Infected with stubborn rootkit please assist me

Solved
By Claire
Jul 5, 2012
  1. Infected with 8000000.@ I have followed 5-step Viruses/Spyware/Malware Prelimary Removal Instructions and I paste here the requested log files. Please could you help me clean my computer I have been unable to do so myself.

    Malwarebytes Anti-Malware

    Malwarebytes Anti-Malware (Trial) 1.62.0.1100
    www.malwarebytes.org

    Database version: v2012.07.05.07

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Claire :: CLAIRE-LAPTOP [administrator]

    Protection: Disabled

    05/07/2012 22:32:45
    mbam-log-2012-07-05 (22-32-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213890
    Time elapsed: 12 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)

    Btw it is not deleted.

    GMER

    No modifications = no log

    DDS

    dds.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Claire at 23:22:39 on 2012-07-05
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3895.1948 [GMT 1:00]
    .
    AV: Trend Micro Internet Security Pro *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro Internet Security Pro *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\jusched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.google.com/
    uSearch Bar =
    mStart Page = hxxp://www.bigseekpro.com/mediaget/{6B1CAC1B-0070-4B5C-BFFE-3B56A5FB67CC}
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class
    BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: TmBpIeBHO: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - TmBpIeBHO Class
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    StartupFolder: C:\Users\Claire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{B57CFBD5-C545-44B5-B3A8-D0307CF94AB8} : DhcpNameServer = 10.8.232.109 10.8.232.199
    TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\35B4951303937333 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\C696E6B6379737 : DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\D61676079656 : DhcpNameServer = 10.8.232.109 10.8.232.199
    TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\E6567736163747C656D257E69667562737964797 : DhcpNameServer = 10.8.232.109 10.8.232.199
    TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\F42716E67656440303247354 : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: Madroach.dll
    LSA: Notification Packages = scecli DPPWDFLT
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - TmIEPlugInBHO Class
    BHO-X64: Trend Micro NSC BHO - No File
    BHO-X64: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO-X64: DigitalPersona Fingerprint Software Extension - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - TmBpIeBHO Class
    BHO-X64: TmBpIeBHO - No File
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    AppInit_DLLs-X64: Madroach.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\
    FF - prefs.js: browser.startup.homepage - hxxps://my.ncl.ac.uk/students/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.ftp - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
    FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Claire\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
    R0 WAEMU;WAEMU;C:\Windows\system32\Drivers\waemu.sys --> C:\Windows\system32\Drivers\waemu.sys [?]
    R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [2010-1-29 89600]
    R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-5 44808]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
    R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-4-21 59904]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 655944]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1656112]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-5 688360]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
    S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-3 113120]
    S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
    S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2012-5-13 14544]
    .
    =============== Created Last 30 ================
    .
    2012-07-05 21:54:30--------d-----w-C:\Program Files (x86)\ESET
    2012-07-05 21:53:57--------d-----w-C:\Windows\Downloaded Program Files
    2012-07-05 21:31:27711240----a-w-C:\Windows\isRS-000.tmp
    2012-07-05 17:13:50110080----a-r-C:\Users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
    2012-07-05 17:13:50110080----a-r-C:\Users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
    2012-07-05 17:13:50110080----a-r-C:\Users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
    2012-07-05 17:13:49--------d-----w-C:\sh4ldr
    2012-07-05 17:13:49--------d-----w-C:\Program Files\Enigma Software Group
    2012-07-05 17:13:02--------d-----w-C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-07-05 17:08:03--------d-----w-C:\Windows\System32\wbem\Logs
    2012-07-05 16:33:29--------d-----w-C:\Users\Claire\AppData\Roaming\DriverCure
    2012-07-05 16:33:28--------d-----w-C:\Users\Claire\AppData\Roaming\SpeedyPC Software
    2012-07-05 16:32:52--------d-----w-C:\Program Files (x86)\Common Files\SpeedyPC Software
    2012-07-05 16:32:47--------d-----w-C:\ProgramData\SpeedyPC Software
    2012-07-05 16:32:47--------d-----w-C:\Program Files (x86)\SpeedyPC Software
    2012-07-05 15:58:27--------d-----w-C:\Users\Claire\AppData\Local\Google
    2012-07-05 12:04:3354072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2012-07-05 12:04:29958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2012-07-05 12:04:2871064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2012-07-05 12:03:4341224----a-w-C:\Windows\avastSS.scr
    2012-07-05 12:03:33--------d-----w-C:\ProgramData\AVAST Software
    2012-07-05 12:03:33--------d-----w-C:\Program Files\AVAST Software
    2012-07-05 09:24:2924904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-07-05 09:24:29--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 09:21:00105744----a-w-C:\Windows\System32\drivers\tmtdi.sys
    2012-07-05 09:19:23--------d-----w-C:\Program Files\Trend Micro
    2012-07-05 08:28:5656----a-w-C:\Windows\System32\SupportTool.exe.bat
    2012-07-05 08:17:16--------d-----w-C:\Program Files (x86)\Trend Micro
    2012-07-05 08:00:14129024----a-w-C:\Windows\RegBootClean64.exe
    2012-07-03 23:18:37--------d-sh--w-C:\Windows\System32\%APPDATA%
    2012-06-30 14:03:49102400----a-w-C:\Windows\RegBootClean.exe
    2012-06-30 12:15:50--------d-----w-C:\Users\Claire\AppData\Roaming\Nuance
    2012-06-30 12:15:50--------d-----w-C:\Users\Claire\AppData\Roaming\FLEXnet
    2012-06-30 12:09:26--------d-----w-C:\Program Files (x86)\Common Files\IVA
    2012-06-30 12:09:12--------d-----w-C:\Program Files (x86)\Common Files\Nuance
    2012-06-30 12:04:44--------d-----w-C:\ProgramData\Nuance
    2012-06-30 12:04:44--------d-----w-C:\Program Files (x86)\Nuance
    2012-06-30 10:03:0569000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\offreg.dll
    2012-06-30 09:33:29--------d-----w-C:\Users\Claire\AppData\Roaming\Uvfo
    2012-06-30 09:33:29--------d-----w-C:\Users\Claire\AppData\Roaming\Pame
    2012-06-29 08:51:209013136----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\mpengine.dll
    2012-06-28 22:09:55191488----a-w-C:\Windows\SysWow64\hlvdd.dll
    2012-06-28 22:09:19--------d-----w-C:\Topas4-1
    2012-06-28 22:09:0477824----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-06-28 22:09:0432768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-06-28 22:09:04225280----a-w-C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-06-28 22:09:04176128----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-06-28 22:09:03610436----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-06-27 06:28:29--------d-----w-C:\Users\Claire\AppData\Local\Apple Computer
    2012-06-27 06:27:5334152----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-06-27 06:27:53126312----a-w-C:\Windows\System32\GEARAspi64.dll
    2012-06-27 06:27:53107368----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-06-27 06:26:56--------d-----w-C:\Program Files\iPod
    2012-06-27 06:26:53--------d-----w-C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-06-27 06:26:53--------d-----w-C:\Program Files\iTunes
    2012-06-27 06:26:53--------d-----w-C:\Program Files (x86)\iTunes
    2012-06-27 06:25:23--------d-----w-C:\Program Files\Bonjour
    2012-06-27 06:25:23--------d-----w-C:\Program Files (x86)\Bonjour
    2012-06-26 17:59:23--------d-----w-C:\Program Files (x86)\Oracle
    2012-06-26 17:58:53772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-20 21:09:11770384----a-w-C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-20 21:09:11421200----a-w-C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 22:24:452622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-18 22:24:2199840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-18 22:23:4936864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-18 22:23:49186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-16 19:41:36--------d-----w-C:\SmartDraw 2010
    2012-06-16 18:52:44--------d-----w-C:\Users\Claire\AppData\Roaming\YourFileDownloader
    2012-06-16 18:05:20--------d-----w-C:\Users\Claire\AppData\Roaming\SmartDraw
    2012-06-16 17:21:18--------d-----w-C:\Users\Claire\AppData\Roaming\Progeny
    2012-06-12 23:13:1076288----a-w-C:\Windows\System32\rdpwsx.dll
    2012-06-12 23:13:10149504----a-w-C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 23:13:099216----a-w-C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 23:13:055505392----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-06-12 23:13:043958128----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-12 23:13:043902320----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-12 23:12:523144192----a-w-C:\Windows\System32\win32k.sys
    2012-06-12 23:12:50204800----a-w-C:\Windows\System32\drivers\rdpwd.sys
    2012-06-10 14:59:40--------d-----w-C:\Users\Claire\AppData\Local\Amazon
    .
    ==================== Find3M ====================
    .
    2012-07-05 20:21:40148664----a-w-C:\Windows\SysWow64\WRusr.dll
    2012-07-05 20:21:40113168----a-w-C:\Windows\System32\drivers\WRkrn.sys
    2012-07-05 20:21:40101808----a-w-C:\Windows\System32\WRusr.dll
    2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
    2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-05-04 18:29:16687504----a-w-C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 23:24:00.27 ===============
    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 07/05/2010 23:50:11
    System Uptime: 05/07/2012 22:47:49 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G2R51
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 2126/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 106.733 GiB free.
    D: is CDROM ()
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP225: 29/06/2012 09:50:26 - Windows Update
    RP226: 30/06/2012 12:22:40 - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).
    RP227: 30/06/2012 12:48:13 - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).
    RP228: 30/06/2012 12:54:52 - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).
    RP229: 30/06/2012 13:03:09 - Installed Dragon NaturallySpeaking 11.
    RP230: 05/07/2012 13:03:20 - avast! Free Antivirus Setup
    RP231: 05/07/2012 18:04:24 - SpeedyPC Pro Backup
    RP232: 05/07/2012 18:13:09 - Installed SpyHunter
    RP233: 05/07/2012 21:03:02 - SpeedyPC Pro Backup
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20
    Accelerometer
    Adobe AIR
    Adobe Reader 9.1.2
    Amazon Kindle
    Any DVD Cloner Platinum 1.0.6
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    BatteryCare 0.9.9.0
    BBC iPlayer Desktop
    Bing Bar Platform
    BitTorrent
    Business Contact Manager for Outlook 2007 SP2
    Cambridge Structural Database System 2012
    CambridgeSoft Activation Client
    CambridgeSoft ChemDraw Ultra 12.0
    ChemAxon Marvin Beans 5.4.1.1
    Citrix XenApp Web Plugin
    Diamond 3
    Dragon NaturallySpeaking 11
    Dropbox
    EndNote X1
    EndNote X4
    ESET Online Scanner v3
    GameXN GO
    Google Chrome
    Google Update Helper
    HP Deskjet 1050 J410 series Help
    HP Photo Creations
    Huawei modem
    iLivid
    Intel(R) Graphics Media Accelerator Driver
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    JChem .NET API 5.4.1.1062
    Junk Mail filter update
    Live! Cam Avatar Creator
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.62.0.1100
    MestReNova 7.1.2-10008
    MestReNova LITE 5.2.5-5780
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MiKTeX 2.9
    Mozilla Firefox 13.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyTomTom 3.0.2.377
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    PANalytical X'Pert HighScore
    PC Connectivity Solution
    Platon Taskbar 1.15
    QuickTime
    ResearchSoft Direct Export Helper
    Rosetta Stone Version 3
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Searchqu Toolbar
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
    Skype Click to Call
    Skype™ 5.9
    Spartan '08 V1.2.0
    SpeedyPC Pro
    Spotify
    TalkByText Home Edition
    TeXnicCenter Version 1.0 Stable RC1
    Topas4-1
    Uninstall WinGX
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Visual Studio C++ 10.0 Runtime
    VLC media player 2.0.1
    WhiteBoardMeeting
    WinArchiver Virtual Drive
    WinDjView 1.0.3
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    YourFileDownloader
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/06/2012 13:10:53, Error: Service Control Manager [7030] - The Dragon Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    05/07/2012 22:49:46, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    05/07/2012 22:49:46, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The process cannot access the file because it is being used by another process.
    05/07/2012 22:49:41, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    05/07/2012 22:49:41, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    05/07/2012 22:49:06, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    05/07/2012 22:48:57, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    05/07/2012 22:48:28, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    05/07/2012 22:48:27, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.
    05/07/2012 22:48:27, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    05/07/2012 22:48:27, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    05/07/2012 19:15:04, Error: Service Control Manager [7000] - The WinArchiver Service service failed to start due to the following error: The system cannot find the file specified.
    05/07/2012 19:15:03, Error: Service Control Manager [7000] - The WRSVC service failed to start due to the following error: The system cannot find the file specified.
    05/07/2012 19:15:01, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    05/07/2012 18:13:24, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    05/07/2012 18:10:53, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
    05/07/2012 18:10:28, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
    05/07/2012 18:10:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    05/07/2012 18:10:05, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    05/07/2012 18:09:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    05/07/2012 18:04:56, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    05/07/2012 17:45:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    05/07/2012 17:40:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
    05/07/2012 17:40:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DHCP Client service to connect.
    05/07/2012 17:40:23, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    05/07/2012 17:40:23, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    05/07/2012 17:40:23, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    05/07/2012 17:40:22, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    05/07/2012 17:40:22, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    05/07/2012 17:40:22, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    05/07/2012 17:40:22, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    05/07/2012 12:06:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa81077dd5c0, 0x0000000000000000, 0xfffff88005dc0037, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-27066-01.
    05/07/2012 10:21:32, Error: Service Control Manager [7000] - The tmeevw service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
    05/07/2012 10:00:04, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 3 time(s).
    05/07/2012 09:54:32, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 2 time(s).
    05/07/2012 09:49:03, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).
    05/07/2012 09:03:01, Error: Service Control Manager [7001] - The Trend Micro Personal Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: The system cannot find the file specified.
    05/07/2012 09:03:01, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: The system cannot find the file specified.
    05/07/2012 09:01:20, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
    05/07/2012 08:09:44, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    05/07/2012 00:31:47, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    04/07/2012 21:46:41, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    04/07/2012 21:46:41, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    .
    ==== End Of File ===========================
    Thanks in advance,
    Claire
  2. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  3. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    Hi Broni,

    Thanks for the reply. I have followed the instructions (after making a mistake and pressing F12 to access boot options that way, but I just pressed Esc to leave).

    Here is FRST.txt

    Scan result of Farbar Recovery Scan Tool Version: 05-07-2012 01
    Ran by SYSTEM at 06-07-2012 02:32:36
    Running from F:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [487424 2010-01-05] (IDT, Inc.)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2010-01-08] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2010-01-08] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2010-01-08] (Intel Corporation)
    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [4099352 2009-12-18] (Dell Inc.)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
    HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-11] (Microsoft)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [330 2012-07-05] ()
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-06-27] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
    HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [688360 2012-07-05] (Webroot)
    HKU\Claire\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2010-11-14] (Acresso Corporation)
    HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-17] (Microsoft)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    AppInit_DLLs: Madroach.dll
    Lsa: [Notification Packages] scecli
    DPPWDFLT
    Startup: C:\Users\Claire\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()

    ==================== Services (Whitelisted) ======

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
    2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
    2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [59904 2009-11-29] ()
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-06-27] (Malwarebytes Corporation)
    3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
    2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-06-02] (Enigma Software Group USA, LLC.)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe [244736 2010-01-05] (IDT, Inc.)
    2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [688360 2012-07-05] (Webroot)

    ========================== Drivers (Whitelisted) =============

    2 aksdf; C:\Windows\System32\Drivers\aksdf.sys [78208 2011-11-24] (SafeNet Inc.)
    3 akshasp; C:\Windows\System32\Drivers\akshasp.sys [53760 2011-02-09] (Aladdin Knowledge Systems Ltd.)
    3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [21120 2011-08-08] (SafeNet Inc.)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
    3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
    2 Hardlock; C:\Windows\System32\Drivers\Hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
    3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2008-12-13] (Huawei Technologies Co., Ltd.)
    3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2008-12-30] (Huawei Technologies Co., Ltd.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-06-27] (Malwarebytes Corporation)
    3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
    3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
    1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105744 2012-07-05] (Trend Micro Inc.)
    3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
    0 WAEMU; C:\Windows\System32\Drivers\WAEMU.sys [110136 2011-03-03] (WinArchiver Computing, Inc.)
    3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
    0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [113168 2012-07-05] (Webroot)
    2 TMAgent; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-05 13:54 - 2012-07-05 13:54 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-07-05 13:48 - 2012-07-05 17:24 - 00000112 ____A C:\Windows\setupact.log
    2012-07-05 13:48 - 2012-07-05 13:48 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-05 13:47 - 2012-07-05 13:47 - 00004878 ____A C:\Windows\PFRO.log
    2012-07-05 13:30 - 2012-06-26 23:58 - 10623040 ____A (Malwarebytes Corporation ) C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
    2012-07-05 13:29 - 2012-07-05 13:29 - 10598437 ____A C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
    2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100.zip
    2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100 (1).zip
    2012-07-05 12:51 - 2012-07-05 12:48 - 00607260 ____R (Swearware) C:\Users\Claire\Desktop\dds.com
    2012-07-05 12:48 - 2012-07-05 12:48 - 00607260 ____R (Swearware) C:\Users\Claire\Downloads\dds.com
    2012-07-05 12:36 - 2012-07-05 12:36 - 00000000 ____A C:\Users\Claire\Desktop\gmer.log
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\skluvput.exe
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\id8gpgt6.exe
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\gph1ztc2.exe
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\2pbv4lxd.exe
    2012-07-05 10:13 - 2012-07-05 09:14 - 00008192 ____A C:\shldr.mbr
    2012-07-05 10:13 - 2010-03-11 06:17 - 00185835 ____A C:\shldr
    2012-07-05 09:13 - 2012-07-05 09:14 - 00000000 ____D C:\sh4ldr
    2012-07-05 09:13 - 2012-07-05 09:13 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-07-05 09:13 - 2012-07-05 09:13 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-07-05 09:12 - 2012-07-05 09:12 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Claire\Downloads\SpyHunter-Installer.exe
    2012-07-05 08:34 - 2012-07-05 09:00 - 00000494 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-07-05 08:33 - 2012-07-05 08:33 - 00001197 ____A C:\Users\Claire\Desktop\SpeedyPC Pro.lnk
    2012-07-05 08:33 - 2012-07-05 08:33 - 00000000 ____D C:\Users\Claire\AppData\Roaming\SpeedyPC Software
    2012-07-05 08:33 - 2012-07-05 08:33 - 00000000 ____D C:\Users\Claire\AppData\Roaming\DriverCure
    2012-07-05 08:32 - 2012-07-05 08:42 - 00000466 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
    2012-07-05 08:32 - 2012-07-05 08:42 - 00000422 ____A C:\Windows\Tasks\SpeedyPC Pro.job
    2012-07-05 08:32 - 2012-07-05 08:32 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-07-05 08:32 - 2012-07-05 08:32 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
    2012-07-05 08:31 - 2012-07-05 08:31 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Claire\Downloads\SpeedyPC Pro Installer.exe
    2012-07-05 08:30 - 2012-07-05 08:30 - 00001205 ____A C:\Users\Claire\Downloads\FixNCR.reg
    2012-07-05 07:58 - 2012-07-05 07:58 - 00000000 ____D C:\Users\Claire\AppData\Local\Google
    2012-07-05 07:12 - 2012-07-05 07:12 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-07-05 07:11 - 2012-07-05 17:24 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-05 07:11 - 2012-07-05 17:21 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-05 07:11 - 2012-07-05 07:12 - 00000000 ____D C:\Program Files (x86)\Google
    2012-07-05 04:04 - 2012-07-05 04:19 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-05 04:04 - 2012-07-05 04:04 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-07-05 04:04 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-05 04:04 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-05 04:04 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-05 04:04 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-05 04:04 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-05 04:04 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-07-05 04:04 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-05 04:03 - 2012-07-05 04:03 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-07-05 04:03 - 2012-07-05 04:03 - 00000000 ____D C:\Program Files\AVAST Software
    2012-07-05 04:03 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-07-05 04:03 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-05 04:01 - 2012-07-05 04:01 - 89050280 ____A C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
    2012-07-05 03:44 - 2012-07-05 09:06 - 00000000 ____D C:\Users\Claire\Desktop\TMRBLog
    2012-07-05 03:42 - 2012-07-05 03:42 - 08656400 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\root.com
    2012-07-05 03:21 - 2012-07-05 03:21 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Claire\Downloads\claire.com
    2012-07-05 01:24 - 2012-07-05 13:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 01:24 - 2012-07-05 13:31 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-05 01:24 - 2012-06-27 02:58 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-05 01:21 - 2012-07-05 01:10 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
    2012-07-05 01:19 - 2012-07-05 01:27 - 00000000 ____D C:\Program Files\Trend Micro
    2012-07-05 00:38 - 2012-07-05 01:18 - 00001168 ____A C:\Windows\System32\TmInstall.log
    2012-07-05 00:28 - 2012-07-05 13:48 - 00000410 _RASH C:\Users\All Users\ntuser.pol
    2012-07-05 00:28 - 2012-07-05 01:20 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat
    2012-07-05 00:17 - 2012-07-05 00:17 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2012-07-05 00:08 - 2012-07-05 00:13 - 117896248 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
    2012-07-05 00:00 - 2012-07-05 00:00 - 00129024 ____A C:\Windows\RegBootClean64.exe
    2012-07-04 15:34 - 2012-07-04 15:34 - 00001264 ____A C:\Users\Public\Desktop\MestReNova.lnk
    2012-07-03 17:35 - 2012-07-04 15:50 - 00128240 ____A C:\Users\Claire\Documents\pleoindicatrix.pptx
    2012-07-03 15:18 - 2012-07-03 15:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-30 16:03 - 2012-06-30 16:03 - 00069347 ____A C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
    2012-06-30 07:25 - 2012-06-30 07:25 - 00002075 ____A C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
    2012-06-30 06:36 - 2012-06-30 06:36 - 05994639 ____A C:\Users\Claire\Documents\trainingcomputers.wma
    2012-06-30 06:11 - 2012-06-30 06:11 - 00153149 ____A C:\Users\Claire\Documents\Untitled.wma
    2012-06-30 06:03 - 2012-07-02 14:55 - 00102400 ____A C:\Windows\RegBootClean.exe
    2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Nuance
    2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____D C:\Users\Claire\AppData\Roaming\FLEXnet
    2012-06-30 04:10 - 2012-06-30 04:10 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
    2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____D C:\Users\All Users\Nuance
    2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____D C:\Program Files (x86)\Nuance
    2012-06-30 01:33 - 2012-07-05 00:54 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Uvfo
    2012-06-30 01:33 - 2012-06-30 01:33 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Pame
    2012-06-29 09:56 - 2012-06-29 09:56 - 00000670 ____A C:\Users\Claire\Documents\iTunes.txt
    2012-06-28 14:54 - 2012-06-28 14:54 - 00000000 ____D C:\Users\Claire\Desktop\key prog
    2012-06-28 14:09 - 2012-06-28 14:09 - 00000000 ____D C:\Topas4-1
    2012-06-28 14:09 - 2006-10-18 10:12 - 00191488 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
    2012-06-28 13:53 - 2012-06-28 13:53 - 00000000 ____D C:\Users\Claire\Desktop\Structure Database
    2012-06-28 13:51 - 2012-06-28 13:52 - 00000000 ____D C:\Users\Claire\Desktop\Topas 4.1 (D)
    2012-06-26 22:28 - 2012-06-28 06:47 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Apple Computer
    2012-06-26 22:28 - 2012-06-26 22:28 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-26 22:28 - 2012-06-26 22:28 - 00000000 ____D C:\Users\Claire\AppData\Local\Apple Computer
    2012-06-26 22:27 - 2009-05-18 04:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-06-26 22:27 - 2008-04-17 03:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-06-26 22:27 - 2008-04-17 03:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-06-26 22:26 - 2012-06-26 22:27 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-06-26 22:26 - 2012-06-26 22:27 - 00000000 ____D C:\Program Files\iTunes
    2012-06-26 22:26 - 2012-06-26 22:27 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-26 22:26 - 2012-06-26 22:26 - 00000000 ____D C:\Program Files\iPod
    2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files\Bonjour
    2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-06-26 22:21 - 2012-06-26 22:22 - 79225752 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunes64Setup.exe
    2012-06-26 22:19 - 2012-06-26 22:20 - 77251480 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunesSetup.exe
    2012-06-26 09:59 - 2012-06-26 09:59 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-26 09:58 - 2012-05-04 10:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-06-26 09:58 - 2012-05-04 10:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-26 09:56 - 2012-06-26 09:56 - 00894448 ____A (Oracle Corporation) C:\Users\Claire\Desktop\jxpiinstall.exe
    2012-06-25 17:50 - 2012-06-25 17:50 - 00000000 ____D C:\Users\Claire\Downloads\Homeland S01e04 - HD
    2012-06-25 11:36 - 2012-06-26 09:45 - 00000000 ____D C:\Users\Claire\Downloads\Homeland (2011)S01E04 X264HD (NL Eng Subs) HD WEB-DL
    2012-06-25 08:52 - 2012-06-25 08:52 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-06-25 08:51 - 2012-06-25 08:51 - 22259528 ____A C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
    2012-06-23 14:45 - 2012-06-25 10:02 - 75951566 ____A C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
    2012-06-20 13:40 - 2012-06-20 14:59 - 00000000 ____D C:\Users\Claire\Downloads\Homeland (2011)S01E03 X264HD (NL Eng Subs) HD WEB-DL
    2012-06-20 03:31 - 2012-06-20 04:20 - 00000000 ____D C:\Users\Claire\Downloads\Homeland (2011) S01E02 X264HD (NL Eng Subs) HDTV TBS
    2012-06-18 14:24 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 14:24 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 14:24 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 14:24 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 14:24 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 14:24 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 14:24 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 14:23 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 14:23 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-16 22:54 - 2012-06-16 23:07 - 00000000 ____D C:\Users\Claire\Desktop\New folder (3)
    2012-06-16 16:32 - 2012-06-16 16:32 - 00099589 ____A C:\Users\Claire\Documents\LnCp3Timeline.sdr
    2012-06-16 11:41 - 2012-07-05 09:06 - 00000000 ____D C:\SmartDraw 2010
    2012-06-16 11:41 - 2012-06-16 11:41 - 00000655 ____A C:\Users\Claire\Desktop\SmartDraw 2010.lnk
    2012-06-16 10:52 - 2012-06-16 10:52 - 00000000 ____D C:\Users\Claire\AppData\Roaming\YourFileDownloader
    2012-06-16 10:51 - 2012-06-16 10:51 - 04110768 ____A (http://yourfiledownloader.com) C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
    2012-06-16 10:47 - 2012-06-16 10:47 - 00000000 ____A C:\Users\Claire\Desktop\smartdraw_crack_0.exe
    2012-06-16 10:20 - 2012-06-16 10:20 - 00001682 ____A C:\Users\Claire\Desktop\TERENASSLCA.cer
    2012-06-16 10:05 - 2012-06-16 11:42 - 00000000 ____D C:\Users\Claire\AppData\Roaming\SmartDraw
    2012-06-16 10:05 - 2012-06-16 10:05 - 00000000 ____D C:\Users\Claire\Documents\SmartDraw
    2012-06-16 10:05 - 2012-06-16 10:05 - 00000000 ____D C:\Users\Claire\AppData\System
    2012-06-16 10:04 - 2012-06-16 10:04 - 00538752 ____A C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
    2012-06-16 09:48 - 2010-09-06 16:41 - 00000000 ____D C:\Users\Claire\Desktop\Keygen
    2012-06-16 09:32 - 2012-06-16 09:32 - 24043176 ____A C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
    2012-06-16 09:21 - 2012-07-05 09:04 - 00000000 ___RD C:\Users\Claire\Documents\My Timelines
    2012-06-16 09:21 - 2012-06-16 09:21 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Progeny
    2012-06-15 17:42 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-15 17:42 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-15 17:42 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-15 17:42 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-15 17:42 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-15 17:42 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-15 17:42 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-15 17:42 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-15 17:42 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-15 17:42 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-15 17:42 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-15 17:42 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-15 17:42 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-15 17:42 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-15 17:42 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-15 17:42 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-15 17:42 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-15 17:42 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-15 17:42 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-15 17:42 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-15 17:42 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-15 17:42 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-15 17:42 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-15 17:42 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-15 17:42 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-15 17:42 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-15 17:42 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-15 17:42 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 15:13 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 15:13 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 15:13 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 15:13 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 15:13 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 15:13 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 15:12 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 15:12 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-10 06:59 - 2012-06-10 07:00 - 00000000 ____D C:\Users\Claire\Documents\My Kindle Content
    2012-06-10 06:59 - 2012-06-10 06:59 - 28901696 ____A (Amazon.com) C:\Users\Claire\Desktop\KindleForPC-installer.exe
    2012-06-10 06:59 - 2012-06-10 06:59 - 00002241 ____A C:\Users\Claire\Desktop\Kindle.lnk
    2012-06-10 06:59 - 2012-06-10 06:59 - 00000000 ____D C:\Users\Claire\AppData\Local\Amazon


    ============ 3 Months Modified Files ========================

    2012-07-05 17:24 - 2012-07-05 13:48 - 00000112 ____A C:\Windows\setupact.log
    2012-07-05 17:24 - 2012-07-05 07:11 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-05 17:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-05 17:21 - 2012-07-05 07:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-05 17:21 - 2009-07-13 21:13 - 00794982 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-05 13:55 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-05 13:55 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-05 13:48 - 2012-07-05 13:48 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-05 13:48 - 2012-07-05 00:28 - 00000410 _RASH C:\Users\All Users\ntuser.pol
    2012-07-05 13:47 - 2012-07-05 13:47 - 00004878 ____A C:\Windows\PFRO.log
    2012-07-05 13:31 - 2012-07-05 01:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-05 13:29 - 2012-07-05 13:29 - 10598437 ____A C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
    2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100.zip
    2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100 (1).zip
    2012-07-05 12:48 - 2012-07-05 12:51 - 00607260 ____R (Swearware) C:\Users\Claire\Desktop\dds.com
    2012-07-05 12:48 - 2012-07-05 12:48 - 00607260 ____R (Swearware) C:\Users\Claire\Downloads\dds.com
    2012-07-05 12:36 - 2012-07-05 12:36 - 00000000 ____A C:\Users\Claire\Desktop\gmer.log
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\skluvput.exe
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\id8gpgt6.exe
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\gph1ztc2.exe
    2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\2pbv4lxd.exe
    2012-07-05 12:21 - 2012-03-04 13:51 - 00148664 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
    2012-07-05 12:21 - 2012-03-04 13:51 - 00113168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
    2012-07-05 12:21 - 2012-03-04 13:51 - 00101808 ____A (Webroot) C:\Windows\System32\WRusr.dll
    2012-07-05 09:14 - 2012-07-05 10:13 - 00008192 ____A C:\shldr.mbr
    2012-07-05 09:13 - 2010-05-07 14:50 - 00002258 ____A C:\0
    2012-07-05 09:12 - 2012-07-05 09:12 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Claire\Downloads\SpyHunter-Installer.exe
    2012-07-05 09:00 - 2012-07-05 08:34 - 00000494 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-07-05 08:42 - 2012-07-05 08:32 - 00000466 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
    2012-07-05 08:42 - 2012-07-05 08:32 - 00000422 ____A C:\Windows\Tasks\SpeedyPC Pro.job
    2012-07-05 08:41 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-05 08:33 - 2012-07-05 08:33 - 00001197 ____A C:\Users\Claire\Desktop\SpeedyPC Pro.lnk
    2012-07-05 08:31 - 2012-07-05 08:31 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Claire\Downloads\SpeedyPC Pro Installer.exe
    2012-07-05 08:30 - 2012-07-05 08:30 - 00001205 ____A C:\Users\Claire\Downloads\FixNCR.reg
    2012-07-05 07:12 - 2012-07-05 07:12 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-07-05 04:19 - 2012-07-05 04:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-05 04:04 - 2012-07-05 04:04 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-07-05 04:01 - 2012-07-05 04:01 - 89050280 ____A C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
    2012-07-05 03:42 - 2012-07-05 03:42 - 08656400 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\root.com
    2012-07-05 03:21 - 2012-07-05 03:21 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Claire\Downloads\claire.com
    2012-07-05 01:20 - 2012-07-05 00:28 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat
    2012-07-05 01:18 - 2012-07-05 00:38 - 00001168 ____A C:\Windows\System32\TmInstall.log
    2012-07-05 01:10 - 2012-07-05 01:21 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
    2012-07-05 00:18 - 2010-05-07 14:53 - 00000824 ____A C:\Windows\System32\Drivers\etc\tmvsthfud.bin
    2012-07-05 00:18 - 2010-05-07 14:53 - 00000824 ____A C:\Windows\System32\Drivers\etc\tmvsthfss.bin
    2012-07-05 00:13 - 2012-07-05 00:08 - 117896248 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
    2012-07-05 00:00 - 2012-07-05 00:00 - 00129024 ____A C:\Windows\RegBootClean64.exe
    2012-07-04 15:50 - 2012-07-03 17:35 - 00128240 ____A C:\Users\Claire\Documents\pleoindicatrix.pptx
    2012-07-04 15:34 - 2012-07-04 15:34 - 00001264 ____A C:\Users\Public\Desktop\MestReNova.lnk
    2012-07-03 08:21 - 2012-07-05 04:04 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-07-05 04:04 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-07-05 04:04 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-07-05 04:04 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-07-05 04:04 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-03 08:21 - 2012-07-05 04:04 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-07-03 08:21 - 2012-07-05 04:04 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-03 08:21 - 2012-07-05 04:03 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-07-03 08:21 - 2012-07-05 04:03 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-02 14:55 - 2012-06-30 06:03 - 00102400 ____A C:\Windows\RegBootClean.exe
    2012-07-02 14:49 - 2010-06-17 05:58 - 00327680 ____A C:\Windows\System32\Ikeext.etl
    2012-07-01 12:18 - 2010-06-18 07:47 - 00002212 ____A C:\Users\Claire\.csds_defaults
    2012-06-30 16:03 - 2012-06-30 16:03 - 00069347 ____A C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
    2012-06-30 07:25 - 2012-06-30 07:25 - 00002075 ____A C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
    2012-06-30 06:36 - 2012-06-30 06:36 - 05994639 ____A C:\Users\Claire\Documents\trainingcomputers.wma
    2012-06-30 06:11 - 2012-06-30 06:11 - 00153149 ____A C:\Users\Claire\Documents\Untitled.wma
    2012-06-30 04:10 - 2012-06-30 04:10 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
    2012-06-29 09:56 - 2012-06-29 09:56 - 00000670 ____A C:\Users\Claire\Documents\iTunes.txt
    2012-06-27 02:58 - 2012-07-05 01:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-26 23:58 - 2012-07-05 13:30 - 10623040 ____A (Malwarebytes Corporation ) C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
    2012-06-26 22:28 - 2012-06-26 22:28 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-26 22:22 - 2012-06-26 22:21 - 79225752 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunes64Setup.exe
    2012-06-26 22:20 - 2012-06-26 22:19 - 77251480 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunesSetup.exe
    2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-26 09:56 - 2012-06-26 09:56 - 00894448 ____A (Oracle Corporation) C:\Users\Claire\Desktop\jxpiinstall.exe
    2012-06-25 10:02 - 2012-06-23 14:45 - 75951566 ____A C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
    2012-06-25 08:52 - 2012-06-25 08:52 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-06-25 08:51 - 2012-06-25 08:51 - 22259528 ____A C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
    2012-06-20 12:31 - 2011-10-31 12:43 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-16 16:37 - 2011-10-01 08:05 - 00001607 ____A C:\Users\Claire\Desktop\Play games (GameXN).lnk
    2012-06-16 16:32 - 2012-06-16 16:32 - 00099589 ____A C:\Users\Claire\Documents\LnCp3Timeline.sdr
    2012-06-16 11:41 - 2012-06-16 11:41 - 00000655 ____A C:\Users\Claire\Desktop\SmartDraw 2010.lnk
    2012-06-16 10:51 - 2012-06-16 10:51 - 04110768 ____A (http://yourfiledownloader.com) C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
    2012-06-16 10:47 - 2012-06-16 10:47 - 00000000 ____A C:\Users\Claire\Desktop\smartdraw_crack_0.exe
    2012-06-16 10:20 - 2012-06-16 10:20 - 00001682 ____A C:\Users\Claire\Desktop\TERENASSLCA.cer
    2012-06-16 10:04 - 2012-06-16 10:04 - 00538752 ____A C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
    2012-06-16 09:32 - 2012-06-16 09:32 - 24043176 ____A C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
    2012-06-16 01:45 - 2009-07-13 20:45 - 00430336 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-16 01:39 - 2010-05-08 03:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-10 06:59 - 2012-06-10 06:59 - 28901696 ____A (Amazon.com) C:\Users\Claire\Desktop\KindleForPC-installer.exe
    2012-06-10 06:59 - 2012-06-10 06:59 - 00002241 ____A C:\Users\Claire\Desktop\Kindle.lnk
    2012-06-03 12:55 - 2012-06-03 12:52 - 735358976 ____A C:\Users\Claire\Desktop\ubuntu-12.04-desktop-i386.iso
    2012-06-02 14:19 - 2012-06-18 14:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 14:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 14:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 14:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 14:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 14:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 14:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 06:19 - 2012-06-18 14:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:15 - 2012-06-18 14:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-17 18:47 - 2012-06-15 17:42 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-15 17:42 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-15 17:42 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-15 17:42 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-15 17:42 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-15 17:42 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-15 17:42 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-15 17:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-15 17:42 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-15 17:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-15 17:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-15 17:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-15 17:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-15 17:42 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-15 17:42 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-15 17:42 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-15 17:42 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-15 17:42 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-15 17:42 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-15 17:42 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-15 17:42 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-15 17:42 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-15 17:42 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-15 17:42 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-15 17:42 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-15 17:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-15 17:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-15 17:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-12 15:12 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-13 14:18 - 2012-05-13 14:18 - 00835811 ____A C:\Users\Claire\Desktop\SetupBatteryCare.zip
    2012-05-07 15:24 - 2012-05-07 14:52 - 00000315 ____A C:\Users\Claire\Desktop\combinations.txt
    2012-05-07 15:22 - 2012-05-07 15:22 - 00001110 ____A C:\Users\Claire\Desktop\combinations-code.txt
    2012-05-04 10:29 - 2012-06-26 09:58 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-05-04 10:29 - 2012-06-26 09:58 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 10:29 - 2010-05-07 15:42 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 02:52 - 2012-06-12 15:13 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:08 - 2012-06-12 15:13 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:08 - 2012-06-12 15:13 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-27 19:50 - 2012-06-12 15:12 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:34 - 2012-06-12 15:13 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:34 - 2012-06-12 15:13 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:28 - 2012-06-12 15:13 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-19 07:25 - 2012-04-19 07:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf


    ZeroAccess:
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\@
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\L
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\00000001.@
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\80000000.@
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\800000cb.@

    ZeroAccess:
    C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}
    C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\@
    C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\L
    C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 3894.68 MB
    Available physical RAM: 3259.05 MB
    Total Pagefile: 3892.83 MB
    Available Pagefile: 3247.93 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:105.58 GB) NTFS
    3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1919 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 283 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 283 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1918 MB 732 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 1918 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-28 02:14

    ======================= End Of Log ==========================
  4. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  5. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    Hello again,

    Here it is:

    Farbar Recovery Scan Tool Version: 05-07-2012 01
    Ran by SYSTEM at 2012-07-06 11:42:10
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======

    Also I need to ask what I should do about an error message that keeps popping up on Windows Restart. Before I found this forum I was trying to remove the problem myself and one software tool I used was SpyHunter4. It did find the problem but has not removed it successfully. When Windows starts I get the following warning message (currently SpyHunter4 loads on start-up) saying: 'Your DNS settings have been modified. Accept changes or retore original (saved) settings?' The options are Accept, Restore or Remind me Later. I have been clicking the latter while following your instructions. Shall I look for some log files from SpyHunter to post?

    Thanks Claire
  6. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Don't worry about any errors for now.
    We just started.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  7. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    Combofix tells me trendmicro is running... I don't think it is. I realised it wasn't working so got rid of it apart from the installers and put Avast! on my computer instead. It's not in system tray and I diasbled everything else there. Trendmicro would have been in charge of the firewall etc when the trojan/virus infected my computer. Shall I continue to run Combofix?
  8. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    And here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-07-2012 01
    Ran by SYSTEM at 2012-07-07 02:52:03 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38} moved successfully.
    C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  9. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    If you sure you disabled TM go ahead with Combofix.
  10. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    The log for combofix is below. Only glitch was that it made the computer restart when it was almost finished (scans all finished, but preparing log) and my disabling of the anti-virus (Avast and SpyHunter) did not stop it starting on the restart, sorry. I clciked to allow all the combo fix files to run. How does it look?

    Combofix.txt

    ComboFix 12-07-06.02 - Claire 07/07/2012 3:48.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3895.2427 [GMT 1:00]
    Running from: c:\users\Claire\Desktop\ComboFix.exe
    AV: Trend Micro Internet Security Pro *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Trend Micro Internet Security Pro *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Claire\AppData\Roaming\Pame
    c:\users\Claire\AppData\Roaming\Pame\qaiqf.yky
    c:\users\Claire\TrendMicro_TISPro_17.50_en-US_64-bit.exe
    c:\windows\system32\jucheck.exe
    c:\windows\system32\jusched.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-07 02:58 . 2012-07-07 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-06 10:32 . 2012-07-06 10:32 -------- d-----w- C:\FRST
    2012-07-05 21:54 . 2012-07-05 21:54 -------- d-----w- c:\program files (x86)\ESET
    2012-07-05 21:53 . 2012-07-05 21:54 -------- d-----w- c:\windows\Downloaded Program Files
    2012-07-05 17:13 . 2012-07-05 17:13 110080 ----a-r- c:\users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
    2012-07-05 17:13 . 2012-07-05 17:13 110080 ----a-r- c:\users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
    2012-07-05 17:13 . 2012-07-05 17:13 110080 ----a-r- c:\users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
    2012-07-05 17:13 . 2012-07-05 17:14 -------- d-----w- C:\sh4ldr
    2012-07-05 17:13 . 2012-07-05 17:13 -------- d-----w- c:\program files\Enigma Software Group
    2012-07-05 17:13 . 2012-07-05 17:13 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-07-05 17:08 . 2012-07-05 17:08 -------- d-----w- c:\windows\system32\wbem\Logs
    2012-07-05 16:33 . 2012-07-05 16:33 -------- d-----w- c:\users\Claire\AppData\Roaming\DriverCure
    2012-07-05 16:33 . 2012-07-05 16:33 -------- d-----w- c:\users\Claire\AppData\Roaming\SpeedyPC Software
    2012-07-05 16:32 . 2012-07-05 16:32 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
    2012-07-05 16:32 . 2012-07-05 16:32 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-07-05 16:32 . 2012-07-05 16:32 -------- d-----w- c:\program files (x86)\SpeedyPC Software
    2012-07-05 15:58 . 2012-07-05 15:58 -------- d-----w- c:\users\Claire\AppData\Local\Google
    2012-07-05 15:11 . 2012-07-05 15:12 -------- d-----w- c:\program files (x86)\Google
    2012-07-05 12:04 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-05 12:04 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-05 12:04 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-05 12:04 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-05 12:04 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-05 12:04 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-05 12:04 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-05 12:03 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-05 12:03 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-05 12:03 . 2012-07-05 12:03 -------- d-----w- c:\programdata\AVAST Software
    2012-07-05 12:03 . 2012-07-05 12:03 -------- d-----w- c:\program files\AVAST Software
    2012-07-05 09:24 . 2012-07-05 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 09:24 . 2012-06-27 10:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-05 09:21 . 2012-07-05 09:10 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2012-07-05 09:19 . 2012-07-05 09:27 -------- d-----w- c:\program files\Trend Micro
    2012-07-05 08:28 . 2012-07-05 09:20 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
    2012-07-05 08:17 . 2012-07-05 08:17 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-07-05 08:00 . 2012-07-05 08:00 129024 ----a-w- c:\windows\RegBootClean64.exe
    2012-07-03 23:18 . 2012-07-03 23:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-30 14:03 . 2012-07-02 22:55 102400 ----a-w- c:\windows\RegBootClean.exe
    2012-06-30 12:15 . 2012-06-30 12:15 -------- d-----w- c:\users\Claire\AppData\Roaming\Nuance
    2012-06-30 12:15 . 2012-06-30 12:15 -------- d-----w- c:\users\Claire\AppData\Roaming\FLEXnet
    2012-06-30 12:09 . 2012-06-30 12:09 -------- d-----w- c:\program files (x86)\Common Files\IVA
    2012-06-30 12:09 . 2012-06-30 12:09 -------- d-----w- c:\program files (x86)\Common Files\Nuance
    2012-06-30 12:04 . 2012-06-30 12:04 -------- d-----w- c:\programdata\Nuance
    2012-06-30 12:04 . 2012-06-30 12:04 -------- d-----w- c:\program files (x86)\Nuance
    2012-06-30 10:03 . 2012-06-30 10:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\offreg.dll
    2012-06-30 09:33 . 2012-07-05 08:54 -------- d-----w- c:\users\Claire\AppData\Roaming\Uvfo
    2012-06-29 08:51 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\mpengine.dll
    2012-06-28 22:09 . 2006-10-18 18:12 191488 ----a-w- c:\windows\SysWow64\hlvdd.dll
    2012-06-28 22:09 . 2012-06-28 22:09 -------- d-----w- C:\Topas4-1
    2012-06-28 22:09 . 2001-09-05 05:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-06-28 22:09 . 2001-09-05 05:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-06-28 22:09 . 2001-09-05 05:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-06-28 22:09 . 2001-09-05 05:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-06-28 22:09 . 2009-01-15 09:55 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-06-27 06:28 . 2012-06-28 14:47 -------- d-----w- c:\users\Claire\AppData\Roaming\Apple Computer
    2012-06-27 06:28 . 2012-06-27 06:28 -------- d-----w- c:\users\Claire\AppData\Local\Apple Computer
    2012-06-27 06:27 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-06-27 06:27 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-06-27 06:27 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-06-27 06:26 . 2012-06-27 06:26 -------- d-----w- c:\program files\iPod
    2012-06-27 06:26 . 2012-06-27 06:27 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-06-27 06:26 . 2012-06-27 06:27 -------- d-----w- c:\program files\iTunes
    2012-06-27 06:26 . 2012-06-27 06:27 -------- d-----w- c:\program files (x86)\iTunes
    2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files\Common Files\Apple
    2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files\Bonjour
    2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files (x86)\Bonjour
    2012-06-26 18:00 . 2012-06-26 18:00 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-26 17:59 . 2012-06-26 17:59 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-26 17:58 . 2012-05-04 18:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-20 21:09 . 2012-06-20 21:09 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-20 21:09 . 2012-06-20 21:09 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-20 20:31 . 2012-06-20 20:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-18 22:24 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-18 22:24 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-18 22:24 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-18 22:24 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-18 22:24 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-18 22:24 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-18 22:24 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-18 22:23 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-18 22:23 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-16 19:41 . 2012-07-05 17:06 -------- d-----w- C:\SmartDraw 2010
    2012-06-16 18:52 . 2012-06-16 18:52 -------- d-----w- c:\users\Claire\AppData\Roaming\YourFileDownloader
    2012-06-16 18:05 . 2012-06-16 19:42 -------- d-----w- c:\users\Claire\AppData\Roaming\SmartDraw
    2012-06-16 17:21 . 2012-06-16 17:21 -------- d-----w- c:\users\Claire\AppData\Roaming\Progeny
    2012-06-12 23:13 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-12 23:13 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-12 23:13 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-12 23:13 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-12 23:13 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-12 23:13 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-12 23:12 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
    2012-06-12 23:12 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-10 14:59 . 2012-06-10 14:59 -------- d-----w- c:\users\Claire\AppData\Local\Amazon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-05 20:21 . 2012-03-04 21:51 148664 ----a-w- c:\windows\SysWow64\WRusr.dll
    2012-07-05 20:21 . 2012-03-04 21:51 113168 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2012-07-05 20:21 . 2012-03-04 21:51 101808 ----a-w- c:\windows\system32\WRusr.dll
    2012-05-30 22:14 . 2010-06-03 13:59 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-05-30 22:13 . 2010-05-29 21:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-05-30 22:13 . 2010-05-29 21:03 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-05-23 20:40 . 2010-05-29 21:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-05-23 20:40 . 2010-06-03 13:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-05-23 20:40 . 2010-07-04 23:53 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-05-04 18:29 . 2010-05-07 23:42 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-06-27 462920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-05 688360]
    .
    c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-12-25 95232]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer9"=wdmaud.drv
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-07-05 688360]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 136176]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 116224]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
    R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
    R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys [2008-07-26 14544]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 19504]
    S0 WAEMU;WAEMU;c:\windows\system32\Drivers\waemu.sys [2011-03-04 110136]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-07-05 113168]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [2009-03-02 89600]
    S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2011-11-24 78208]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 59904]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-06-27 655944]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-02 25136]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-06-27 24904]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 15:11]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 15:11]
    .
    2012-07-07 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
    .
    2012-07-06 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2012-07-05 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-09 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-09 390680]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-09 410136]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-12-18 4099352]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
    "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    "combofix"="c:\combofix\CF9123.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.bigseekpro.com/mediaget/{6B1CAC1B-0070-4B5C-BFFE-3B56A5FB67CC}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\
    FF - prefs.js: browser.startup.homepage - hxxps://my.ncl.ac.uk/students/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.ftp - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - wwwcache.ncl.ac.uk
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 2
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
    AddRemove-YourFileDownloader - c:\program files (x86)\YourFileDownloader\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-07 04:08:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-07 03:08
    .
    Pre-Run: 117,970,591,744 bytes free
    Post-Run: 117,374,521,344 bytes free
    .
    - - End Of File - - 73BBFF75EBC8522CF8DDD9E34F90ECA2
  11. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Looks good :)

    How is computer doing?

    ==================================

    Are you running two AV programs, TM and Avast?
    If so you must uninstall one of them.

    ====================================

    Uninstall SpeedyPC Software.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ================================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  12. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    Hi computer seems much happier. Trend Micro is not installed anymore, I think it was showing up because it was in charge when the rootkit took over. I have checked in add and remove programs. when I search the system the installers are still present along with some ini, dll, xml, inf and sys files all to do with TM. Shall I delete this stuff?

    I have deleted Speedy PC Pro.

    Do you know why Malwarebytes still the 'run as admin' shield on - I am wary as this was what most things looked like when infected.

    here is log:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1100
    www.malwarebytes.org

    Database version: v2012.07.07.01

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Claire :: CLAIRE-LAPTOP [administrator]

    Protection: Disabled

    07/07/2012 04:39:17
    mbam-log-2012-07-07 (04-39-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220492
    Time elapsed: 13 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  13. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    The quarantine tab of Malwarebytes still lists all the files found before (previous scans) how should I get rid of them? Thanks for getting us here, I was very worried. I am going to do OTL now then hopefully sleep with a peaceful mind. I have to work, but any thing else I need to do or is advisable let me know. I will post OTL log before sleep.
     
  14. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Can you post a screenshot?
  15. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    It asks this every time I run it. and the icon has the little blue/yellow shield over it when running.

    Also I have been using a number of flash disks with work on and some of them were in the computer before I realised it was infected. If possible I would like too keep them as they are. Is it possible to check them for infection?
  16. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    says invalid message when try to paste pic Clipboard01.png
  17. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    You should run MBAM as administrator.

    As for flash drives...
    When we're totally done...
    Install Panda USB Vaccine, or BitDefender’s USB Immunizer on your computer to protect it from any infected USB device.
    Then you're safe to plug those drives in and scan them with your AV program.

    Go on with OTL.
  18. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    User Account Control (UAC) is a valid and important part of Windows protection.
  19. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    OLT.txt

    OTL logfile created on: 7/7/2012 5:17:08 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Claire\Desktop
    64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.80 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 61.41% Memory free
    7.60 Gb Paging File | 6.04 Gb Available in Paging File | 79.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 109.27 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
    Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CLAIRE-LAPTOP | User Name: Claire | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/07 05:14:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
    PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/06/27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/12/25 01:34:18 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    PRC - [2010/11/14 17:30:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    PRC - [2009/07/22 13:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    PRC - [2009/06/25 02:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/06/24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009/05/12 23:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    PRC - [2009/05/12 23:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    PRC - [2009/02/20 15:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/12/25 01:34:18 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    MOD - [2009/07/22 13:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/05 21:21:33 | 000,688,360 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
    SRV:64bit: - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/01/05 13:30:10 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/10/20 16:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/13 04:18:24 | 001,924,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
    SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/06/27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/20 22:09:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/08/28 20:23:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/01/05 13:30:10 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe -- (STacSV)
    SRV - [2009/11/30 04:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
    SRV - [2009/07/13 04:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/12 23:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) @C:\Program Files (x86)
    SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe -- (AESTFilters)
    SRV - [2009/02/20 15:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012/07/05 21:21:40 | 000,113,168 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
    DRV:64bit: - [2012/07/05 10:10:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    DRV:64bit: - [2011/11/24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
    DRV:64bit: - [2011/10/07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
    DRV:64bit: - [2011/08/09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
    DRV:64bit: - [2011/03/04 03:12:56 | 000,110,136 | ---- | M] (WinArchiver Computing, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\waemu.sys -- (WAEMU)
    DRV:64bit: - [2011/02/09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
    DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/04/21 08:54:40 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/02/26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
    DRV:64bit: - [2010/02/26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2010/02/26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
    DRV:64bit: - [2010/02/26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
    DRV:64bit: - [2010/01/05 13:30:10 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/12/02 15:24:38 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
    DRV:64bit: - [2009/11/27 19:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
    DRV:64bit: - [2009/11/22 01:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/11/20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/11/05 15:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/30 15:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/10/02 14:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/08/28 11:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/08/28 11:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/08/10 04:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/12/30 11:59:04 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
    DRV:64bit: - [2008/12/13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/07/26 21:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5F061A35-E649-4B35-A091-4220D1DBEEBA}
    IE:64bit: - HKLM\..\SearchScopes\{5F061A35-E649-4B35-A091-4220D1DBEEBA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/mediaget/{6B1CAC1B-0070-4B5C-BFFE-3B56A5FB67CC}
    IE - HKLM\..\SearchScopes,DefaultScope = {A2479573-D1E3-4DAB-959B-8A5C87839384}
    IE - HKLM\..\SearchScopes\{A2479573-D1E3-4DAB-959B-8A5C87839384}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\..\SearchScopes,DefaultScope = {A2479573-D1E3-4DAB-959B-8A5C87839384}
    IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/br...-0070-4B5C-BFFE-3B56A5FB67CC}?q={searchTerms}
    IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\..\SearchScopes\{A2479573-D1E3-4DAB-959B-8A5C87839384}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://my.ncl.ac.uk/students/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
    FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1164
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - prefs.js..network.proxy.autoconfig_url: "http://wwwcache.nacl.ac.uk/"
    FF - prefs.js..network.proxy.backup.ftp: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.backup.ftp_port: 8080
    FF - prefs.js..network.proxy.backup.gopher: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.backup.gopher_port: 8080
    FF - prefs.js..network.proxy.backup.socks: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.backup.socks_port: 8080
    FF - prefs.js..network.proxy.backup.ssl: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.backup.ssl_port: 8080
    FF - prefs.js..network.proxy.ftp: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.gopher: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.gopher_port: 8080
    FF - prefs.js..network.proxy.http: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "wwwcache.ncl.ac.uk"
    FF - prefs.js..network.proxy.ssl_port: 8080
    FF - prefs.js..network.proxy.type: 2


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/04/21 09:08:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/28 19:17:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/11 15:55:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/11 15:55:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/05 13:19:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 22:09:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/07 20:49:40 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/04/21 09:08:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 22:09:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/07 20:49:40 | 000,000,000 | ---D | M]

    [2010/05/08 00:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claire\AppData\Roaming\Mozilla\Extensions
    [2012/06/19 23:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\extensions
    [2012/03/13 01:32:12 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/06/19 23:30:25 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2012/02/06 01:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/10/31 21:43:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/06/20 22:09:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/06/20 22:09:05 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/06/20 22:09:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/20 22:09:05 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/06/20 22:09:05 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/06/20 22:09:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/06/20 22:09:05 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Bio3D (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
    CHR - plugin: ChemDraw (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
    CHR - Extension: Gmail = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/07 04:01:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
    O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
    O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
    O4 - HKU\S-1-5-21-998672669-1911217701-4201026386-1003..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - Startup: C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B57CFBD5-C545-44B5-B3A8-D0307CF94AB8}: DhcpNameServer = 10.8.232.109 10.8.232.199
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
    O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tmbp - No CLSID value found
    O18 - Protocol\Handler\tmpx - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  20. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    coninued....

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/07 05:14:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
    [2012/07/07 04:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2012/07/07 04:01:16 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/07 03:46:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/07 03:46:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/07 03:46:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/07 03:08:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/07 03:08:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/07 03:05:11 | 004,573,044 | R--- | C] (Swearware) -- C:\Users\Claire\Desktop\ComboFix.exe
    [2012/07/06 11:32:27 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/05 22:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/07/05 22:53:57 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
    [2012/07/05 22:30:45 | 010,623,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
    [2012/07/05 21:51:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Claire\Desktop\dds.com
    [2012/07/05 18:13:49 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/07/05 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/07/05 18:08:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/05 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\DriverCure
    [2012/07/05 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\SpeedyPC Software
    [2012/07/05 17:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/07/05 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Google
    [2012/07/05 16:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/07/05 16:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/07/05 13:04:35 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/05 13:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/05 13:04:34 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/05 13:04:33 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/05 13:04:30 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/05 13:04:29 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/05 13:04:28 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/05 13:04:28 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/05 13:03:43 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/05 13:03:42 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/05 13:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/05 13:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/05 12:44:47 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\TMRBLog
    [2012/07/05 12:42:24 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\root.com
    [2012/07/05 10:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/05 10:24:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/05 10:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/05 10:21:00 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
    [2012/07/05 10:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/07/05 09:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/07/05 09:08:28 | 117,896,248 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
    [2012/07/05 08:09:56 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    [2012/07/05 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MestReNova
    [2012/07/04 00:18:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/30 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Nuance
    [2012/06/30 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\FLEXnet
    [2012/06/30 13:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0
    [2012/06/30 13:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
    [2012/06/30 13:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
    [2012/06/30 13:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
    [2012/06/30 13:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
    [2012/06/30 10:33:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Uvfo
    [2012/06/28 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\key prog
    [2012/06/28 23:09:55 | 000,191,488 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll
    [2012/06/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topas4-1
    [2012/06/28 23:09:19 | 000,000,000 | ---D | C] -- C:\Topas4-1
    [2012/06/28 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\Structure Database
    [2012/06/28 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\Topas 4.1 (D)
    [2012/06/27 07:28:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Apple Computer
    [2012/06/27 07:28:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Apple Computer
    [2012/06/27 07:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/27 07:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/27 07:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/27 07:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/06/27 07:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2012/06/27 07:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2012/06/27 07:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2012/06/27 07:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/06/27 07:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2012/06/26 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/06/26 18:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/06/25 17:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/06/20 21:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/06/20 21:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/06/17 07:54:28 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\New folder (3)
    [2012/06/16 20:41:53 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw 2010
    [2012/06/16 20:41:36 | 000,000,000 | ---D | C] -- C:\SmartDraw 2010
    [2012/06/16 19:52:44 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\YourFileDownloader
    [2012/06/16 19:51:45 | 004,110,768 | ---- | C] (http://yourfiledownloader.com) -- C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
    [2012/06/16 19:05:41 | 000,000,000 | ---D | C] -- C:\Users\Claire\Documents\SmartDraw
    [2012/06/16 19:05:20 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\SmartDraw
    [2012/06/16 18:48:19 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\Keygen
    [2012/06/16 18:21:18 | 000,000,000 | R--D | C] -- C:\Users\Claire\Documents\My Timelines
    [2012/06/16 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Progeny
    [2012/06/10 15:59:56 | 000,000,000 | ---D | C] -- C:\Users\Claire\Documents\My Kindle Content
    [2012/06/10 15:59:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    [2012/06/10 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Amazon
    [2012/06/10 15:59:12 | 028,901,696 | ---- | C] (Amazon.com) -- C:\Users\Claire\Desktop\KindleForPC-installer.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/07 05:21:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/07 05:14:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
    [2012/07/07 04:35:57 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
    [2012/07/07 04:12:39 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/07 04:12:39 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/07 04:06:23 | 000,794,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/07 04:06:23 | 000,677,762 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/07 04:06:23 | 000,129,066 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/07 04:01:58 | 000,001,091 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    [2012/07/07 04:01:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/07 04:01:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/07 04:00:18 | 000,000,410 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/07/07 04:00:17 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2012/07/07 03:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/07 03:59:46 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/07 03:05:16 | 004,573,044 | R--- | M] (Swearware) -- C:\Users\Claire\Desktop\ComboFix.exe
    [2012/07/05 22:31:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/05 22:29:23 | 010,598,437 | ---- | M] () -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
    [2012/07/05 21:48:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Claire\Desktop\dds.com
    [2012/07/05 21:21:40 | 000,148,664 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
    [2012/07/05 21:21:40 | 000,113,168 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
    [2012/07/05 21:21:40 | 000,101,808 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
    [2012/07/05 18:14:03 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
    [2012/07/05 18:13:51 | 000,002,258 | ---- | M] () -- C:\0
    [2012/07/05 16:12:47 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/05 16:12:47 | 000,002,241 | ---- | M] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/07/05 13:19:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/07/05 13:04:35 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/05 13:01:26 | 089,050,280 | ---- | M] () -- C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
    [2012/07/05 12:42:24 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\root.com
    [2012/07/05 10:24:30 | 000,001,135 | ---- | M] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/07/05 10:20:04 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
    [2012/07/05 10:10:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
    [2012/07/05 09:18:24 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
    [2012/07/05 09:18:24 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
    [2012/07/05 09:13:19 | 117,896,248 | ---- | M] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
    [2012/07/05 09:00:14 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
    [2012/07/05 00:34:30 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\MestReNova.lnk
    [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/03 17:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 17:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/03 17:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/02 23:55:09 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
    [2012/07/01 21:18:43 | 000,002,212 | ---- | M] () -- C:\Users\Claire\.csds_defaults
    [2012/07/01 01:03:32 | 000,069,347 | ---- | M] () -- C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
    [2012/06/30 16:25:16 | 000,002,075 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
    [2012/06/30 15:36:34 | 005,994,639 | ---- | M] () -- C:\Users\Claire\Documents\trainingcomputers.wma
    [2012/06/30 15:11:49 | 000,153,149 | ---- | M] () -- C:\Users\Claire\Documents\Untitled.wma
    [2012/06/30 13:10:21 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
    [2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/27 08:58:30 | 010,623,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
    [2012/06/27 07:28:21 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/25 19:02:50 | 075,951,566 | ---- | M] () -- C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
    [2012/06/25 17:52:41 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/06/25 17:51:32 | 022,259,528 | ---- | M] () -- C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
    [2012/06/22 00:36:49 | 000,733,146 | ---- | M] () -- C:\Users\Claire\Documents\AtomicTheory.pdf
    [2012/06/20 21:31:02 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/06/17 01:32:25 | 000,099,589 | ---- | M] () -- C:\Users\Claire\Documents\LnCp3Timeline.sdr
    [2012/06/16 20:41:53 | 000,000,655 | ---- | M] () -- C:\Users\Claire\Desktop\SmartDraw 2010.lnk
    [2012/06/16 19:51:46 | 004,110,768 | ---- | M] (http://yourfiledownloader.com) -- C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
    [2012/06/16 19:47:47 | 000,000,000 | ---- | M] () -- C:\Users\Claire\Desktop\smartdraw_crack_0.exe
    [2012/06/16 19:20:12 | 000,001,682 | ---- | M] () -- C:\Users\Claire\Desktop\TERENASSLCA.cer
    [2012/06/16 19:04:32 | 000,538,752 | ---- | M] () -- C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
    [2012/06/16 18:32:46 | 024,043,176 | ---- | M] () -- C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
    [2012/06/16 10:45:55 | 000,430,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/13 00:38:10 | 010,712,356 | ---- | M] () -- C:\Users\Claire\Documents\Hajdu.pdf
    [2012/06/10 15:59:50 | 000,002,241 | ---- | M] () -- C:\Users\Claire\Desktop\Kindle.lnk
    [2012/06/10 15:59:24 | 028,901,696 | ---- | M] (Amazon.com) -- C:\Users\Claire\Desktop\KindleForPC-installer.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/07 04:35:57 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
    [2012/07/07 03:46:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/07 03:46:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/07 03:46:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/07 03:46:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/07 03:46:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/05 22:29:30 | 010,598,437 | ---- | C] () -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
    [2012/07/05 19:13:04 | 000,185,835 | ---- | C] () -- C:\shldr
    [2012/07/05 19:13:04 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
    [2012/07/05 16:12:47 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/05 16:12:47 | 000,002,241 | ---- | C] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/07/05 16:11:58 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/05 16:11:57 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/05 13:04:35 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/05 13:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/07/05 13:01:12 | 089,050,280 | ---- | C] () -- C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
    [2012/07/05 10:24:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/05 10:24:30 | 000,001,135 | ---- | C] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/07/05 09:28:56 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
    [2012/07/05 09:28:53 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/07/05 09:00:14 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
    [2012/07/05 00:34:30 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\MestReNova.lnk
    [2012/07/01 01:03:32 | 000,069,347 | ---- | C] () -- C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
    [2012/06/30 16:25:16 | 000,002,075 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
    [2012/06/30 15:36:34 | 005,994,639 | ---- | C] () -- C:\Users\Claire\Documents\trainingcomputers.wma
    [2012/06/30 15:11:49 | 000,153,149 | ---- | C] () -- C:\Users\Claire\Documents\Untitled.wma
    [2012/06/30 15:03:49 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
    [2012/06/30 13:10:21 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
    [2012/06/27 07:28:21 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/25 17:52:41 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/06/25 17:51:26 | 022,259,528 | ---- | C] () -- C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
    [2012/06/23 23:45:44 | 075,951,566 | ---- | C] () -- C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
    [2012/06/22 00:36:49 | 000,733,146 | ---- | C] () -- C:\Users\Claire\Documents\AtomicTheory.pdf
    [2012/06/17 01:32:25 | 000,099,589 | ---- | C] () -- C:\Users\Claire\Documents\LnCp3Timeline.sdr
    [2012/06/16 20:41:53 | 000,000,655 | ---- | C] () -- C:\Users\Claire\Desktop\SmartDraw 2010.lnk
    [2012/06/16 19:47:47 | 000,000,000 | ---- | C] () -- C:\Users\Claire\Desktop\smartdraw_crack_0.exe
    [2012/06/16 19:20:12 | 000,001,682 | ---- | C] () -- C:\Users\Claire\Desktop\TERENASSLCA.cer
    [2012/06/16 19:04:28 | 000,538,752 | ---- | C] () -- C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
    [2012/06/16 18:32:45 | 024,043,176 | ---- | C] () -- C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
    [2012/06/13 00:38:09 | 010,712,356 | ---- | C] () -- C:\Users\Claire\Documents\Hajdu.pdf
    [2012/06/10 15:59:50 | 000,002,241 | ---- | C] () -- C:\Users\Claire\Desktop\Kindle.lnk
    [2011/08/17 11:31:00 | 000,070,667 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
    [2011/07/10 13:56:31 | 000,004,608 | ---- | C] () -- C:\Users\Claire\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/28 11:33:57 | 000,000,040 | -HS- | C] () -- C:\Users\Claire\AppData\Roaming\.zreglib
    [2010/07/28 11:19:36 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\sysplog2.dll
    [2010/07/28 11:19:32 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\sysplog.dll
    [2010/07/23 01:06:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/06/21 22:30:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/06/18 16:47:10 | 000,002,212 | ---- | C] () -- C:\Users\Claire\.csds_defaults

    ========== LOP Check ==========

    [2010/07/28 15:28:04 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Any DVD Clone
    [2010/07/29 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Any DVD Cloner Platinum
    [2012/05/13 23:23:10 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\BatteryCare
    [2010/05/08 01:00:38 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2011/08/17 11:36:46 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Birdstep Technology
    [2012/07/05 18:06:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\BitTorrent
    [2010/06/18 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\CCDC
    [2010/05/07 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\DigitalPersona
    [2012/07/05 17:33:29 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\DriverCure
    [2011/10/31 10:23:05 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Dropbox
    [2012/07/05 18:06:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\EndNote
    [2012/07/05 18:06:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\ICAClient
    [2012/05/13 03:21:24 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Interactive Text
    [2010/10/13 21:38:34 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\IrfanView
    [2012/07/05 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Mestrelab Research S.L
    [2010/07/05 01:38:53 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Nokia
    [2012/06/30 13:15:50 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Nuance
    [2010/06/18 16:19:55 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Olex2Data
    [2010/07/05 01:50:40 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\PC Suite
    [2012/06/16 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Progeny
    [2012/06/16 20:42:19 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\SmartDraw
    [2012/07/05 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\SpeedyPC Software
    [2012/06/10 01:30:45 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Spotify
    [2012/07/05 09:54:52 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Uvfo
    [2012/06/16 19:52:44 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\YourFileDownloader
    [2012/07/05 17:41:04 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:B946D9EE
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8

    < End of report >
  21. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    Extras.txt

    OTL Extras logfile created on: 7/7/2012 5:17:08 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Claire\Desktop
    64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.80 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 61.41% Memory free
    7.60 Gb Paging File | 6.04 Gb Available in Paging File | 79.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 109.27 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
    Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CLAIRE-LAPTOP | User Name: Claire | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9B1F7FA7-906C-4AF0-8BD8-AADDF5FE28BC}" = Dell Backup and Recovery Manager
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{FC09380E-74BE-41F5-8353-E97113969040}" = DigitalPersona Personal 4.01
    "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "DW WLAN Card" = DW WLAN Card
    "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
    "{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop
    "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{48DEAAF2-8276-4BBD-B7B6-91E454938476}" = CambridgeSoft ChemDraw Ultra 12.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{658E1017-A88D-4C19-8DED-87BA0A9E18AD}" = TalkByText Home Edition
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82AED4DB-D864-432B-BCF2-9A44C025EA62}" = JChem .NET API 5.4.1.1062
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
    "{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
    "{B3151C01-8EEA-4328-892E-B3176FA5DBAC}" = Topas4-1
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.9.0
    "{D1E0A65E-AA8C-4F3E-BB0A-B60C2C62DD3E}" = Diamond 3
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D81A0984-D494-4603-9BDE-C290B9DF02C8}" = PANalytical X'Pert HighScore
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.0.6
    "avast" = avast! Free Antivirus
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "BitTorrent" = BitTorrent
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "Cambridge Structural Database System 2012 5.33" = Cambridge Structural Database System 2012
    "ChemAxon Marvin Beans 5.4.1.1" = ChemAxon Marvin Beans 5.4.1.1
    "Google Chrome" = Google Chrome
    "HP Photo Creations" = HP Photo Creations
    "Huawei Modems" = Huawei modem
    "IrfanView" = IrfanView (remove only)
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1100
    "MestReNova" = MestReNova 7.1.2-10008
    "MestReNova LITE" = MestReNova LITE 5.2.5-5780
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MiKTeX 2.9" = MiKTeX 2.9
    "Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyTomTom" = MyTomTom 3.0.2.377
    "Nokia PC Suite" = Nokia PC Suite
    "Platon for Windows Taskbar_is1" = Platon Taskbar 1.15
    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
    "Searchqu Toolbar" = Searchqu Toolbar
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "Spartan '08 V1.2.0" = Spartan '08 V1.2.0
    "Spotify" = Spotify
    "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
    "VLC media player" = VLC media player 2.0.1
    "WinArchiver Virtual Drive" = WinArchiver Virtual Drive
    "WinDjView" = WinDjView 1.0.3
    "WinGX_is1" = Uninstall WinGX
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/18/2011 1:59:32 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2011 3:47:21 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/18/2011 3:50:11 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 12/19/2011 8:55:44 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/20/2011 8:19:42 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/20/2011 8:53:08 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/21/2011 9:44:53 AM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2011 8:41:27 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/22/2011 9:14:01 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/22/2011 9:16:55 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    [ DigitalPersona Pro Events ]
    Error - 12/26/2010 10:16:49 PM | Computer Name = Claire-laptop | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    [ Media Center Events ]
    Error - 5/8/2012 11:17:12 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 16:17:12 - Error connecting to the internet. 16:17:12 - Unable
    to contact server..

    Error - 5/8/2012 11:20:43 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 16:20:37 - Error connecting to the internet. 16:20:37 - Unable
    to contact server..

    Error - 5/8/2012 12:20:49 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 17:20:49 - Error connecting to the internet. 17:20:49 - Unable
    to contact server..

    Error - 5/8/2012 12:20:55 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 17:20:54 - Error connecting to the internet. 17:20:54 - Unable
    to contact server..

    Error - 5/14/2012 11:53:12 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 16:53:12 - Error connecting to the internet. 16:53:12 - Unable
    to contact server..

    Error - 5/14/2012 11:56:41 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 16:56:37 - Error connecting to the internet. 16:56:37 - Unable
    to contact server..

    Error - 5/23/2012 3:39:27 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 20:39:27 - Error connecting to the internet. 20:39:27 - Unable
    to contact server..

    Error - 5/23/2012 3:39:37 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 20:39:32 - Error connecting to the internet. 20:39:32 - Unable
    to contact server..

    Error - 5/27/2012 7:28:39 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 00:28:39 - Error connecting to the internet. 00:28:39 - Unable
    to contact server..

    Error - 5/27/2012 7:28:48 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
    Description = 00:28:45 - Error connecting to the internet. 00:28:45 - Unable
    to contact server..

    [ OSession Events ]
    Error - 5/18/2010 12:31:22 AM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 63445
    seconds with 27120 seconds of active time. This session ended with a crash.

    Error - 5/18/2010 12:34:56 AM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/18/2010 12:55:30 AM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 64893
    seconds with 5160 seconds of active time. This session ended with a crash.

    Error - 10/28/2010 2:02:32 PM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 226
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/6/2012 10:00:47 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
    Description = The Security Center service terminated with the following error: %%2

    Error - 7/6/2012 10:01:52 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/6/2012 10:01:52 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/6/2012 10:54:10 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/6/2012 10:58:08 PM | Computer Name = Claire-laptop | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/6/2012 10:58:48 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/6/2012 10:58:54 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/6/2012 11:00:16 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/6/2012 11:02:33 PM | Computer Name = Claire-laptop | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 7/6/2012 11:03:32 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
    Description = The Security Center service terminated with the following error: %%126


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV:64bit: - [2012/07/05 10:10:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
      O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
      O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
      O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      [2012/07/05 12:42:24 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\root.com
      [2012/07/05 10:21:00 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
      [2012/07/05 10:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
      [2012/07/05 09:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
      [2012/07/05 09:08:28 | 117,896,248 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    Hello again,

    I am having to run the OTL fix from Safe Mode I hope that is OK. It kept not responding in Normal mode. I will post the log after reboot (on another computer here).
  24. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    On reboot MalwareBytes notified me of this:

    2012/07/07 01:58:44 +0100 CLAIRE-LAPTOP Claire MESSAGE Executing scheduled update: Daily
    2012/07/07 01:58:45 +0100 CLAIRE-LAPTOP Claire ERROR Scheduled update failed: No address found failed with error code 0
    2012/07/07 02:55:21 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
    2012/07/07 02:55:23 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
    2012/07/07 02:55:26 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
    2012/07/07 02:55:26 +0100 CLAIRE-LAPTOP Claire ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/07/07 03:02:50 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
    2012/07/07 03:02:53 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
    2012/07/07 03:02:56 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
    2012/07/07 03:02:56 +0100 CLAIRE-LAPTOP Claire ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/07/07 04:03:04 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
    2012/07/07 04:03:06 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
    2012/07/07 04:03:09 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
    2012/07/07 04:03:11 +0100 CLAIRE-LAPTOP Claire MESSAGE IP Protection started successfully
    2012/07/07 04:03:19 +0100 CLAIRE-LAPTOP Claire MESSAGE Stopping IP protection
    2012/07/07 04:05:22 +0100 CLAIRE-LAPTOP Claire MESSAGE IP Protection stopped
    2012/07/07 04:38:45 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting database refresh
    2012/07/07 04:38:55 +0100 CLAIRE-LAPTOP Claire MESSAGE Database refreshed successfully
    2012/07/07 14:57:16 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
    2012/07/07 14:57:20 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
    2012/07/07 14:57:24 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
    2012/07/07 14:57:26 +0100 CLAIRE-LAPTOP Claire MESSAGE IP Protection started successfully
    2012/07/07 15:15:04 +0100 CLAIRE-LAPTOP Claire IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49922, Process: avastsvc.exe)
    2012/07/07 15:15:04 +0100 CLAIRE-LAPTOP Claire IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49923, Process: avastsvc.exe)
  25. Claire

    Claire Newcomer, in training Topic Starter Posts: 38

    The last process is what it was refering to


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.