Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:Win32/Oficla.H!dll

Started by michaeldwshaw , Aug 07 2010 03:50 PM

  • Please log in to reply

#1
michaeldwshaw
Posted 07 August 2010 - 03:50 PM

michaeldwshaw

    New Member

  • Member
  • Pip
  • 5 posts
My PC gave a few warnings about suspicious programmes trying to connect to internet. I blocked them. I then ran Trend Micro full scan but had no results. After that I ran Windows Defender programme and it came up with the Trojan warning: Trojan:Win32/Oficla.H!dll saying it was severe and steals bank passwords and suchlike.

Defender failed to clean it, I have copied info it gave below (I ran it again and the Trojan had moved to Seamonkey file. I tried deleting the file but it didn't help - the trojan seems to keep moving or something.

I have followed all steps in Geeks To Go Malware removal guide before posting this. All logs copied below as per instructions.

Any help would be REALLY appreciated. I'm terrified my bank details are getting hacked.

Looking forward to hearing from you...!



Error encountered:
Code 0x800700de. The file type being saved or retrieved has been blocked.

Category:
Trojan

Description:
This program is dangerous and executes commands from an attacker.

Advice:
Remove this software immediately.

Resources:
file:
C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lvx9ypjo.default\Mail\pop.mail.yahoo.com\Sent->(part0573:Facebook_password _4921.zip)->Facebook_password _4921.exe->(VFS:123.exe)->[DynDrop]

file:
C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lvx9ypjo.default\Mail\pop.mail.yahoo.com\Sent->(part0573:Facebook_password _4921.zip)->Facebook_password _4921.exe->[DynDrop]

file:
C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\92czq9li.default\Mail\pop.mail.yahoo.com\Inbox->(part0565:Facebook_password _4921.zip)->Facebook_password _4921.exe->(VFS:123.exe)->[DynDrop]

file:
C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\92czq9li.default\Mail\pop.mail.yahoo.com\Inbox->(part0565:Facebook_password _4921.zip)->Facebook_password _4921.exe->[DynDrop]

file:
C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\92czq9li.default\Mail\pop.mail.yahoo.com\Sent->(part0573:Facebook_password _4921.zip)->Facebook_password _4921.exe->(VFS:123.exe)->[DynDrop]

file:
C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\92czq9li.default\Mail\pop.mail.yahoo.com\Sent->(part0573:Facebook_password _4921.zip)->Facebook_password _4921.exe->[DynDrop]

View more information about this item online


__________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4395

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05/08/2010 23:15:27
mbam-log-2010-08-05 (23-15-27).txt

Scan type: Quick scan
Objects scanned: 153121
Time elapsed: 14 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


___________________________________________________________________________________________________________________________________________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-07 23:12:32
Windows 6.1.7600
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01516.log 1048576 bytes

---- EOF - GMER 1.0.15 ----

____________________________________________________________________________________________________________________________________________

OTL logfile created on: 07/08/2010 23:21:25 - Run 1[/b]
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Michael\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.07 Gb Total Space | 143.12 Gb Free Space | 64.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAEL-PC
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/07 23:15:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2010/08/01 11:45:26 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/04 18:07:06 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2009/12/07 13:17:08 | 000,038,240 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/31 21:37:57 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/27 22:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/24 20:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2009/08/21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/07 11:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/08/07 11:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/04 23:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 16:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 13:03:24 | 006,201,344 | ---- | M] (Acer Incoporated) -- C:\Program Files (x86)\Acer\Acer VCM\VC.exe
PRC - [2009/07/10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/07/29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 23:15:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/06 16:21:29 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2010/02/06 16:21:29 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2010/02/06 16:21:28 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2010/01/26 10:14:50 | 000,836,432 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/08/19 16:17:04 | 000,787,968 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 20:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/08/21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/07 11:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/07/10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2009/06/18 02:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010/02/06 16:21:45 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/02/06 16:21:45 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/02/06 16:21:44 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/12/04 18:40:30 | 000,265,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2009/12/04 18:39:44 | 000,042,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/12/04 18:30:22 | 002,007,056 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/11/13 09:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/09/15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/21 01:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/19 06:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 14:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/05/01 03:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h8z125t48j1a33s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...h8z125t48j1a33s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h8z125t48j1a33s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/02/06 16:31:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 11:45:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/01 11:45:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/05/31 13:17:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\SeaMonkey 2.0.3\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2010/05/31 13:17:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.3\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2010/07/02 13:08:16 | 000,000,000 | ---D | M]

[2010/03/24 09:26:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2010/01/09 20:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/24 09:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/08/07 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ska6qstr.default\extensions
[2010/02/06 12:28:06 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ska6qstr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/05/13 14:24:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ska6qstr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/13 12:44:15 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ska6qstr.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/03/24 09:26:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lvx9ypjo.default\extensions
[2010/03/09 22:50:17 | 000,002,242 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ska6qstr.default\searchplugins\askcom.xml
[2010/07/22 08:12:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/22 08:12:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/19 10:36:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/19 10:35:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JCVGantt Pro 3 - Auto Update.lnk = C:\Program Files (x86)\I and A Research\JCVGantt Pro 3\JCVGanttPro3Update.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.191.76.70 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{966be5cd-58d5-11df-87d1-00262d561549}\Shell - "" = AutoRun
O33 - MountPoints2\{966be5cd-58d5-11df-87d1-00262d561549}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/07 23:12:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Geeks
[2010/08/07 23:02:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/07 23:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/05 22:57:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver
[2010/08/04 23:33:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/04 23:33:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/04 23:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/04 23:19:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2010/08/04 23:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/30 10:31:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Rabs
[2010/07/26 16:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\I and A Research Inc
[2010/07/22 08:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/07 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Consultancy Firms
[2010/07/06 11:19:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\IAResearch
[2010/07/06 11:13:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\IAResearch
[2010/07/06 11:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I and A Research
[2010/06/26 14:48:48 | 000,000,000 | ---D | C] -- C:\618ba2c6097a2175aa06
[2010/06/20 11:06:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Elluminate
[2010/06/19 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/14 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Pamela Call Recordings
[2010/06/11 16:12:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/11 16:12:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/04 15:15:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PrimoPDF
[2010/06/04 15:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2010/05/31 13:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/31 13:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/31 13:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/31 13:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/05/31 13:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/05/31 13:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/31 13:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/28 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\BLACKBERRY BACKUP
[2010/05/17 12:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/05/17 12:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/05/17 12:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/05/17 12:16:48 | 000,031,744 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2010/05/17 12:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/05/11 21:31:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apps
[2010/05/11 17:26:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\wells-dc inbox
[2010/05/11 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Mail 2
[2010/05/11 16:25:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Mail
[2010/05/11 16:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMAPSize
[2010/05/11 15:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/05/11 15:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/05/11 15:19:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/11 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/05/11 15:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/11 15:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/05/11 15:05:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Help

========== Files - Modified Within 90 Days ==========

[2010/08/07 23:27:52 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/08/07 23:23:20 | 005,505,024 | -HS- | M] () -- C:\Users\Michael\ntuser.dat
[2010/08/07 23:23:20 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/08/07 22:59:20 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/07 22:59:20 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/07 22:51:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/07 22:51:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/07 22:51:18 | 2362,273,792 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 22:50:30 | 003,046,658 | -H-- | M] () -- C:\Users\Michael\AppData\Local\IconCache.db
[2010/08/07 17:08:48 | 003,245,356 | ---- | M] () -- C:\Users\Michael\Desktop\GSMA_development_fund_top20.pdf
[2010/08/06 08:32:43 | 000,066,236 | ---- | M] () -- C:\Users\Michael\Desktop\Expense Form Contractors - Michael Shaw.xlsx
[2010/08/04 23:29:41 | 145,722,416 | ---- | M] () -- C:\Users\Michael\Desktop\The Economist July 31st 2010.zip
[2010/08/03 19:15:21 | 000,735,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/03 19:15:21 | 000,632,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/03 19:15:21 | 000,112,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/03 18:56:43 | 003,094,154 | ---- | M] () -- C:\Users\Michael\Desktop\Imani RTFP Tea Final Report.pdf
[2010/07/30 10:29:23 | 000,039,166 | ---- | M] () -- C:\Users\Michael\Desktop\pics 4 paul - honey.pdf
[2010/07/30 10:29:04 | 000,190,821 | ---- | M] () -- C:\Users\Michael\Desktop\pics 4 paul - honey.docx
[2010/07/27 17:32:18 | 000,031,247 | ---- | M] () -- C:\Users\Michael\Desktop\ECF-Co Gantt Chart v1.pdf
[2010/07/27 17:01:00 | 000,017,917 | ---- | M] () -- C:\Users\Michael\Desktop\ECF-Co Implementation Plan v1.pdf
[2010/07/27 16:56:53 | 000,044,032 | ---- | M] () -- C:\Users\Michael\Desktop\ECF-Co Implementation Plan v1.xls
[2010/07/26 16:49:25 | 000,002,241 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\JCVGantt Pro 3.lnk
[2010/07/26 16:49:25 | 000,001,352 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JCVGantt Pro 3 - Auto Update.lnk
[2010/07/26 16:47:13 | 014,419,280 | ---- | M] () -- C:\Users\Michael\Desktop\JCVGantt3-E-303-Pro.exe
[2010/07/22 14:22:17 | 000,074,061 | ---- | M] () -- C:\Users\Michael\Desktop\Vetagro Porters 5 forces.jpg
[2010/07/21 07:54:12 | 000,104,448 | ---- | M] () -- C:\Users\Michael\Desktop\Shaw CV ACDIVOCA.doc
[2010/07/13 08:35:35 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{76251386-8c03-11df-8cb8-00262d561549}.TMContainer00000000000000000002.regtrans-ms
[2010/07/13 08:35:35 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{76251386-8c03-11df-8cb8-00262d561549}.TMContainer00000000000000000001.regtrans-ms
[2010/07/13 08:35:35 | 000,065,536 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{76251386-8c03-11df-8cb8-00262d561549}.TM.blf
[2010/07/12 17:42:02 | 001,211,591 | ---- | M] () -- C:\Users\Michael\Desktop\LOS-2010-SB.PDF
[2010/07/12 10:57:00 | 000,218,656 | ---- | M] () -- C:\Users\Michael\Desktop\PreExport_Finance_paper (inc Lutamyo & AP comments).docx
[2010/07/07 13:06:19 | 000,306,662 | ---- | M] () -- C:\Users\Michael\Desktop\afjae.pdf
[2010/07/05 09:20:53 | 000,003,291 | ---- | M] () -- C:\Users\Michael\.ganttproject
[2010/07/05 08:40:37 | 000,004,668 | ---- | M] () -- C:\Users\Michael\Desktop\LAKE OF STARS - Shortcut.lnk
[2010/06/26 14:25:32 | 000,005,772 | ---- | M] () -- C:\Users\Michael\Desktop\VetAgro - Shortcut.lnk
[2010/06/24 10:16:13 | 000,092,672 | ---- | M] () -- C:\Users\Public\Documents\a1420.doc
[2010/06/16 23:13:51 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{5ea01c2e-77a0-11df-ac85-00262d561549}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 23:13:51 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{5ea01c2e-77a0-11df-ac85-00262d561549}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 23:13:51 | 000,065,536 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{5ea01c2e-77a0-11df-ac85-00262d561549}.TM.blf
[2010/06/14 14:14:52 | 000,001,971 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/11 14:50:42 | 000,489,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/09 21:22:00 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{04bbe2ab-73ab-11df-bdd0-00262d561549}.TMContainer00000000000000000002.regtrans-ms
[2010/06/09 21:22:00 | 000,524,288 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{04bbe2ab-73ab-11df-bdd0-00262d561549}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 21:22:00 | 000,065,536 | -HS- | M] () -- C:\Users\Michael\ntuser.dat{04bbe2ab-73ab-11df-bdd0-00262d561549}.TM.blf
[2010/06/04 15:14:30 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/06/04 15:14:28 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/05/28 18:54:43 | 000,028,173 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/17 14:18:29 | 000,131,664 | ---- | M] () -- C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/11 15:28:06 | 000,001,141 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/05/11 15:05:52 | 000,000,510 | ---- | M] () -- C:\Windows\win.ini

========== Files Created - No Company Name ==========

[2010/08/07 17:08:48 | 003,245,356 | ---- | C] () -- C:\Users\Michael\Desktop\GSMA_development_fund_top20.pdf
[2010/08/05 13:31:28 | 000,066,236 | ---- | C] () -- C:\Users\Michael\Desktop\Expense Form Contractors - Michael Shaw.xlsx
[2010/08/04 22:38:43 | 145,722,416 | ---- | C] () -- C:\Users\Michael\Desktop\The Economist July 31st 2010.zip
[2010/08/03 18:55:59 | 003,094,154 | ---- | C] () -- C:\Users\Michael\Desktop\Imani RTFP Tea Final Report.pdf
[2010/07/30 10:29:24 | 000,039,166 | ---- | C] () -- C:\Users\Michael\Desktop\pics 4 paul - honey.pdf
[2010/07/30 10:29:03 | 000,190,821 | ---- | C] () -- C:\Users\Michael\Desktop\pics 4 paul - honey.docx
[2010/07/27 17:31:16 | 000,031,247 | ---- | C] () -- C:\Users\Michael\Desktop\ECF-Co Gantt Chart v1.pdf
[2010/07/27 16:59:51 | 000,017,917 | ---- | C] () -- C:\Users\Michael\Desktop\ECF-Co Implementation Plan v1.pdf
[2010/07/27 16:56:51 | 000,044,032 | ---- | C] () -- C:\Users\Michael\Desktop\ECF-Co Implementation Plan v1.xls
[2010/07/26 16:49:25 | 000,002,241 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\JCVGantt Pro 3.lnk
[2010/07/26 16:49:25 | 000,001,352 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JCVGantt Pro 3 - Auto Update.lnk
[2010/07/26 16:41:02 | 014,419,280 | ---- | C] () -- C:\Users\Michael\Desktop\JCVGantt3-E-303-Pro.exe
[2010/07/22 14:22:13 | 000,074,061 | ---- | C] () -- C:\Users\Michael\Desktop\Vetagro Porters 5 forces.jpg
[2010/07/21 07:54:11 | 000,104,448 | ---- | C] () -- C:\Users\Michael\Desktop\Shaw CV ACDIVOCA.doc
[2010/07/12 17:42:02 | 001,211,591 | ---- | C] () -- C:\Users\Michael\Desktop\LOS-2010-SB.PDF
[2010/07/12 10:57:00 | 000,218,656 | ---- | C] () -- C:\Users\Michael\Desktop\PreExport_Finance_paper (inc Lutamyo & AP comments).docx
[2010/07/10 11:14:17 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{76251386-8c03-11df-8cb8-00262d561549}.TMContainer00000000000000000002.regtrans-ms
[2010/07/10 11:14:17 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{76251386-8c03-11df-8cb8-00262d561549}.TMContainer00000000000000000001.regtrans-ms
[2010/07/10 11:14:17 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{76251386-8c03-11df-8cb8-00262d561549}.TM.blf
[2010/07/07 13:06:19 | 000,306,662 | ---- | C] () -- C:\Users\Michael\Desktop\afjae.pdf
[2010/07/05 09:13:18 | 000,028,113 | ---- | C] () -- C:\Users\Michael\.ganttproject.log.1
[2010/07/05 09:13:18 | 000,000,000 | ---- | C] () -- C:\Users\Michael\.ganttproject.log.lck
[2010/07/05 08:40:37 | 000,004,668 | ---- | C] () -- C:\Users\Michael\Desktop\LAKE OF STARS - Shortcut.lnk
[2010/06/26 14:25:32 | 000,005,772 | ---- | C] () -- C:\Users\Michael\Desktop\VetAgro - Shortcut.lnk
[2010/06/24 09:54:17 | 000,092,672 | ---- | C] () -- C:\Users\Public\Documents\a1420.doc
[2010/06/14 13:15:54 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{5ea01c2e-77a0-11df-ac85-00262d561549}.TMContainer00000000000000000002.regtrans-ms
[2010/06/14 13:15:54 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{5ea01c2e-77a0-11df-ac85-00262d561549}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 13:15:54 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{5ea01c2e-77a0-11df-ac85-00262d561549}.TM.blf
[2010/06/09 21:21:28 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{04bbe2ab-73ab-11df-bdd0-00262d561549}.TMContainer00000000000000000002.regtrans-ms
[2010/06/09 21:21:28 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{04bbe2ab-73ab-11df-bdd0-00262d561549}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 21:21:27 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{04bbe2ab-73ab-11df-bdd0-00262d561549}.TM.blf
[2010/06/04 15:14:30 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/06/04 15:14:29 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2010/05/28 18:49:08 | 000,028,173 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/11 15:28:06 | 000,001,141 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/03/08 20:36:58 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/13 21:24:04 | 000,001,642 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/13 13:06:47 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/10/13 12:50:07 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/10/13 12:50:07 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/08/31 22:03:35 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/31 22:03:35 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/31 22:03:33 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/31 22:03:33 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/31 22:03:33 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/31 03:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/04/21 22:48:09 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2010/08/07 22:49:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BitTorrent
[2010/01/11 11:55:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Blackberry Desktop
[2010/02/15 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/20 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Elluminate
[2010/01/17 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\eSobi
[2010/02/17 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FireShot
[2010/01/10 13:48:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GameConsole
[2010/02/06 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2010/01/12 08:11:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2010/01/17 15:36:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PlayFirst
[2010/07/30 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PrimoPDF
[2010/01/10 11:48:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Research In Motion
[2010/01/04 02:22:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Template
[2010/01/09 20:17:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird
[2010/01/11 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent
[2010/01/10 15:05:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2010/05/13 08:31:45 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/03/26 21:48:28 | 000,000,432 | ---- | M] () -- C:\909fb494-7552-429b-b912-d4a5a6923817.cab
[2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 22:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2006/12/29 12:43:16 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/08/07 22:51:18 | 2362,273,792 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/17 09:31:58 | 000,088,594 | ---- | M] () -- C:\hpfr3420.log
[2008/08/17 09:32:21 | 000,000,529 | ---- | M] () -- C:\hpfr3420.xml
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/08/07 22:51:21 | 3149,701,120 | -HS- | M] () -- C:\pagefile.sys
[2009/09/28 11:03:42 | 000,011,601 | RHS- | M] () -- C:\Patch.rev
[2010/01/04 02:10:53 | 000,000,219 | RHS- | M] () -- C:\Preload.rev
[2010/07/26 16:48:39 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2009/10/13 12:49:41 | 000,001,989 | ---- | M] () -- C:\RHDSetup.log
[2009/06/26 15:24:52 | 000,051,820 | ---- | M] () -- C:\TISP3264ENGB.exe
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/02/06 20:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
< End of report >


OTL Extras logfile created on: 07/08/2010 23:21:25 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Michael\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.07 Gb Total Space | 143.12 Gb Free Space | 64.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAEL-PC
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF-XChange 3_is1" = PDF-XChange 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0236C1B8-A699-4A8F-9121-36B41FFDB33A}" = Mindjet MindManager 8
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BitTorrent" = BitTorrent
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GanttProject" = GanttProject
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"IMAPSize_is1" = IMAPSize 0.3.7
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"JCVGantt Pro 3" = JCVGantt Pro 3
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PRJPRO" = Microsoft Office Project Professional 2007
"SeaMonkey (2.0.3)" = SeaMonkey (2.0.3)
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP