306-4AFD-90A4-ABAF937B07A7}
[2013/09/11 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{2542CDA3-B62E-4900-9BC8-917D2E28F1D7}
[2013/09/11 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{8B2B9C19-438C-4C91-8F46-82E8136FA499}
[2013/09/05 08:31:41 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{B010BEF4-A6A4-4314-90C3-DB045A91260F}
[2010/05/21 12:51:16 | 000,161,000 | ---- | C] (Trusteer Ltd.) -- C:\Users\Leon\RapportSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/10/05 06:25:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/05 06:24:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/05 05:39:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/05 05:39:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 21:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 15:16:50 | 000,000,103 | ---- | M] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:15 | 000,001,684 | ---- | M] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/04 09:50:34 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 09:13:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/10/04 09:12:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/04 09:12:37 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2013/10/03 08:55:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/10/01 16:39:57 | 000,047,926 | ---- | M] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/09/26 15:54:09 | 000,002,587 | ---- | M] () -- C:\Users\Leon\Desktop\Microsoft Office Word 2007.lnk
[2013/09/21 21:43:29 | 000,648,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/21 21:43:29 | 000,124,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/14 04:04:32 | 000,447,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/04 15:16:50 | 000,000,103 | ---- | C] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:14 | 000,001,684 | ---- | C] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/01 16:39:57 | 000,047,926 | ---- | C] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/03/22 00:38:03 | 000,396,653 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/22 13:06:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/03 19:55:26 | 009,568,768 | ---- | C] () -- C:\Users\Leon\Vodafone Mobile Connect.msi
[2012/10/03 19:55:26 | 000,003,584 | ---- | C] () -- C:\Users\Leon\2057.MST
[2012/09/16 20:43:55 | 005,010,369 | ---- | C] () -- C:\Users\Leon\This Video Will Shock South African people.wmv
[2012/08/01 15:51:25 | 000,001,140 | ---- | C] () -- C:\Users\Leon\help file.htm
[2012/07/30 13:24:23 | 000,002,910 | ---- | C] () -- C:\Users\Leon\transition.htm
[2012/07/13 07:42:27 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012/02/05 12:35:31 | 092,199,288 | ---- | C] () -- C:\Users\Leon\Nokia_Suite_webinstaller_ALL.exe
[2012/02/03 17:18:29 | 015,559,559 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\SMRBackup250.dat
[2011/11/24 11:31:23 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/01/21 20:34:29 | 000,014,520 | -H-- | C] () -- C:\Users\Leon\ZbThumbnail.info
[2010/12/05 19:47:20 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Local\mxfilerelatedcache.mxc2
[2010/12/05 19:47:19 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Roaming\mxfilerelatedcache.mxc2
[2010/12/05 19:47:17 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\mxfilerelatedcache.mxc2
[2010/10/31 20:32:03 | 001,648,929 | ---- | C] () -- C:\Users\Leon\IMG_0596.JPG
[2010/10/31 20:32:03 | 001,526,511 | ---- | C] () -- C:\Users\Leon\IMG_0593.JPG
[2009/11/04 21:19:44 | 000,452,670 | ---- | C] () -- C:\Users\Leon\eee4.pdf
[2009/11/04 21:19:26 | 000,484,332 | ---- | C] () -- C:\Users\Leon\eee3.pdf
[2009/11/04 21:19:08 | 000,464,914 | ---- | C] () -- C:\Users\Leon\eee2.pdf
[2009/11/04 21:18:44 | 000,496,860 | ---- | C] () -- C:\Users\Leon\eee1.pdf
[2009/09/24 17:47:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/01 21:49:35 | 000,121,344 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 03:30:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/22 21:35:40 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Acer
[2012/09/25 08:14:13 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Autodesk
[2012/03/19 13:41:05 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Bentley
[2011/12/27 11:50:06 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Canon
[2009/06/19 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\eSobi
[2009/06/16 15:05:13 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\GARMIN
[2012/09/24 16:17:56 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\IGC
[2011/09/18 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\IMSIDesign
[2009/05/28 03:30:45 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\InterVideo
[2011/01/21 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\MAGIX
[2011/10/16 23:36:08 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Nikon
[2012/02/05 12:57:22 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Nokia
[2012/02/05 13:09:26 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\PC Suite
[2009/09/07 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\PDF Software
[2011/10/23 09:53:46 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Tific
[2010/05/21 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Trusteer
[2009/09/21 13:47:37 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Vodafone
[2011/10/04 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Western Digital

========== Purity Check ==========



< End of report >

All malware, Acer or P2P stuff can go. Thanks for any help.
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :)

Are you experiencing any other symptoms other than extreme slowness?

Let's run a couple of scans and get a deeper look at your system. :) Please follow the steps below:


Step 1: Custom OTL Scan

Start OTL

  • Close any open windows and then double click (Vists, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.

Posted Image

  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.



Step 2: aswMBR Scan


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit


Things I need to see in your next post:

  • New OTL Log
  • New Extras Log
  • aswMBR Log

  • 0

#3
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thank you, I think I got done what is needed...

1) OTL Log:

OTL logfile created on: 2013/10/05 07:55:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.44% Memory free
5.90 Gb Paging File | 4.27 Gb Available in Paging File | 72.43% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 69.60 Gb Free Space | 48.27% Space Free | Partition Type: NTFS
Drive D: | 144.15 Gb Total Space | 137.77 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive F: | 56.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
PRC - [2013/07/25 09:46:14 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () -- C:\ProgramData\MTN Online\OnlineUpdate\ouc.exe
PRC - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe
PRC - [2011/03/14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/25 14:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/23 07:03:34 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/02/22 12:52:16 | 000,520,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\pompeius.dll
MOD - [2011/02/22 12:52:16 | 000,059,904 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\zlib1.dll
MOD - [2009/01/16 03:28:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/22 00:32:02 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/03/14 11:29:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MTN Online\UpdateDog\ouc.exe -- (MTN Online. RunOuc)
SRV - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/05/27 20:31:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/14 21:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (btwrchid)
DRV - [2013/09/24 06:37:15 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130924.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/23 07:03:31 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/09/02 07:21:17 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/02 07:21:16 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 11:00:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/27 11:00:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/14 03:30:21 | 000,392,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20131004.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/07/25 09:46:26 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/07/25 09:46:24 | 000,222,192 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/07/25 09:46:24 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/03/29 14:17:12 | 007,346,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2013/03/22 00:32:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2013/03/22 00:30:48 | 000,052,128 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2013/03/22 00:29:52 | 000,042,144 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2012/07/06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/05/04 14:21:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 08:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2012/03/29 08:28:34 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012/03/29 08:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012/03/29 08:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/02/25 18:02:26 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/30 18:19:00 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/01/30 18:19:00 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2010/12/24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 12:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2009/01/16 04:46:52 | 004,305,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/28 16:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/01/26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...travelmate_5730
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enZA331
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2013/05/26 23:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/10/04 09:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/05 12:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/05 12:55:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Leon\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files\PDF Suite\PDFIEHelper.dll (Interactive Brands)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files\PDF Suite\PDFIEPlugin.dll (Interactive Brands)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DJT790] "f:\hp plotter software\setup.exe" /mode nextstepsreboot File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\MTN Online\MTN Online.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CC42E9F-43AF-4946-BD74-10DF3CA1C9CA}: DhcpNameServer = 10.123.11.20 10.123.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{539FBF7E-C6B6-4FCD-BE9F-F51F784CEAE5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/25 08:05:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/03/03 02:56:55 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dadfec6-eb83-11e0-bcd1-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2ce0b3a7-e9b3-11e0-80eb-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3b7-e9b3-11e0-80eb-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3c4-e9b3-11e0-80eb-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3d8-e9b3-11e0-80eb-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{356e5eb6-a796-11de-8333-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell - "" = AutoRun
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7df7bdae-a6a5-11de-b4b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell - "" = AutoRun
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell - "" = AutoRun
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell - "" = AutoRun
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{acbe0366-a6a2-11de-977b-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell\AutoRun\command - "" = H:\HPIP.exe
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell - "" = AutoRun
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell - "" = AutoRun
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/05 06:19:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/04 22:01:43 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/10/04 22:01:34 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/09/23 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2013/09/16 07:09:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/16 07:09:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/16 07:09:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/16 07:09:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/16 07:09:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/16 07:09:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/16 07:09:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/16 07:09:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/13 11:11:01 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/12 07:00:46 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{57BE9338-0306-4AFD-90A4-ABAF937B07A7}
[2013/09/11 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{2542CDA3-B62E-4900-9BC8-917D2E28F1D7}
[2013/09/11 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{8B2B9C19-438C-4C91-8F46-82E8136FA499}
[2010/05/21 12:51:16 | 000,161,000 | ---- | C] (Trusteer Ltd.) -- C:\Users\Leon\RapportSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/10/05 19:39:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/05 19:39:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/05 19:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/05 19:24:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/05 09:24:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/04 21:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 15:16:50 | 000,000,103 | ---- | M] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:15 | 000,001,684 | ---- | M] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/04 09:13:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/10/04 09:12:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/04 09:12:37 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2013/10/03 08:55:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/10/01 16:39:57 | 000,047,926 | ---- | M] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/09/26 15:54:09 | 000,002,587 | ---- | M] () -- C:\Users\Leon\Desktop\Microsoft Office Word 2007.lnk
[2013/09/21 21:43:29 | 000,648,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/21 21:43:29 | 000,124,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/14 04:04:32 | 000,447,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/04 15:16:50 | 000,000,103 | ---- | C] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:14 | 000,001,684 | ---- | C] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/01 16:39:57 | 000,047,926 | ---- | C] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/03/22 00:38:03 | 000,396,653 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/22 13:06:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/03 19:55:26 | 009,568,768 | ---- | C] () -- C:\Users\Leon\Vodafone Mobile Connect.msi
[2012/10/03 19:55:26 | 000,003,584 | ---- | C] () -- C:\Users\Leon\2057.MST
[2012/09/16 20:43:55 | 005,010,369 | ---- | C] () -- C:\Users\Leon\This Video Will Shock South African people.wmv
[2012/08/01 15:51:25 | 000,001,140 | ---- | C] () -- C:\Users\Leon\help file.htm
[2012/07/30 13:24:23 | 000,002,910 | ---- | C] () -- C:\Users\Leon\transition.htm
[2012/07/13 07:42:27 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012/02/05 12:35:31 | 092,199,288 | ---- | C] () -- C:\Users\Leon\Nokia_Suite_webinstaller_ALL.exe
[2012/02/03 17:18:29 | 015,559,559 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\SMRBackup250.dat
[2011/11/24 11:31:23 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/01/21 20:34:29 | 000,014,520 | -H-- | C] () -- C:\Users\Leon\ZbThumbnail.info
[2010/12/05 19:47:20 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Local\mxfilerelatedcache.mxc2
[2010/12/05 19:47:19 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Roaming\mxfilerelatedcache.mxc2
[2010/12/05 19:47:17 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\mxfilerelatedcache.mxc2
[2010/10/31 20:32:03 | 001,648,929 | ---- | C] () -- C:\Users\Leon\IMG_0596.JPG
[2010/10/31 20:32:03 | 001,526,511 | ---- | C] () -- C:\Users\Leon\IMG_0593.JPG
[2009/11/04 21:19:44 | 000,452,670 | ---- | C] () -- C:\Users\Leon\eee4.pdf
[2009/11/04 21:19:26 | 000,484,332 | ---- | C] () -- C:\Users\Leon\eee3.pdf
[2009/11/04 21:19:08 | 000,464,914 | ---- | C] () -- C:\Users\Leon\eee2.pdf
[2009/11/04 21:18:44 | 000,496,860 | ---- | C] () -- C:\Users\Leon\eee1.pdf
[2009/09/24 17:47:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/01 21:49:35 | 000,121,344 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 03:30:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/22 21:35:40 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Acer
[2012/09/25 08:14:13 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Autodesk
[2012/03/19 13:41:05 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Bentley
[2011/12/27 11:50:06 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Canon
[2009/06/19 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\eSobi
[2009/06/16 15:05:13 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\GARMIN
[2012/09/24 16:17:56 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\IGC
[2011/09/18 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\IMSIDesign
[2009/05/28 03:30:45 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\InterVideo
[2011/01/21 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\MAGIX
[2011/10/16 23:36:08 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Nikon
[2012/02/05 12:57:22 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Nokia
[2012/02/05 13:09:26 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\PC Suite
[2009/09/07 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\PDF Software
[2011/10/23 09:53:46 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Tific
[2010/05/21 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Trusteer
[2009/09/21 13:47:37 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Vodafone
[2011/10/04 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Western Digital

========== Purity Check ==========



< End of report >


2) Extras Log:

OTL Extras logfile created on: 2013/10/05 06:20:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.50% Memory free
5.90 Gb Paging File | 3.66 Gb Available in Paging File | 62.03% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 69.86 Gb Free Space | 48.46% Space Free | Partition Type: NTFS
Drive D: | 144.15 Gb Total Space | 137.77 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive F: | 56.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1794F089-F2C4-4304-A23D-923FAA286CF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{260226A9-27A7-4B84-82C4-CC784FADD3F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38580036-2D3F-4CF5-AFBA-40362B8CDEC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{38FEC9A8-7DB9-4A7D-AA82-14B9294FFD78}" = rport=137 | protocol=17 | dir=out | app=system |
"{45C43999-5257-4B10-B618-71BC31310288}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4DFCD8E1-B7CE-4180-872D-07B507872D60}" = rport=139 | protocol=6 | dir=out | app=system |
"{57B6C0EE-D896-4B5A-B7EC-680A949443AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA4CC68B-3D70-4584-B813-14AEEC72B4C6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CDDA680C-1271-46B4-993E-5FE40AD71969}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF36E9E8-6F96-4906-8485-DBB59DC891D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E4C0E6DD-4B50-4D8E-9FDA-835F3F61D3AE}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA01AA13-9FC6-49DF-875C-9568962E4597}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F7BE66DC-2153-40F2-8F8B-D06545843D1D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D6F03C-CA0D-4DAE-83B8-13C4712279E6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{03F9C1DE-CD36-4932-96DD-11ED89181648}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{128F614A-B0F6-4C5F-A200-948EDED18A7E}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{1FCF0A12-7FC5-448F-9701-7F6859D2C53B}" = protocol=58 | dir=out | [email protected],-28546 |
"{21CF4414-8C60-4DEE-B198-F4F5B890BEB4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{294F9E0D-5E06-4AFD-BAE0-5434E21E80E8}" = protocol=58 | dir=in | [email protected],-28545 |
"{523345A3-BF0B-48D4-A5D0-F6D5BAB97724}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{66B9294E-AA70-41B7-8A1D-8099CF479882}" = protocol=1 | dir=in | [email protected]i.dll,-28543 |
"{69B086C7-5943-449B-B166-DC67016A5178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BE0942D-A697-4CCC-93B6-5DD7FF2F1252}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{6FB5EE24-9D67-498E-93BE-021C3BB41E28}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{72ED2341-B8DA-4EE9-AE10-7092A0CA3EAA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{76BC39CD-525E-4C1C-A532-42A141337DA4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7C2B8725-FA84-4CC2-8628-0E109DAC8D5C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{7FE29D50-7232-45B2-8B80-7E124C750400}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9CC4E3CF-88B5-4998-86EF-5F4E10A3529A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9DF36B97-5BCB-43AD-BB87-8724230C9A1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A11A16D0-4B56-4A96-B632-83AC5EE01774}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AFF2AD53-8F4D-4D32-980C-A1CCA88F8A7F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B0F3A2CA-B981-47D8-9352-2ACA55DC39E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C09222C9-70AB-4CFF-B5C5-5585D184FCBB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{CB686B15-9848-43E6-B621-3337B9B6C535}" = protocol=1 | dir=out | [email protected],-28544 |
"{E1EF90F5-3363-42DF-9007-F3263938AF3A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F6A1E561-3FA9-4CFE-B617-DCCC7FC62931}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{F877EFE5-A197-4173-BE19-D7CCCB3B62CE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{FED75D93-B098-448A-9000-9B7652ACAF4F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A400C1-8BDA-F414-CBDB-3505CBA6202D}" = Catalyst Control Center Localization Thai
"{02FF8997-F547-A1A6-C8F7-613B8AC1EB9C}" = Catalyst Control Center Graphics Light
"{088EA7F1-6DF1-4ADD-CBCA-19EEE2F659B2}" = CCC Help Norwegian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B47426E-36A1-152B-6DDA-BC76FB15879F}" = Catalyst Control Center Localization Chinese Traditional
"{0EF6383A-7F55-36C9-4ED9-473F75468A98}" = CCC Help Italian
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1754A032-F747-4233-E4D0-406E2F782CDE}" = CCC Help Japanese
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B8DA948-E5AB-3F68-175A-81A07DD57939}" = CCC Help Hungarian
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E2423C8-1A66-CE87-C69B-5EECE4CB820E}" = CCC Help Spanish
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8C81E5-ACBD-22CE-09A0-89BFCF99CFAB}" = ccc-utility
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2323E969-2CE5-3ECE-F343-4B2A5634C45D}" = Catalyst Control Center InstallProxy
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{25AF3759-CB94-430B-DE41-69FEC1AE3D51}" = Catalyst Control Center Localization Turkish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35AC32DA-844D-034A-244A-F711A547164B}" = CCC Help Polish
"{3A5F4680-8B45-4D84-B9EE-89CFE2E40650}" = TurboCAD Deluxe 15
"{3B539C5E-14C8-43F7-315F-D3DE58ED06F6}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6A32F-F693-FA7D-1436-3A0EC93C2784}" = Catalyst Control Center Localization Japanese
"{41073C0A-2319-C5AB-ED19-3AD36E07EF93}" = Catalyst Control Center Localization Italian
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{41725AB8-C848-54B4-4E67-E90E081A2A9D}" = CCC Help English
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47DEC35B-0813-415F-BEDA-7F0DA5A7E778}" = HP Utility
"{4A119596-C9AF-2F32-32C8-00CE41094D86}" = Catalyst Control Center Localization Chinese Standard
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B297C42-D246-2976-0938-22EBDCFF6528}" = Catalyst Control Center Localization Polish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5473841B-CBA7-2055-1BE0-442293EAC1AE}" = Catalyst Control Center Localization Czech
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{5783F2D7-B028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57E388A8-A412-4815-911E-1E79DED45FF0}" = HP ePrint and Share
"{58E4D8CB-F90F-4EAF-9306-726C529513FD}" = 32 Bit HP CIO Components Installer
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B46DBF6-8DD1-7437-1AC5-07A39BD9BC55}" = Catalyst Control Center Localization Danish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62ABB8F1-295E-4032-BCD1-782497EFFB4F}" = TurboCAD Symbols
"{62F2E794-A438-3ABA-150E-83BABC73D044}" = CCC Help Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683C8163-59EC-4D26-A35D-79210519ACE1}" = Garmap Africa Series 2008 Southern Africa Streetmaps, March Edition
"{6951E8E4-2B1F-5C66-B9F7-C3682C4A5697}" = ccc-core-static
"{69ACD15D-7878-FBBD-1F70-17C057BB5428}" = CCC Help Finnish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7287BDE7-797C-E673-B814-2B25B8353DE7}" = Catalyst Control Center Localization Greek
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{79F5F068-AB2B-ABCD-F49D-821117FDEA25}" = Catalyst Control Center Localization Finnish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
"{8259246D-E3FB-A1C9-B0DD-6F011720CBC5}" = CCC Help Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88DF9268-6C74-CA61-5852-C3872DF18D93}" = CCC Help Russian
"{89E61D45-F5DF-D1E9-571D-E137D4CCBB72}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9065F4FF-3CCE-33A4-6D36-22E55DCFE637}" = CCC Help Chinese Traditional
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9304A431-32E5-78A5-EA03-897EF259F7E1}" = CCC Help Danish
"{93F8184E-A4BD-74E7-5A0D-D7E045AA2D13}" = Catalyst Control Center Localization Portuguese
"{94CFDDD1-E0E8-3A39-9CB6-FA91E632E826}" = Catalyst Control Center Localization Korean
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FFD6172-EF28-9ED8-24F2-4E25CA28706C}" = Catalyst Control Center Localization Hungarian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2B8A03D-9A30-D641-F083-BCD56AAC571B}" = CCC Help Turkish
"{A38A7F23-51D0-BEE7-E82A-D7A1823AAEE0}" = Catalyst Control Center Localization German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C32EAC-9262-9BB8-89A3-96DB1C7CA2C7}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{BEA5612C-D3FD-419C-99A3-5C9EE8282197}" = HP ICC Profiles
"{BFAED765-9E9E-0586-ABBF-FB73392E1594}" = CCC Help French
"{C28DA486-02EE-AE1E-8A2C-6CD98DF0135D}" = CCC Help Swedish
"{C57AA24F-FA96-3D73-3096-B0BABFF8BC26}" = Catalyst Control Center Localization Swedish
"{C5BDC212-AA0C-5F9C-9FDD-860128E6B000}" = CCC Help Greek
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7750329-B69A-5AF0-C5F5-E92AE77EEEC5}" = Catalyst Control Center Localization Dutch
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2A5FC5-8DAA-B847-DF57-F4339B3BB682}" = Catalyst Control Center Localization Norwegian
"{CB70345C-C724-E6B9-4BE6-514A75EB6CEE}" = Catalyst Control Center Graphics Full New
"{CB84BB40-BF16-9DD7-558C-A8A8045651CE}" = Catalyst Control Center Core Implementation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D2FF897E-4A99-446E-8BB4-DD99CD496838}" = HP Web Registration
"{D3439F7D-162E-456D-BCF0-1AEFF31A16D2}" = Garmap Africa Series 2008 Southern Africa Topo & Rec, March Edition
"{D3A0A8B3-07C9-76EC-79DC-D43DFDC8B2E0}" = CCC Help Czech
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DA2176E1-5F64-E581-7C13-0C6763B64A5D}" = Catalyst Control Center Localization Russian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17D02CF-7EF8-E4D4-F857-2B8C00A0A5F5}" = CCC Help Chinese Standard
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E533B61F-3176-56D2-4F4F-8A5138E50546}" = CCC Help Dutch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E725E149-E30B-47BE-71BF-BE4CF259A38A}" = ATI Catalyst Install Manager
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEFE2024-B465-F6AC-E154-FCC040CB7A31}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F2D239EC-F135-1612-D6B4-24FF583F6AFB}" = CCC Help Portuguese
"{F3832CA5-630A-337D-6971-04693BB0E1D2}" = Catalyst Control Center Localization Spanish
"{F92679BF-CA1F-4DD3-8269-A40A9AD873B1}" = Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
"{FC02B4DC-D0F0-EEE3-C4AE-177BFF552DB1}" = Catalyst Control Center Localization French
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MG5100 series User Registration" = Canon MG5100 series User Registration
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP550 series User Registration" = Canon MP550 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DWG TrueView 2013" = DWG TrueView 2013
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MTN [email protected]" = MTN Online
"MyCamera" = Canon Utilities MyCamera
"N360" = Norton 360
"Nokia Suite" = Nokia Suite
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Rapport_msi" = Trusteer Endpoint Protection
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T4A Maps Traveller's Africa 9.05" = T4A Maps Traveller's Africa 9.05
"T4A Maps Traveller's Africa 9.10" = T4A Maps Traveller's Africa 9.10
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WEB Partner" = WEB Partner
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Suite 2009" = PDF Suite 2009 v9.0.6.111

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013/10/01 12:07:41 PM | Computer Name = Leon-PC | Source = EventSystem | ID = 4621
Description =

Error - 2013/10/02 03:07:48 AM | Computer Name = Leon-PC | Source = WinMgmt | ID = 10
Description =

Error - 2013/10/02 03:35:36 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 03:35:36 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 03:35:37 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 03:35:37 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 04:15:11 AM | Computer Name = Leon-PC | Source = Application Error | ID = 1000
Description = Faulting application MTN Online.exe, version 0.0.0.0, time stamp 0x4dfb065b,
faulting module SmsAppPlugin.dll, version 0.0.0.0, time stamp 0x4dfb01e9, exception
code 0xc0000005, fault offset 0x00014507, process id 0xcbc, application start time
0x01cebf47798f9800.

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = WinMgmt | ID = 10
Description =

Error - 2013/10/04 03:13:34 AM | Computer Name = Leon-PC | Source = WinMgmt | ID = 10
Description =

Error - 2013/10/04 04:03:16 PM | Computer Name = Leon-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 11.2.3.6, time stamp 0x4fdbcf1d,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x20000000, process id 0xf00, application start time 0x01cec0d66142c840.

[ System Events ]
Error - 2013/10/02 11:13:33 AM | Computer Name = Leon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 05:10:59 PM on 2013/10/02 was unexpected.

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2013/10/02 11:19:28 AM | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

3: aswMBR scan

OTL Extras logfile created on: 2013/10/05 06:20:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.50% Memory free
5.90 Gb Paging File | 3.66 Gb Available in Paging File | 62.03% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 69.86 Gb Free Space | 48.46% Space Free | Partition Type: NTFS
Drive D: | 144.15 Gb Total Space | 137.77 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive F: | 56.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1794F089-F2C4-4304-A23D-923FAA286CF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{260226A9-27A7-4B84-82C4-CC784FADD3F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38580036-2D3F-4CF5-AFBA-40362B8CDEC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{38FEC9A8-7DB9-4A7D-AA82-14B9294FFD78}" = rport=137 | protocol=17 | dir=out | app=system |
"{45C43999-5257-4B10-B618-71BC31310288}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4DFCD8E1-B7CE-4180-872D-07B507872D60}" = rport=139 | protocol=6 | dir=out | app=system |
"{57B6C0EE-D896-4B5A-B7EC-680A949443AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA4CC68B-3D70-4584-B813-14AEEC72B4C6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CDDA680C-1271-46B4-993E-5FE40AD71969}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF36E9E8-6F96-4906-8485-DBB59DC891D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E4C0E6DD-4B50-4D8E-9FDA-835F3F61D3AE}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA01AA13-9FC6-49DF-875C-9568962E4597}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F7BE66DC-2153-40F2-8F8B-D06545843D1D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D6F03C-CA0D-4DAE-83B8-13C4712279E6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{03F9C1DE-CD36-4932-96DD-11ED89181648}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{128F614A-B0F6-4C5F-A200-948EDED18A7E}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{1FCF0A12-7FC5-448F-9701-7F6859D2C53B}" = protocol=58 | dir=out | [email protected],-28546 |
"{21CF4414-8C60-4DEE-B198-F4F5B890BEB4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{294F9E0D-5E06-4AFD-BAE0-5434E21E80E8}" = protocol=58 | dir=in | [email protected],-28545 |
"{523345A3-BF0B-48D4-A5D0-F6D5BAB97724}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{66B9294E-AA70-41B7-8A1D-8099CF479882}" = protocol=1 | dir=in | [email protected],-28543 |
"{69B086C7-5943-449B-B166-DC67016A5178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BE0942D-A697-4CCC-93B6-5DD7FF2F1252}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{6FB5EE24-9D67-498E-93BE-021C3BB41E28}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{72ED2341-B8DA-4EE9-AE10-7092A0CA3EAA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{76BC39CD-525E-4C1C-A532-42A141337DA4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7C2B8725-FA84-4CC2-8628-0E109DAC8D5C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{7FE29D50-7232-45B2-8B80-7E124C750400}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9CC4E3CF-88B5-4998-86EF-5F4E10A3529A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9DF36B97-5BCB-43AD-BB87-8724230C9A1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A11A16D0-4B56-4A96-B632-83AC5EE01774}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AFF2AD53-8F4D-4D32-980C-A1CCA88F8A7F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B0F3A2CA-B981-47D8-9352-2ACA55DC39E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C09222C9-70AB-4CFF-B5C5-5585D184FCBB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{CB686B15-9848-43E6-B621-3337B9B6C535}" = protocol=1 | dir=out | [email protected],-28544 |
"{E1EF90F5-3363-42DF-9007-F3263938AF3A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F6A1E561-3FA9-4CFE-B617-DCCC7FC62931}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{F877EFE5-A197-4173-BE19-D7CCCB3B62CE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{FED75D93-B098-448A-9000-9B7652ACAF4F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A400C1-8BDA-F414-CBDB-3505CBA6202D}" = Catalyst Control Center Localization Thai
"{02FF8997-F547-A1A6-C8F7-613B8AC1EB9C}" = Catalyst Control Center Graphics Light
"{088EA7F1-6DF1-4ADD-CBCA-19EEE2F659B2}" = CCC Help Norwegian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B47426E-36A1-152B-6DDA-BC76FB15879F}" = Catalyst Control Center Localization Chinese Traditional
"{0EF6383A-7F55-36C9-4ED9-473F75468A98}" = CCC Help Italian
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1754A032-F747-4233-E4D0-406E2F782CDE}" = CCC Help Japanese
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B8DA948-E5AB-3F68-175A-81A07DD57939}" = CCC Help Hungarian
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E2423C8-1A66-CE87-C69B-5EECE4CB820E}" = CCC Help Spanish
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8C81E5-ACBD-22CE-09A0-89BFCF99CFAB}" = ccc-utility
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2323E969-2CE5-3ECE-F343-4B2A5634C45D}" = Catalyst Control Center InstallProxy
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{25AF3759-CB94-430B-DE41-69FEC1AE3D51}" = Catalyst Control Center Localization Turkish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35AC32DA-844D-034A-244A-F711A547164B}" = CCC Help Polish
"{3A5F4680-8B45-4D84-B9EE-89CFE2E40650}" = TurboCAD Deluxe 15
"{3B539C5E-14C8-43F7-315F-D3DE58ED06F6}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6A32F-F693-FA7D-1436-3A0EC93C2784}" = Catalyst Control Center Localization Japanese
"{41073C0A-2319-C5AB-ED19-3AD36E07EF93}" = Catalyst Control Center Localization Italian
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{41725AB8-C848-54B4-4E67-E90E081A2A9D}" = CCC Help English
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47DEC35B-0813-415F-BEDA-7F0DA5A7E778}" = HP Utility
"{4A119596-C9AF-2F32-32C8-00CE41094D86}" = Catalyst Control Center Localization Chinese Standard
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B297C42-D246-2976-0938-22EBDCFF6528}" = Catalyst Control Center Localization Polish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5473841B-CBA7-2055-1BE0-442293EAC1AE}" = Catalyst Control Center Localization Czech
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{5783F2D7-B028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57E388A8-A412-4815-911E-1E79DED45FF0}" = HP ePrint and Share
"{58E4D8CB-F90F-4EAF-9306-726C529513FD}" = 32 Bit HP CIO Components Installer
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B46DBF6-8DD1-7437-1AC5-07A39BD9BC55}" = Catalyst Control Center Localization Danish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62ABB8F1-295E-4032-BCD1-782497EFFB4F}" = TurboCAD Symbols
"{62F2E794-A438-3ABA-150E-83BABC73D044}" = CCC Help Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683C8163-59EC-4D26-A35D-79210519ACE1}" = Garmap Africa Series 2008 Southern Africa Streetmaps, March Edition
"{6951E8E4-2B1F-5C66-B9F7-C3682C4A5697}" = ccc-core-static
"{69ACD15D-7878-FBBD-1F70-17C057BB5428}" = CCC Help Finnish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7287BDE7-797C-E673-B814-2B25B8353DE7}" = Catalyst Control Center Localization Greek
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{79F5F068-AB2B-ABCD-F49D-821117FDEA25}" = Catalyst Control Center Localization Finnish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
"{8259246D-E3FB-A1C9-B0DD-6F011720CBC5}" = CCC Help Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88DF9268-6C74-CA61-5852-C3872DF18D93}" = CCC Help Russian
"{89E61D45-F5DF-D1E9-571D-E137D4CCBB72}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9065F4FF-3CCE-33A4-6D36-22E55DCFE637}" = CCC Help Chinese Traditional
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9304A431-32E5-78A5-EA03-897EF259F7E1}" = CCC Help Danish
"{93F8184E-A4BD-74E7-5A0D-D7E045AA2D13}" = Catalyst Control Center Localization Portuguese
"{94CFDDD1-E0E8-3A39-9CB6-FA91E632E826}" = Catalyst Control Center Localization Korean
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FFD6172-EF28-9ED8-24F2-4E25CA28706C}" = Catalyst Control Center Localization Hungarian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2B8A03D-9A30-D641-F083-BCD56AAC571B}" = CCC Help Turkish
"{A38A7F23-51D0-BEE7-E82A-D7A1823AAEE0}" = Catalyst Control Center Localization German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C32EAC-9262-9BB8-89A3-96DB1C7CA2C7}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{BEA5612C-D3FD-419C-99A3-5C9EE8282197}" = HP ICC Profiles
"{BFAED765-9E9E-0586-ABBF-FB73392E1594}" = CCC Help French
"{C28DA486-02EE-AE1E-8A2C-6CD98DF0135D}" = CCC Help Swedish
"{C57AA24F-FA96-3D73-3096-B0BABFF8BC26}" = Catalyst Control Center Localization Swedish
"{C5BDC212-AA0C-5F9C-9FDD-860128E6B000}" = CCC Help Greek
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7750329-B69A-5AF0-C5F5-E92AE77EEEC5}" = Catalyst Control Center Localization Dutch
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2A5FC5-8DAA-B847-DF57-F4339B3BB682}" = Catalyst Control Center Localization Norwegian
"{CB70345C-C724-E6B9-4BE6-514A75EB6CEE}" = Catalyst Control Center Graphics Full New
"{CB84BB40-BF16-9DD7-558C-A8A8045651CE}" = Catalyst Control Center Core Implementation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D2FF897E-4A99-446E-8BB4-DD99CD496838}" = HP Web Registration
"{D3439F7D-162E-456D-BCF0-1AEFF31A16D2}" = Garmap Africa Series 2008 Southern Africa Topo & Rec, March Edition
"{D3A0A8B3-07C9-76EC-79DC-D43DFDC8B2E0}" = CCC Help Czech
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DA2176E1-5F64-E581-7C13-0C6763B64A5D}" = Catalyst Control Center Localization Russian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17D02CF-7EF8-E4D4-F857-2B8C00A0A5F5}" = CCC Help Chinese Standard
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E533B61F-3176-56D2-4F4F-8A5138E50546}" = CCC Help Dutch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E725E149-E30B-47BE-71BF-BE4CF259A38A}" = ATI Catalyst Install Manager
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEFE2024-B465-F6AC-E154-FCC040CB7A31}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F2D239EC-F135-1612-D6B4-24FF583F6AFB}" = CCC Help Portuguese
"{F3832CA5-630A-337D-6971-04693BB0E1D2}" = Catalyst Control Center Localization Spanish
"{F92679BF-CA1F-4DD3-8269-A40A9AD873B1}" = Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
"{FC02B4DC-D0F0-EEE3-C4AE-177BFF552DB1}" = Catalyst Control Center Localization French
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MG5100 series User Registration" = Canon MG5100 series User Registration
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP550 series User Registration" = Canon MP550 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DWG TrueView 2013" = DWG TrueView 2013
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MTN [email protected]" = MTN Online
"MyCamera" = Canon Utilities MyCamera
"N360" = Norton 360
"Nokia Suite" = Nokia Suite
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Rapport_msi" = Trusteer Endpoint Protection
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T4A Maps Traveller's Africa 9.05" = T4A Maps Traveller's Africa 9.05
"T4A Maps Traveller's Africa 9.10" = T4A Maps Traveller's Africa 9.10
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WEB Partner" = WEB Partner
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Suite 2009" = PDF Suite 2009 v9.0.6.111

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013/10/01 12:07:41 PM | Computer Name = Leon-PC | Source = EventSystem | ID = 4621
Description =

Error - 2013/10/02 03:07:48 AM | Computer Name = Leon-PC | Source = WinMgmt | ID = 10
Description =

Error - 2013/10/02 03:35:36 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 03:35:36 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 03:35:37 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 03:35:37 AM | Computer Name = Leon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2013/10/02 04:15:11 AM | Computer Name = Leon-PC | Source = Application Error | ID = 1000
Description = Faulting application MTN Online.exe, version 0.0.0.0, time stamp 0x4dfb065b,
faulting module SmsAppPlugin.dll, version 0.0.0.0, time stamp 0x4dfb01e9, exception
code 0xc0000005, fault offset 0x00014507, process id 0xcbc, application start time
0x01cebf47798f9800.

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = WinMgmt | ID = 10
Description =

Error - 2013/10/04 03:13:34 AM | Computer Name = Leon-PC | Source = WinMgmt | ID = 10
Description =

Error - 2013/10/04 04:03:16 PM | Computer Name = Leon-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 11.2.3.6, time stamp 0x4fdbcf1d,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x20000000, process id 0xf00, application start time 0x01cec0d66142c840.

[ System Events ]
Error - 2013/10/02 11:13:33 AM | Computer Name = Leon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 05:10:59 PM on 2013/10/02 was unexpected.

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/02 11:14:22 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2013/10/02 11:19:28 AM | Computer Name = Leon-PC | Source = DCOM | ID = 10016
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2013/10/04 03:13:35 AM | Computer Name = Leon-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >


Thanks!
  • 0

#4
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Seems I dropped #3: here is is now:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-05 22:10:54
-----------------------------
22:10:54.410 OS Version: Windows 6.0.6002 Service Pack 2
22:10:54.411 Number of processors: 2 586 0x1706
22:10:54.414 ComputerName: LEON-PC UserName: Leon
22:10:55.978 Initialize success
22:11:49.683 AVAST engine defs: 13100501
22:20:35.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:20:35.537 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:20:35.739 Disk 0 MBR read successfully
22:20:35.745 Disk 0 MBR scan
22:20:35.793 Disk 0 unknown MBR code
22:20:35.822 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
22:20:35.862 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147630 MB offset 20482048
22:20:35.897 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147613 MB offset 322828288
22:20:35.923 Disk 0 scanning sectors +625139712
22:20:36.042 Disk 0 scanning C:\Windows\system32\drivers
22:20:54.718 Service scanning
22:21:00.879 Service BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130924.001\BHDrvx86.sys **LOCKED** 5
22:21:02.250 Service ccSet_N360 C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys **LOCKED** 5
22:21:05.136 Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
22:21:05.817 Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
22:21:11.056 Service IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20131004.001\IDSvix86.sys **LOCKED** 5
22:21:16.212 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVENG.SYS **LOCKED** 5
22:21:16.542 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVEX15.SYS **LOCKED** 5
22:21:28.000 Service SRTSPX C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS **LOCKED** 5
22:21:28.965 Service SymDS C:\Windows\system32\drivers\N360\0604010.00E\SYMDS.SYS **LOCKED** 5
22:21:29.267 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
22:21:29.416 Service SymIRON C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS **LOCKED** 5
22:21:29.554 Service SYMTDIv C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDIV.SYS **LOCKED** 5
22:21:38.698 Modules scanning
22:21:59.567 Disk 0 trace - called modules:
22:21:59.610 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:21:59.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b442348]
22:21:59.639 3 CLASSPNP.SYS[8edb68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8950d028]
22:22:00.770 AVAST engine scan C:\Windows
22:22:08.242 AVAST engine scan C:\Windows\system32
22:29:19.555 AVAST engine scan C:\Windows\system32\drivers
22:29:46.046 AVAST engine scan C:\Users\Leon
22:31:17.200 Disk 0 MBR has been saved successfully to "C:\Users\Leon\Desktop\MBR.dat"
22:31:17.207 The log file has been saved successfully to "C:\Users\Leon\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-05 22:33:35
-----------------------------
22:33:35.745 OS Version: Windows 6.0.6002 Service Pack 2
22:33:35.746 Number of processors: 2 586 0x1706
22:33:35.749 ComputerName: LEON-PC UserName: Leon
22:33:37.414 Initialize success
22:34:30.311 AVAST engine defs: 13100501
22:34:47.149 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:34:47.158 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:34:47.686 Disk 0 MBR read successfully
22:34:47.716 Disk 0 MBR scan
22:34:47.757 Disk 0 unknown MBR code
22:34:47.793 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
22:34:47.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147630 MB offset 20482048
22:34:47.879 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147613 MB offset 322828288
22:34:47.918 Disk 0 scanning sectors +625139712
22:34:48.300 Disk 0 scanning C:\Windows\system32\drivers
22:35:28.184 Service scanning
22:35:34.441 Service BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130924.001\BHDrvx86.sys **LOCKED** 5
22:35:35.743 Service ccSet_N360 C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys **LOCKED** 5
22:35:38.377 Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
22:35:39.056 Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
22:35:44.271 Service IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20131004.001\IDSvix86.sys **LOCKED** 5
22:35:49.239 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVENG.SYS **LOCKED** 5
22:35:49.583 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVEX15.SYS **LOCKED** 5
22:36:01.480 Service SRTSPX C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS **LOCKED** 5
22:36:02.345 Service SymDS C:\Windows\system32\drivers\N360\0604010.00E\SYMDS.SYS **LOCKED** 5
22:36:02.662 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
22:36:02.854 Service SymIRON C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS **LOCKED** 5
22:36:02.992 Service SYMTDIv C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDIV.SYS **LOCKED** 5
22:36:12.675 Modules scanning
22:36:49.617 Disk 0 trace - called modules:
22:36:49.660 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:36:49.677 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b442348]
22:36:49.690 3 CLASSPNP.SYS[8edb68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8950d028]
22:36:51.121 AVAST engine scan C:\Windows
22:37:08.781 AVAST engine scan C:\Windows\system32
22:49:12.149 AVAST engine scan C:\Windows\system32\drivers
22:50:05.833 AVAST engine scan C:\Users\Leon
23:21:02.171 AVAST engine scan C:\ProgramData
23:35:34.072 Scan finished successfully
06:02:13.661 Disk 0 MBR has been saved successfully to "C:\Users\Leon\Desktop\MBR.dat"
06:02:13.681 The log file has been saved successfully to "C:\Users\Leon\Desktop\aswMBR.txt"
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

The OTL scan you provided was for the current user only, which was the account that was logged in at the time. Please re-run step one, but make sure that the All Users box is checked at the top of OTL's control panel before running the scan.



Things I need to see in your next post

New OTL Log
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Also, please ensure that you copy the text in the quote box, and paste it into the Custom Scans/Fixes window at the bottom of OTL's control panel as well before beginning the scan. :)
  • 0

#7
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
School boy errors, now scanning.
  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

School boy errors, now scanning.


No problem at all :)
  • 0

#9
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
New OTL post:

OTL logfile created on: 2013/10/06 01:23:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 33.98% Memory free
5.90 Gb Paging File | 3.77 Gb Available in Paging File | 63.83% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 68.70 Gb Free Space | 47.66% Space Free | Partition Type: NTFS
Drive D: | 144.15 Gb Total Space | 137.77 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive F: | 56.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2013/10/05 21:19:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Leon\Desktop\aswmbr.exe
PRC - [2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
PRC - [2013/07/31 12:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2013/07/25 09:46:14 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2013/03/14 11:29:25 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/03/09 03:28:08 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2012/07/26 05:21:03 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011/09/30 18:55:43 | 000,514,048 | ---- | M] () -- C:\Program Files\MTN Online\MTN Online.exe
PRC - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () -- C:\ProgramData\MTN Online\OnlineUpdate\ouc.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe
PRC - [2011/03/14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2010/11/04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010/08/17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009/04/11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009/04/11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009/01/16 03:25:48 | 000,729,088 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/04/07 07:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 12:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/25 14:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/03 22:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008/01/21 04:24:21 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
PRC - [2008/01/21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008/01/21 04:23:32 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/01/17 20:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/23 07:03:34 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/30 18:55:43 | 000,514,048 | ---- | M] () -- C:\Program Files\MTN Online\MTN Online.exe
MOD - [2011/09/30 18:54:41 | 000,185,344 | ---- | M] () -- C:\Program Files\MTN Online\XFramePlugin.dll
MOD - [2011/09/30 18:54:41 | 000,159,232 | ---- | M] () -- C:\Program Files\MTN Online\XCodec.dll
MOD - [2011/09/30 18:54:41 | 000,106,496 | ---- | M] () -- C:\Program Files\MTN Online\Win7Support.dll
MOD - [2011/09/30 18:54:40 | 000,826,880 | ---- | M] () -- C:\Program Files\MTN Online\SMSUIPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,670,720 | ---- | M] () -- C:\Program Files\MTN Online\SmsAppPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,635,904 | ---- | M] () -- C:\Program Files\MTN Online\USSDUIPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,313,344 | ---- | M] () -- C:\Program Files\MTN Online\StatusBarMgrPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,304,128 | ---- | M] () -- C:\Program Files\MTN Online\ToolBarMgrPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,261,632 | ---- | M] () -- C:\Program Files\MTN Online\sdk.dll
MOD - [2011/09/30 18:54:40 | 000,217,600 | ---- | M] () -- C:\Program Files\MTN Online\SmsSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,156,672 | ---- | M] () -- C:\Program Files\MTN Online\STKSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,142,336 | ---- | M] () -- C:\Program Files\MTN Online\USSDSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,135,168 | ---- | M] () -- C:\Program Files\MTN Online\Trace.dll
MOD - [2011/09/30 18:54:37 | 009,515,520 | ---- | M] () -- C:\Program Files\MTN Online\QtGui4.dll
MOD - [2011/09/30 18:54:37 | 001,148,416 | ---- | M] () -- C:\Program Files\MTN Online\QtNetwork4.dll
MOD - [2011/09/30 18:54:37 | 000,370,176 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qtiff4.dll
MOD - [2011/09/30 18:54:36 | 002,415,104 | ---- | M] () -- C:\Program Files\MTN Online\QtCore4.dll
MOD - [2011/09/30 18:54:35 | 001,101,824 | ---- | M] () -- C:\Program Files\MTN Online\NDISAPI.dll
MOD - [2011/09/30 18:54:35 | 000,562,688 | ---- | M] () -- C:\Program Files\MTN Online\NetInfoUIExPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,545,280 | ---- | M] () -- C:\Program Files\MTN Online\PluginContainer.dll
MOD - [2011/09/30 18:54:35 | 000,381,952 | ---- | M] () -- C:\Program Files\MTN Online\Proxy.dll
MOD - [2011/09/30 18:54:35 | 000,351,232 | ---- | M] () -- C:\Program Files\MTN Online\NetConnectPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,350,720 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qmng4.dll
MOD - [2011/09/30 18:54:35 | 000,278,528 | ---- | M] () -- C:\Program Files\MTN Online\NetInfoSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,269,824 | ---- | M] () -- C:\Program Files\MTN Online\LiveUpdateInterface.dll
MOD - [2011/09/30 18:54:35 | 000,249,856 | ---- | M] () -- C:\Program Files\MTN Online\MenuMgrPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,235,008 | ---- | M] () -- C:\Program Files\MTN Online\NetSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,192,000 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qjpeg4.dll
MOD - [2011/09/30 18:54:35 | 000,180,224 | ---- | M] () -- C:\Program Files\MTN Online\NDISPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,158,720 | ---- | M] () -- C:\Program Files\MTN Online\NetConnectSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,133,120 | ---- | M] () -- C:\Program Files\MTN Online\OSDialup.dll
MOD - [2011/09/30 18:54:35 | 000,131,072 | ---- | M] () -- C:\Program Files\MTN Online\OSNDIS.dll
MOD - [2011/09/30 18:54:35 | 000,101,376 | ---- | M] () -- C:\Program Files\MTN Online\OSAdapt.dll
MOD - [2011/09/30 18:54:35 | 000,093,184 | ---- | M] () -- C:\Program Files\MTN Online\NotifyServicePlugin.dll
MOD - [2011/09/30 18:54:35 | 000,082,944 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qgif4.dll
MOD - [2011/09/30 18:54:35 | 000,081,920 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qico4.dll
MOD - [2011/09/30 18:54:35 | 000,065,536 | ---- | M] () -- C:\Program Files\MTN Online\OSPowerMgr.dll
MOD - [2011/09/30 18:54:35 | 000,062,976 | ---- | M] () -- C:\Program Files\MTN Online\OSCall.dll
MOD - [2011/09/30 18:54:35 | 000,043,008 | ---- | M] () -- C:\Program Files\MTN Online\libgcc_s_dw2-1.dll
MOD - [2011/09/30 18:54:35 | 000,011,362 | ---- | M] () -- C:\Program Files\MTN Online\mingwm10.dll
MOD - [2011/09/30 18:54:34 | 001,077,248 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,796,672 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,550,400 | ---- | M] () -- C:\Program Files\MTN Online\CallAppPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,547,840 | ---- | M] () -- C:\Program Files\MTN Online\CallLogSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,521,728 | ---- | M] () -- C:\Program Files\MTN Online\DeviceMgrUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,439,296 | ---- | M] () -- C:\Program Files\MTN Online\core.dll
MOD - [2011/09/30 18:54:34 | 000,432,640 | ---- | M] () -- C:\Program Files\MTN Online\DialupUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,338,432 | ---- | M] () -- C:\Program Files\MTN Online\DeviceAppPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,301,568 | ---- | M] () -- C:\Program Files\MTN Online\DiagnosisPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,301,056 | ---- | M] () -- C:\Program Files\MTN Online\DeviceSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,264,704 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,238,080 | ---- | M] () -- C:\Program Files\MTN Online\AtCodec.dll
MOD - [2011/09/30 18:54:34 | 000,218,112 | ---- | M] () -- C:\Program Files\MTN Online\Common.dll
MOD - [2011/09/30 18:54:34 | 000,211,968 | ---- | M] () -- C:\Program Files\MTN Online\DialUpPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,176,128 | ---- | M] () -- C:\Program Files\MTN Online\CallSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,157,184 | ---- | M] () -- C:\Program Files\MTN Online\DataServicePlugin.dll
MOD - [2011/09/30 18:54:34 | 000,154,624 | ---- | M] () -- C:\Program Files\MTN Online\GpsSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,123,392 | ---- | M] () -- C:\Program Files\MTN Online\ATR2SMgr.dll
MOD - [2011/09/30 18:54:34 | 000,119,296 | ---- | M] () -- C:\Program Files\MTN Online\LayoutPlugin.dll
MOD - [2011/02/22 12:52:16 | 000,520,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\pompeius.dll
MOD - [2011/02/22 12:52:16 | 000,059,904 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\zlib1.dll
MOD - [2009/01/16 03:28:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/22 00:32:02 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/03/14 11:29:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MTN Online\UpdateDog\ouc.exe -- (MTN Online. RunOuc)
SRV - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/05/27 20:31:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/14 21:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Leon\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/09/24 06:37:15 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130924.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/23 07:03:31 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/09/02 07:21:17 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/02 07:21:16 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 11:00:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/27 11:00:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/14 03:30:21 | 000,392,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20131004.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/07/25 09:46:26 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/07/25 09:46:24 | 000,222,192 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/07/25 09:46:24 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/03/29 14:17:12 | 007,346,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2013/03/22 00:32:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2013/03/22 00:30:48 | 000,052,128 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2013/03/22 00:29:52 | 000,042,144 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2012/07/06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/05/04 14:21:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 08:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2012/03/29 08:28:34 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012/03/29 08:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012/03/29 08:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/02/25 18:02:26 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/30 18:19:00 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/01/30 18:19:00 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2010/12/24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 12:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2009/01/16 04:46:52 | 004,305,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/28 16:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/01/26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...travelmate_5730
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enZA331
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2013/05/26 23:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/10/05 21:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/05 12:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/05 12:55:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Leon\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files\PDF Suite\PDFIEHelper.dll (Interactive Brands)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files\PDF Suite\PDFIEPlugin.dll (Interactive Brands)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DJT790] "f:\hp plotter software\setup.exe" /mode nextstepsreboot File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\MTN Online\MTN Online.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CC42E9F-43AF-4946-BD74-10DF3CA1C9CA}: DhcpNameServer = 10.123.11.20 10.123.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{539FBF7E-C6B6-4FCD-BE9F-F51F784CEAE5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C959CEB2-B764-4DB7-B98D-7C538C41525B}: NameServer = 209.212.96.1 208.67.220.220
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/25 08:05:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/03/03 02:56:55 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dadfec6-eb83-11e0-bcd1-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2ce0b3a7-e9b3-11e0-80eb-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3b7-e9b3-11e0-80eb-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3c4-e9b3-11e0-80eb-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3d8-e9b3-11e0-80eb-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{356e5eb6-a796-11de-8333-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell - "" = AutoRun
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7df7bdae-a6a5-11de-b4b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell - "" = AutoRun
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell - "" = AutoRun
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell - "" = AutoRun
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{acbe0366-a6a2-11de-977b-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell\AutoRun\command - "" = H:\HPIP.exe
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell - "" = AutoRun
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell - "" = AutoRun
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/05 21:13:17 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Leon\Desktop\aswmbr.exe
[2013/10/05 06:19:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/04 22:01:43 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/09/23 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2013/09/16 07:09:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/16 07:09:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/16 07:09:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/16 07:09:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/16 07:09:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/16 07:09:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/16 07:09:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/16 07:09:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/13 11:11:01 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/12 07:00:46 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{57BE9338-0306-4AFD-90A4-ABAF937B07A7}
[2013/09/11 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{2542CDA3-B62E-4900-9BC8-917D2E28F1D7}
[2013/09/11 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{8B2B9C19-438C-4C91-8F46-82E8136FA499}
[2010/05/21 12:51:16 | 000,161,000 | ---- | C] (Trusteer Ltd.) -- C:\Users\Leon\RapportSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/10/06 13:33:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 13:33:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 13:25:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/06 13:24:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/06 09:24:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/06 06:51:22 | 000,648,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/06 06:51:22 | 000,124,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/06 06:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/06 06:02:13 | 000,000,512 | ---- | M] () -- C:\Users\Leon\Desktop\MBR.dat
[2013/10/05 21:33:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/10/05 21:33:37 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/05 21:33:31 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2013/10/05 21:32:50 | 458,810,217 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/05 21:19:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Leon\Desktop\aswmbr.exe
[2013/10/05 20:24:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/04 15:16:50 | 000,000,103 | ---- | M] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:15 | 000,001,684 | ---- | M] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/01 16:39:57 | 000,047,926 | ---- | M] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/09/26 15:54:09 | 000,002,587 | ---- | M] () -- C:\Users\Leon\Desktop\Microsoft Office Word 2007.lnk
[2013/09/14 04:04:32 | 000,447,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/05 22:31:17 | 000,000,512 | ---- | C] () -- C:\Users\Leon\Desktop\MBR.dat
[2013/10/05 21:32:50 | 458,810,217 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/04 15:16:50 | 000,000,103 | ---- | C] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:14 | 000,001,684 | ---- | C] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/01 16:39:57 | 000,047,926 | ---- | C] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/03/22 00:38:03 | 000,396,653 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/22 13:06:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/03 19:55:26 | 009,568,768 | ---- | C] () -- C:\Users\Leon\Vodafone Mobile Connect.msi
[2012/10/03 19:55:26 | 000,003,584 | ---- | C] () -- C:\Users\Leon\2057.MST
[2012/09/16 20:43:55 | 005,010,369 | ---- | C] () -- C:\Users\Leon\This Video Will Shock South African people.wmv
[2012/08/01 15:51:25 | 000,001,140 | ---- | C] () -- C:\Users\Leon\help file.htm
[2012/07/30 13:24:23 | 000,002,910 | ---- | C] () -- C:\Users\Leon\transition.htm
[2012/07/13 07:42:27 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012/02/05 12:35:31 | 092,199,288 | ---- | C] () -- C:\Users\Leon\Nokia_Suite_webinstaller_ALL.exe
[2012/02/03 17:18:29 | 015,559,559 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\SMRBackup250.dat
[2011/11/24 11:31:23 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/01/21 20:34:29 | 000,014,520 | -H-- | C] () -- C:\Users\Leon\ZbThumbnail.info
[2010/12/05 19:47:20 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Local\mxfilerelatedcache.mxc2
[2010/12/05 19:47:19 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Roaming\mxfilerelatedcache.mxc2
[2010/12/05 19:47:17 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\mxfilerelatedcache.mxc2
[2010/10/31 20:32:03 | 001,648,929 | ---- | C] () -- C:\Users\Leon\IMG_0596.JPG
[2010/10/31 20:32:03 | 001,526,511 | ---- | C] () -- C:\Users\Leon\IMG_0593.JPG
[2009/11/04 21:19:44 | 000,452,670 | ---- | C] () -- C:\Users\Leon\eee4.pdf
[2009/11/04 21:19:26 | 000,484,332 | ---- | C] () -- C:\Users\Leon\eee3.pdf
[2009/11/04 21:19:08 | 000,464,914 | ---- | C] () -- C:\Users\Leon\eee2.pdf
[2009/11/04 21:18:44 | 000,496,860 | ---- | C] () -- C:\Users\Leon\eee1.pdf
[2009/09/24 17:47:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/01 21:49:35 | 000,121,344 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 03:30:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/09/03 15:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DOC >
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$R58Z330\CI Furniture\2nd wave\SERVICES.doc
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$R58Z330\CI Furniture\SERVICES.doc
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$RKFFL2B\CI Furniture\2nd wave\SERVICES.doc
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$RKFFL2B\CI Furniture\SERVICES.doc

< MD5 for: SERVICES.EXE >
[2008/01/21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.HTM_CMP_ARTSY010_HBTN.GIF >
[2005/08/08 10:12:24 | 000,003,087 | ---- | M] () MD5=FA385428877820630F8053632A1D686A -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$R58Z330\DATA\NBD & Services\Risk Management\Safety Management\Medical Centre\Studies_files\services.htm_cmp_artsy010_hbtn.gif
[2005/08/08 10:12:24 | 000,003,087 | ---- | M] () MD5=FA385428877820630F8053632A1D686A -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$RKFFL2B\DATA\NBD & Services\Risk Management\Safety Management\Medical Centre\Studies_files\services.htm_cmp_artsy010_hbtn.gif

< MD5 for: SERVICES.LNK >
[2008/01/21 04:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 04:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is ACER
Volume Serial Number is 240E-99D1
Directory of C:\
2006/11/02 03:02 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\ProgramData]
2006/11/02 03:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
2006/11/02 03:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
2006/11/02 03:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
2006/11/02 03:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
2006/11/02 03:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
2006/11/02 03:02 PM <SYMLINKD> All Users [C:\ProgramData]
2006/11/02 03:02 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\ProgramData]
2006/11/02 03:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
2006/11/02 03:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
2006/11/02 03:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
2006/11/02 03:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
2006/11/02 03:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
2006/11/02 03:02 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
2006/11/02 03:02 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
2006/11/02 12:23 PM <JUNCTION> Music [C:\Users\Default\Music]
2006/11/02 03:02 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
2006/11/02 03:02 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2006/11/02 12:23 PM <JUNCTION> Pictures [C:\Users\Default\Pictures]
2006/11/02 03:02 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2006/11/02 03:02 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
2006/11/02 03:02 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
2006/11/02 03:02 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
2006/11/02 03:02 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
2006/11/02 12:23 PM <JUNCTION> Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
2006/11/02 03:02 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
2006/11/02 03:02 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
2006/11/02 03:02 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
2006/11/02 03:02 PM <JUNCTION> My Music [C:\Users\Default\Music]
2006/11/02 03:02 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
2006/11/02 03:02 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\itsup
2012/08/29 11:31 AM <JUNCTION> Application Data [C:\Users\itsup\AppData\Roaming]
2012/08/29 11:31 AM <JUNCTION> Cookies [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Cookies]
2012/08/29 11:31 AM <JUNCTION> Local Settings [C:\Users\itsup\AppData\Local]
2012/08/29 11:31 AM <JUNCTION> My Documents [C:\Users\itsup\Documents]
2012/08/29 11:31 AM <JUNCTION> NetHood [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2012/08/29 11:31 AM <JUNCTION> PrintHood [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2012/08/29 11:31 AM <JUNCTION> Recent [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Recent]
2012/08/29 11:31 AM <JUNCTION> SendTo [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\SendTo]
2012/08/29 11:31 AM <JUNCTION> Start Menu [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Start Menu]
2012/08/29 11:31 AM <JUNCTION> Templates [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\itsup\AppData\Local
2012/08/29 11:31 AM <JUNCTION> Application Data [C:\Users\itsup\AppData\Local]
2012/08/29 11:31 AM <JUNCTION> History [C:\Users\itsup\AppData\Local\Microsoft\Windows\History]
2012/08/29 11:31 AM <JUNCTION> Temporary Internet Files [C:\Users\itsup\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Leon
2009/05/28 03:24 AM <JUNCTION> Application Data [C:\Users\Leon\AppData\Roaming]
2009/05/28 03:24 AM <JUNCTION> Cookies [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Cookies]
2009/05/28 03:24 AM <JUNCTION> Local Settings [C:\Users\Leon\AppData\Local]
2009/05/28 03:24 AM <JUNCTION> Recent [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Recent]
2009/05/28 03:24 AM <JUNCTION> SendTo [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\SendTo]
2009/05/28 03:24 AM <JUNCTION> Start Menu [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu]
2009/05/28 03:24 AM <JUNCTION> Templates [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Leon\AppData\Local
2009/05/28 03:24 AM <JUNCTION> Application Data [C:\Users\Leon\AppData\Local]
2009/05/28 03:24 AM <JUNCTION> History [C:\Users\Leon\AppData\Local\Microsoft\Windows\History]
2009/05/28 03:24 AM <JUNCTION> Temporary Internet Files [C:\Users\Leon\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Public
2006/11/02 03:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
2009/09/21 01:47 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
2009/09/21 01:47 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
2009/09/21 01:47 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
2011/10/16 11:14 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
2011/10/16 11:14 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2011/10/16 11:14 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2011/10/16 11:14 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
2011/10/16 11:14 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
2011/10/16 11:14 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
2011/10/16 11:14 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
2009/09/21 01:47 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
2009/09/21 01:47 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
2009/09/21 01:47 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
2011/10/16 11:14 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
2011/10/16 11:14 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
2011/10/16 11:14 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
75 Dir(s) 73˙767˙710˙720 bytes free

< End of report >
  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello again :)

Your log is still showing the Scan mode as Current User as shown below.

Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



Please run OTL again and check the box at the top as shown in the graphic as well as

Use Company-Name WhiteList
Skip Microsoft Files
Use No-Company-Name Whitelist
LOP Check
Purity Check



and click Run Scan



Posted Image
  • 0

#11
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL logfile created on: 2013/10/06 03:56:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 36.74% Memory free
5.90 Gb Paging File | 3.79 Gb Available in Paging File | 64.20% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 68.69 Gb Free Space | 47.65% Space Free | Partition Type: NTFS
Drive D: | 144.15 Gb Total Space | 137.77 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive F: | 56.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2013/10/05 21:19:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Leon\Desktop\aswmbr.exe
PRC - [2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
PRC - [2013/07/31 12:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2013/07/25 09:46:14 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2013/03/14 11:29:25 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/03/09 03:28:08 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2012/07/26 05:21:03 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011/09/30 18:55:43 | 000,514,048 | ---- | M] () -- C:\Program Files\MTN Online\MTN Online.exe
PRC - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () -- C:\ProgramData\MTN Online\OnlineUpdate\ouc.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe
PRC - [2011/03/14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2010/11/04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010/08/17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009/04/11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009/04/11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009/01/16 03:25:48 | 000,729,088 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/04/07 07:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 12:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/25 14:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/03 22:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008/01/21 04:24:21 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
PRC - [2008/01/21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008/01/21 04:23:41 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
PRC - [2008/01/21 04:23:32 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/01/17 20:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/23 07:03:34 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/30 18:55:43 | 000,514,048 | ---- | M] () -- C:\Program Files\MTN Online\MTN Online.exe
MOD - [2011/09/30 18:54:41 | 000,185,344 | ---- | M] () -- C:\Program Files\MTN Online\XFramePlugin.dll
MOD - [2011/09/30 18:54:41 | 000,159,232 | ---- | M] () -- C:\Program Files\MTN Online\XCodec.dll
MOD - [2011/09/30 18:54:41 | 000,106,496 | ---- | M] () -- C:\Program Files\MTN Online\Win7Support.dll
MOD - [2011/09/30 18:54:40 | 000,826,880 | ---- | M] () -- C:\Program Files\MTN Online\SMSUIPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,670,720 | ---- | M] () -- C:\Program Files\MTN Online\SmsAppPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,635,904 | ---- | M] () -- C:\Program Files\MTN Online\USSDUIPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,313,344 | ---- | M] () -- C:\Program Files\MTN Online\StatusBarMgrPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,304,128 | ---- | M] () -- C:\Program Files\MTN Online\ToolBarMgrPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,261,632 | ---- | M] () -- C:\Program Files\MTN Online\sdk.dll
MOD - [2011/09/30 18:54:40 | 000,217,600 | ---- | M] () -- C:\Program Files\MTN Online\SmsSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,156,672 | ---- | M] () -- C:\Program Files\MTN Online\STKSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,142,336 | ---- | M] () -- C:\Program Files\MTN Online\USSDSrvPlugin.dll
MOD - [2011/09/30 18:54:40 | 000,135,168 | ---- | M] () -- C:\Program Files\MTN Online\Trace.dll
MOD - [2011/09/30 18:54:37 | 009,515,520 | ---- | M] () -- C:\Program Files\MTN Online\QtGui4.dll
MOD - [2011/09/30 18:54:37 | 001,148,416 | ---- | M] () -- C:\Program Files\MTN Online\QtNetwork4.dll
MOD - [2011/09/30 18:54:37 | 000,370,176 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qtiff4.dll
MOD - [2011/09/30 18:54:36 | 002,415,104 | ---- | M] () -- C:\Program Files\MTN Online\QtCore4.dll
MOD - [2011/09/30 18:54:35 | 001,101,824 | ---- | M] () -- C:\Program Files\MTN Online\NDISAPI.dll
MOD - [2011/09/30 18:54:35 | 000,562,688 | ---- | M] () -- C:\Program Files\MTN Online\NetInfoUIExPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,545,280 | ---- | M] () -- C:\Program Files\MTN Online\PluginContainer.dll
MOD - [2011/09/30 18:54:35 | 000,381,952 | ---- | M] () -- C:\Program Files\MTN Online\Proxy.dll
MOD - [2011/09/30 18:54:35 | 000,351,232 | ---- | M] () -- C:\Program Files\MTN Online\NetConnectPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,350,720 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qmng4.dll
MOD - [2011/09/30 18:54:35 | 000,278,528 | ---- | M] () -- C:\Program Files\MTN Online\NetInfoSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,269,824 | ---- | M] () -- C:\Program Files\MTN Online\LiveUpdateInterface.dll
MOD - [2011/09/30 18:54:35 | 000,249,856 | ---- | M] () -- C:\Program Files\MTN Online\MenuMgrPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,235,008 | ---- | M] () -- C:\Program Files\MTN Online\NetSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,192,000 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qjpeg4.dll
MOD - [2011/09/30 18:54:35 | 000,180,224 | ---- | M] () -- C:\Program Files\MTN Online\NDISPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,158,720 | ---- | M] () -- C:\Program Files\MTN Online\NetConnectSrvPlugin.dll
MOD - [2011/09/30 18:54:35 | 000,133,120 | ---- | M] () -- C:\Program Files\MTN Online\OSDialup.dll
MOD - [2011/09/30 18:54:35 | 000,131,072 | ---- | M] () -- C:\Program Files\MTN Online\OSNDIS.dll
MOD - [2011/09/30 18:54:35 | 000,101,376 | ---- | M] () -- C:\Program Files\MTN Online\OSAdapt.dll
MOD - [2011/09/30 18:54:35 | 000,093,184 | ---- | M] () -- C:\Program Files\MTN Online\NotifyServicePlugin.dll
MOD - [2011/09/30 18:54:35 | 000,082,944 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qgif4.dll
MOD - [2011/09/30 18:54:35 | 000,081,920 | ---- | M] () -- C:\Program Files\MTN Online\plugins\imageformats\qico4.dll
MOD - [2011/09/30 18:54:35 | 000,065,536 | ---- | M] () -- C:\Program Files\MTN Online\OSPowerMgr.dll
MOD - [2011/09/30 18:54:35 | 000,062,976 | ---- | M] () -- C:\Program Files\MTN Online\OSCall.dll
MOD - [2011/09/30 18:54:35 | 000,043,008 | ---- | M] () -- C:\Program Files\MTN Online\libgcc_s_dw2-1.dll
MOD - [2011/09/30 18:54:35 | 000,011,362 | ---- | M] () -- C:\Program Files\MTN Online\mingwm10.dll
MOD - [2011/09/30 18:54:34 | 001,077,248 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,796,672 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,550,400 | ---- | M] () -- C:\Program Files\MTN Online\CallAppPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,547,840 | ---- | M] () -- C:\Program Files\MTN Online\CallLogSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,521,728 | ---- | M] () -- C:\Program Files\MTN Online\DeviceMgrUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,439,296 | ---- | M] () -- C:\Program Files\MTN Online\core.dll
MOD - [2011/09/30 18:54:34 | 000,432,640 | ---- | M] () -- C:\Program Files\MTN Online\DialupUIPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,338,432 | ---- | M] () -- C:\Program Files\MTN Online\DeviceAppPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,301,568 | ---- | M] () -- C:\Program Files\MTN Online\DiagnosisPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,301,056 | ---- | M] () -- C:\Program Files\MTN Online\DeviceSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,264,704 | ---- | M] () -- C:\Program Files\MTN Online\AddrBookSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,238,080 | ---- | M] () -- C:\Program Files\MTN Online\AtCodec.dll
MOD - [2011/09/30 18:54:34 | 000,218,112 | ---- | M] () -- C:\Program Files\MTN Online\Common.dll
MOD - [2011/09/30 18:54:34 | 000,211,968 | ---- | M] () -- C:\Program Files\MTN Online\DialUpPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,176,128 | ---- | M] () -- C:\Program Files\MTN Online\CallSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,157,184 | ---- | M] () -- C:\Program Files\MTN Online\DataServicePlugin.dll
MOD - [2011/09/30 18:54:34 | 000,154,624 | ---- | M] () -- C:\Program Files\MTN Online\GpsSrvPlugin.dll
MOD - [2011/09/30 18:54:34 | 000,123,392 | ---- | M] () -- C:\Program Files\MTN Online\ATR2SMgr.dll
MOD - [2011/09/30 18:54:34 | 000,119,296 | ---- | M] () -- C:\Program Files\MTN Online\LayoutPlugin.dll
MOD - [2011/02/22 12:52:16 | 000,520,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\pompeius.dll
MOD - [2011/02/22 12:52:16 | 000,059,904 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\zlib1.dll
MOD - [2009/01/16 03:28:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2013/07/25 09:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/22 00:32:02 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2013/03/22 00:30:48 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/03/14 11:29:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/30 18:54:33 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MTN Online\UpdateDog\ouc.exe -- (MTN Online. RunOuc)
SRV - [2011/03/14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/05/27 20:31:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/03/21 22:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/14 21:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HSPADataCardusbmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Leon\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/09/24 06:37:15 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130924.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/23 07:03:31 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/09/02 07:21:17 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/02 07:21:16 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20131005.007\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 11:00:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/27 11:00:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/14 03:30:21 | 000,392,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20131004.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/07/25 09:46:26 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/07/25 09:46:24 | 000,222,192 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/07/25 09:46:24 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/03/29 14:17:12 | 007,346,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2013/03/22 00:32:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2013/03/22 00:30:48 | 000,052,128 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2013/03/22 00:29:52 | 000,042,144 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2012/07/06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/05/04 14:21:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 08:28:37 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2012/03/29 08:28:34 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012/03/29 08:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012/03/29 08:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/02/25 18:02:26 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/30 18:19:00 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/01/30 18:19:00 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2010/12/24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 12:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2009/01/16 04:46:52 | 004,305,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/28 16:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/01/26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...travelmate_5730
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.4.0.9
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.4.0.9
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.4.0.9
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.4.0.9
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...travelmate_5730
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enZA331
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/01 23:06:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2013/05/26 23:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/10/05 21:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/05 12:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/05 12:55:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Leon\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files\PDF Suite\PDFIEHelper.dll (Interactive Brands)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files\PDF Suite\PDFIEPlugin.dll (Interactive Brands)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DJT790] "f:\hp plotter software\setup.exe" /mode nextstepsreboot File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003..\Run: [Mobile Partner] C:\Program Files\MTN Online\MTN Online.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CC42E9F-43AF-4946-BD74-10DF3CA1C9CA}: DhcpNameServer = 10.123.11.20 10.123.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{539FBF7E-C6B6-4FCD-BE9F-F51F784CEAE5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C959CEB2-B764-4DB7-B98D-7C538C41525B}: NameServer = 209.212.96.1 208.67.220.220
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/25 08:05:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/03/03 02:56:55 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dadfec6-eb83-11e0-bcd1-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfee9-eb83-11e0-bcd1-001e101f21c1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadfef4-eb83-11e0-bcd1-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3540d8-0f08-11e2-aa05-d70af41a3f94}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{2ce0b3a7-e9b3-11e0-80eb-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3b7-e9b3-11e0-80eb-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3c4-e9b3-11e0-80eb-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce0b3d8-e9b3-11e0-80eb-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{356e5eb6-a796-11de-8333-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell - "" = AutoRun
O33 - MountPoints2\{3fbd907b-90cc-11df-ba73-001d72d6ebf5}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{41d11525-d083-11de-89c6-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48b9f1c8-9d77-11e1-8395-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell - "" = AutoRun
O33 - MountPoints2\{6ab5134f-2eeb-11e2-831d-fad4100e1342}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7520eb83-0d7e-11e2-a271-a33c3b2fe2a9}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7df7bdae-a6a5-11de-b4b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{829c1065-e59f-11de-8766-00215d67c9f6}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell - "" = AutoRun
O33 - MountPoints2\{9aa9cb4e-9c40-11e1-8b7c-963d72be81dd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell - "" = AutoRun
O33 - MountPoints2\{a3f48253-0ed1-11e2-aa68-e537f6e6ab4e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell - "" = AutoRun
O33 - MountPoints2\{a4605947-14f6-11e2-948b-e3a38642cc1d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{acbe0366-a6a2-11de-977b-00215d67c9f6}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell - "" = AutoRun
O33 - MountPoints2\{bf150243-0084-11e2-9084-b48cb0ba5deb}\Shell\AutoRun\command - "" = H:\HPIP.exe
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell - "" = AutoRun
O33 - MountPoints2\{dc51e0dd-f2d3-11e1-8087-a5e509811884}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell - "" = AutoRun
O33 - MountPoints2\{fcea8568-2e19-11e2-807e-c287de82b370}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/03/15 01:27:21 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/05 21:13:17 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Leon\Desktop\aswmbr.exe
[2013/10/05 06:19:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/04 22:01:43 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/09/23 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2013/09/16 07:09:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/16 07:09:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/16 07:09:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/16 07:09:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/16 07:09:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/16 07:09:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/16 07:09:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/16 07:09:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/13 11:11:01 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/12 07:00:46 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{57BE9338-0306-4AFD-90A4-ABAF937B07A7}
[2013/09/11 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{2542CDA3-B62E-4900-9BC8-917D2E28F1D7}
[2013/09/11 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\{8B2B9C19-438C-4C91-8F46-82E8136FA499}
[2010/05/21 12:51:16 | 000,161,000 | ---- | C] (Trusteer Ltd.) -- C:\Users\Leon\RapportSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/10/06 15:33:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 15:33:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 15:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/06 15:24:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/06 09:24:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/06 06:51:22 | 000,648,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/06 06:51:22 | 000,124,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/06 06:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/06 06:02:13 | 000,000,512 | ---- | M] () -- C:\Users\Leon\Desktop\MBR.dat
[2013/10/05 21:33:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/10/05 21:33:37 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/05 21:33:31 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2013/10/05 21:32:50 | 458,810,217 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/05 21:19:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Leon\Desktop\aswmbr.exe
[2013/10/05 20:24:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/10/05 06:19:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013/10/04 15:16:50 | 000,000,103 | ---- | M] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:15 | 000,001,684 | ---- | M] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/01 16:39:57 | 000,047,926 | ---- | M] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/09/26 15:54:09 | 000,002,587 | ---- | M] () -- C:\Users\Leon\Desktop\Microsoft Office Word 2007.lnk
[2013/09/14 04:04:32 | 000,447,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/05 22:31:17 | 000,000,512 | ---- | C] () -- C:\Users\Leon\Desktop\MBR.dat
[2013/10/05 21:32:50 | 458,810,217 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/04 15:16:50 | 000,000,103 | ---- | C] () -- C:\Users\Leon\GetIntel.bat
[2013/10/04 10:26:14 | 000,001,684 | ---- | C] () -- C:\Users\Leon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2013/10/01 16:39:57 | 000,047,926 | ---- | C] () -- C:\Users\Leon\Estelle Engelke Trust registrasie.pdf
[2013/03/22 00:38:03 | 000,396,653 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/22 13:06:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/03 19:55:26 | 009,568,768 | ---- | C] () -- C:\Users\Leon\Vodafone Mobile Connect.msi
[2012/10/03 19:55:26 | 000,003,584 | ---- | C] () -- C:\Users\Leon\2057.MST
[2012/09/16 20:43:55 | 005,010,369 | ---- | C] () -- C:\Users\Leon\This Video Will Shock South African people.wmv
[2012/08/01 15:51:25 | 000,001,140 | ---- | C] () -- C:\Users\Leon\help file.htm
[2012/07/30 13:24:23 | 000,002,910 | ---- | C] () -- C:\Users\Leon\transition.htm
[2012/07/13 07:42:27 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012/02/05 12:35:31 | 092,199,288 | ---- | C] () -- C:\Users\Leon\Nokia_Suite_webinstaller_ALL.exe
[2012/02/03 17:18:29 | 015,559,559 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\SMRBackup250.dat
[2011/11/24 11:31:23 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/10/16 23:13:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/01/21 20:34:29 | 000,014,520 | -H-- | C] () -- C:\Users\Leon\ZbThumbnail.info
[2010/12/05 19:47:20 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Local\mxfilerelatedcache.mxc2
[2010/12/05 19:47:19 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\AppData\Roaming\mxfilerelatedcache.mxc2
[2010/12/05 19:47:17 | 000,000,016 | -H-- | C] () -- C:\Users\Leon\mxfilerelatedcache.mxc2
[2010/10/31 20:32:03 | 001,648,929 | ---- | C] () -- C:\Users\Leon\IMG_0596.JPG
[2010/10/31 20:32:03 | 001,526,511 | ---- | C] () -- C:\Users\Leon\IMG_0593.JPG
[2009/11/04 21:19:44 | 000,452,670 | ---- | C] () -- C:\Users\Leon\eee4.pdf
[2009/11/04 21:19:26 | 000,484,332 | ---- | C] () -- C:\Users\Leon\eee3.pdf
[2009/11/04 21:19:08 | 000,464,914 | ---- | C] () -- C:\Users\Leon\eee2.pdf
[2009/11/04 21:18:44 | 000,496,860 | ---- | C] () -- C:\Users\Leon\eee1.pdf
[2009/09/24 17:47:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/01 21:49:35 | 000,121,344 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 03:30:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/09/03 15:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DOC >
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$R58Z330\CI Furniture\2nd wave\SERVICES.doc
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$R58Z330\CI Furniture\SERVICES.doc
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$RKFFL2B\CI Furniture\2nd wave\SERVICES.doc
[2008/10/09 06:49:36 | 000,031,232 | ---- | M] () MD5=D57635B613453FD3164D8C58F1D19AA5 -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$RKFFL2B\CI Furniture\SERVICES.doc

< MD5 for: SERVICES.EXE >
[2008/01/21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.HTM_CMP_ARTSY010_HBTN.GIF >
[2005/08/08 10:12:24 | 000,003,087 | ---- | M] () MD5=FA385428877820630F8053632A1D686A -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$R58Z330\DATA\NBD & Services\Risk Management\Safety Management\Medical Centre\Studies_files\services.htm_cmp_artsy010_hbtn.gif
[2005/08/08 10:12:24 | 000,003,087 | ---- | M] () MD5=FA385428877820630F8053632A1D686A -- C:\$RECYCLE.BIN\S-1-5-21-150177978-3224712408-3663735934-1003\$RKFFL2B\DATA\NBD & Services\Risk Management\Safety Management\Medical Centre\Studies_files\services.htm_cmp_artsy010_hbtn.gif

< MD5 for: SERVICES.LNK >
[2008/01/21 04:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 04:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is ACER
Volume Serial Number is 240E-99D1
Directory of C:\
2006/11/02 03:02 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\ProgramData]
2006/11/02 03:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
2006/11/02 03:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
2006/11/02 03:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
2006/11/02 03:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
2006/11/02 03:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
2006/11/02 03:02 PM <SYMLINKD> All Users [C:\ProgramData]
2006/11/02 03:02 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\ProgramData]
2006/11/02 03:02 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
2006/11/02 03:02 PM <JUNCTION> Documents [C:\Users\Public\Documents]
2006/11/02 03:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
2006/11/02 03:02 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
2006/11/02 03:02 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
2006/11/02 03:02 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
2006/11/02 03:02 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
2006/11/02 12:23 PM <JUNCTION> Music [C:\Users\Default\Music]
2006/11/02 03:02 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
2006/11/02 03:02 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2006/11/02 12:23 PM <JUNCTION> Pictures [C:\Users\Default\Pictures]
2006/11/02 03:02 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2006/11/02 03:02 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
2006/11/02 03:02 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
2006/11/02 03:02 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
2006/11/02 03:02 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
2006/11/02 12:23 PM <JUNCTION> Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
2006/11/02 03:02 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
2006/11/02 03:02 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
2006/11/02 03:02 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
2006/11/02 03:02 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
2006/11/02 03:02 PM <JUNCTION> My Music [C:\Users\Default\Music]
2006/11/02 03:02 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
2006/11/02 03:02 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\itsup
2012/08/29 11:31 AM <JUNCTION> Application Data [C:\Users\itsup\AppData\Roaming]
2012/08/29 11:31 AM <JUNCTION> Cookies [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Cookies]
2012/08/29 11:31 AM <JUNCTION> Local Settings [C:\Users\itsup\AppData\Local]
2012/08/29 11:31 AM <JUNCTION> My Documents [C:\Users\itsup\Documents]
2012/08/29 11:31 AM <JUNCTION> NetHood [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2012/08/29 11:31 AM <JUNCTION> PrintHood [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2012/08/29 11:31 AM <JUNCTION> Recent [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Recent]
2012/08/29 11:31 AM <JUNCTION> SendTo [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\SendTo]
2012/08/29 11:31 AM <JUNCTION> Start Menu [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Start Menu]
2012/08/29 11:31 AM <JUNCTION> Templates [C:\Users\itsup\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\itsup\AppData\Local
2012/08/29 11:31 AM <JUNCTION> Application Data [C:\Users\itsup\AppData\Local]
2012/08/29 11:31 AM <JUNCTION> History [C:\Users\itsup\AppData\Local\Microsoft\Windows\History]
2012/08/29 11:31 AM <JUNCTION> Temporary Internet Files [C:\Users\itsup\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Leon
2009/05/28 03:24 AM <JUNCTION> Application Data [C:\Users\Leon\AppData\Roaming]
2009/05/28 03:24 AM <JUNCTION> Cookies [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Cookies]
2009/05/28 03:24 AM <JUNCTION> Local Settings [C:\Users\Leon\AppData\Local]
2009/05/28 03:24 AM <JUNCTION> Recent [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Recent]
2009/05/28 03:24 AM <JUNCTION> SendTo [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\SendTo]
2009/05/28 03:24 AM <JUNCTION> Start Menu [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu]
2009/05/28 03:24 AM <JUNCTION> Templates [C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Leon\AppData\Local
2009/05/28 03:24 AM <JUNCTION> Application Data [C:\Users\Leon\AppData\Local]
2009/05/28 03:24 AM <JUNCTION> History [C:\Users\Leon\AppData\Local\Microsoft\Windows\History]
2009/05/28 03:24 AM <JUNCTION> Temporary Internet Files [C:\Users\Leon\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Public
2006/11/02 03:02 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
2009/09/21 01:47 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
2009/09/21 01:47 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
2009/09/21 01:47 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
2011/10/16 11:14 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
2011/10/16 11:14 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
2011/10/16 11:14 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
2011/10/16 11:14 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
2011/10/16 11:14 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
2011/10/16 11:14 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
2011/10/16 11:14 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
2009/09/21 01:47 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
2009/09/21 01:47 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
2009/09/21 01:47 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
2011/10/16 11:14 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
2011/10/16 11:14 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
2011/10/16 11:14 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
75 Dir(s) 73˙755˙521˙024 bytes free

< End of report >
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello again :) We've got some things to do, so let's get going. :thumbsup:



Step 1: Windows Sidebar

Windows Fix It

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.


Step 2: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL

O4 - HKU\S-1-5-21-150177978-3224712408-3663735934-1003..\Run: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found

:Commands
[emptytemp]


  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please attach that log in your next reply.
  • Open OTL and click the Quick Scan button.
  • When it finishes, it will produce a log. Please post that log in your next reply as well.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

  • OTL Fix Log
  • OTL Quick Scan Log

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP