TechSpot

Possible malware infection on Windows 7 Pro x64?

Solved
By flash4203
Jan 28, 2012
  1. I have recently started getting logs from malwarebytes

    i have

    Norton 360
    Malwarebytes
    CCleaner
    Spybot S&D
    Lavasoft Ad-aware

    I have not had Compatability issues

    here is the protection-log

    2012/01/28 14:18:52 GMT FLASHALIEN-PC Flash4203 MESSAGE Starting protection
    2012/01/28 14:18:54 GMT FLASHALIEN-PC Flash4203 MESSAGE Executing scheduled update: Daily
    2012/01/28 14:18:56 GMT FLASHALIEN-PC Flash4203 MESSAGE Protection started successfully
    2012/01/28 14:18:59 GMT FLASHALIEN-PC Flash4203 MESSAGE Starting IP protection
    2012/01/28 14:19:00 GMT FLASHALIEN-PC Flash4203 MESSAGE IP Protection started successfully
    2012/01/28 14:19:06 GMT FLASHALIEN-PC Flash4203 MESSAGE Scheduled update executed successfully: database updated from version v2012.01.27.02 to version v2012.01.28.04
    2012/01/28 14:19:06 GMT FLASHALIEN-PC Flash4203 MESSAGE Starting database refresh
    2012/01/28 14:19:06 GMT FLASHALIEN-PC Flash4203 MESSAGE Stopping IP protection
    2012/01/28 14:19:50 GMT FLASHALIEN-PC Flash4203 MESSAGE IP Protection stopped
    2012/01/28 14:19:52 GMT FLASHALIEN-PC Flash4203 MESSAGE Database refreshed successfully
    2012/01/28 14:19:52 GMT FLASHALIEN-PC Flash4203 MESSAGE Starting IP protection
    2012/01/28 14:19:53 GMT FLASHALIEN-PC Flash4203 MESSAGE IP Protection started successfully
    2012/01/28 19:40:39 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:40:47 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:40:47 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:40:55 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:41:03 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:41:03 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:12 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:12 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:12 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:12 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:12 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:12 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:20 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:20 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:20 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:20 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:29 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 19:53:29 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 20:53:21 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 20:53:29 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 20:53:29 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 21:53:25 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 21:53:25 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)
    2012/01/28 21:53:33 GMT FLASHALIEN-PC Flash4203 IP-BLOCK 174.139.240.130 (Type: outgoing, Port: 30382, Process: skype.exe)

    here is the Mbam log

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.28.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Flash4203 :: FLASHALIEN-PC [administrator]

    Protection: Enabled

    28/01/2012 20:07:30
    mbam-log-2012-01-28 (20-07-30).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 458142
    Time elapsed: 1 hour(s), 40 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    gmer results

    ok as i done the other steps in the first post this is the gmer results



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-29 15:16:48
    Windows 6.1.7601 Service Pack 1
    Running: qm2dmcqm.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a166b945
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a166b945@001fe3f985fb 0xC9 0x8A 0xC3 0x5D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a166b945@001f00ba8dd4 0xCB 0xF9 0xC6 0x8F ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a166b945 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a166b945@001fe3f985fb 0xC9 0x8A 0xC3 0x5D ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a166b945@001f00ba8dd4 0xCB 0xF9 0xC6 0x8F ...

    ---- EOF - GMER 1.0.15 ----


    i think BTHPORT is the BTHomehub???
  4. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    dds scans

    DDS.txt

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Flash4203 at 15:22:05 on 2012-01-29
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4085.1432 [GMT 0:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
    C:\Program Files\xampp\apache\bin\httpd.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\OSD\OSD_Service.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\lxdicoms.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\xampp\mysql\bin\mysqld.exe
    C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\xampp\apache\bin\httpd.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\OSD\OSD_Main.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Windows\System32\jusched.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Motive\McciControlHost.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.alienware.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
    mRun: [FAStartup]
    mRun: [lxdimon.exe] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
    mRun: [lxdiamon] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
    mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
    dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{580C7698-3C64-42DD-A71A-9329E765254A} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{580C7698-3C64-42DD-A71A-9329E765254A}\244584F6D65684572623D225833525 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{580C7698-3C64-42DD-A71A-9329E765254A}\244584F6D65684572623D235157593 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{580C7698-3C64-42DD-A71A-9329E765254A}\3716C6C697 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{580C7698-3C64-42DD-A71A-9329E765254A}\F42377962756C6563737932333834373 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{7F66180D-9967-4881-92FD-056C8B3B64D8} : DhcpNameServer = 150.100.11.4
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
    LSA: Notification Packages = scecli FAPassSync
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO-X64: Ad-Aware Security Toolbar - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO-X64: FAIESSO Helper Object - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO-X64: SSOIEAddonBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
    mRun-x64: [FAStartup]
    mRun-x64: [lxdimon.exe] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
    mRun-x64: [lxdiamon] "C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
    mRun-x64: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Flash4203\AppData\Roaming\Mozilla\Firefox\Profiles\2x20les0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\Flash4203\AppData\Roaming\Mozilla\Firefox\Profiles\2x20les0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\components\dtTransparency.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ioatdma;Intel(R) QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?]
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-24 1157240]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSviA64.sys [2012-1-27 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/01/13 21:22:14];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-12 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2010-4-16 89600]
    R2 Apache2.2;Apache2.2;C:\Program Files\xampp\apache\bin\httpd.exe [2011-9-10 18432]
    R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-7-9 2409800]
    R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]
    R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe -service --> C:\Windows\system32\lxdicoms.exe -service [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-23 652872]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-5 517632]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-6-2 130008]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-4 2253120]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-28 1153368]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-21 1692480]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-11 138360]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\OSD\WinRing0x64.sys [2008-7-26 14544]
    S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-5 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdiserv.exe [2007-6-11 33712]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-11 14216]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-11 8456]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-5 136176]
    S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?]
    S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?]
    S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]
    S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]
    S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-28 19:40:16 -------- d-----r- C:\Program Files (x86)\Skype
    2012-01-28 18:15:53 -------- d-----w- C:\Users\Flash4203\AppData\Local\{2314BC52-D889-4A3D-BD3A-8BE3E1EC0423}
    2012-01-28 18:15:33 -------- d-----w- C:\Users\Flash4203\AppData\Local\{96AEE6F5-62B6-403E-9D7A-74EFA81AFEED}
    2012-01-28 01:39:23 -------- d-----w- C:\Users\Flash4203\AppData\Local\{C0F89A18-FF02-4CD8-A75D-A7507ED0ACC4}
    2012-01-28 01:39:01 -------- d-----w- C:\Users\Flash4203\AppData\Local\{6CAB5866-C387-46F5-8650-262CB350E0A2}
    2012-01-27 17:05:49 -------- d-----w- C:\Program Files\xampp
    2012-01-27 13:38:48 -------- d-----w- C:\Users\Flash4203\AppData\Local\{60DB3526-3461-4A9A-8D32-218E8D618CAA}
    2012-01-27 13:38:36 -------- d-----w- C:\Users\Flash4203\AppData\Local\{DF34E1A5-AA16-407C-A450-904788C31B52}
    2012-01-27 13:26:12 -------- d-----w- C:\Program Files (x86)\CoreFTP
    2012-01-27 12:51:01 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2012-01-27 12:49:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-01-27 12:49:30 -------- d-----w- C:\Program Files (x86)\Microsoft Expression
    2012-01-26 21:31:23 -------- d-----w- C:\Users\Flash4203\AppData\Local\{A6D0820F-5DA7-4B63-9B9D-BEF16B732451}
    2012-01-26 21:31:00 -------- d-----w- C:\Users\Flash4203\AppData\Local\{46FAE201-DEB6-4B36-B5DF-02F9AE6D0A8B}
    2012-01-24 13:33:54 -------- d-----w- C:\Users\Flash4203\AppData\Local\Fallout3
    2012-01-23 23:05:05 -------- d-----w- C:\Users\Flash4203\AppData\Roaming\Malwarebytes
    2012-01-23 23:04:26 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-23 23:04:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-01-23 23:04:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-22 17:39:40 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-01-22 00:37:04 2301208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-01-22 00:36:50 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-01-22 00:36:42 710992 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-01-21 17:11:24 -------- d-----w- C:\Program Files\iPod
    2012-01-21 17:11:14 -------- d-----w- C:\Program Files\iTunes
    2012-01-17 11:45:38 4376224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-01-15 21:51:15 -------- d-----w- C:\ProgramData\Age of Empires 3
    2012-01-14 15:45:30 -------- d-----w- C:\Users\Flash4203\AppData\Local\{AA8D8477-C57F-4768-8B4A-906CBD6231E1}
    2012-01-14 15:45:08 -------- d-----w- C:\Users\Flash4203\AppData\Local\{A3ECCE3C-AD66-4A1C-A4C6-60C8883B745E}
    2012-01-13 21:22:03 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
    2012-01-13 18:14:28 -------- d-----w- C:\Users\Flash4203\AppData\Local\{537F8D0B-3389-4C7D-8F08-1B19E6F52184}
    2012-01-13 18:14:18 -------- d-----w- C:\Users\Flash4203\AppData\Local\{014D1732-3986-40B4-98F7-640945D3717C}
    2012-01-13 17:55:44 -------- d-----w- C:\Windows\en
    2012-01-13 17:49:23 -------- d-----w- C:\Users\Flash4203\AppData\Local\{7A1819AF-C10E-4644-BCC9-A72EEB2493B4}
    2012-01-13 15:36:25 -------- d-----w- C:\ProgramData\NovaTech Network
    2012-01-13 15:31:25 -------- d-----w- C:\Program Files (x86)\Novawave
    2012-01-13 14:53:13 -------- d-----w- C:\Users\Flash4203\AppData\Local\NVIDIA Corporation
    2012-01-12 13:41:02 -------- d-----w- C:\Users\Flash4203\AppData\Local\adaware
    2012-01-12 13:41:01 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2012-01-12 13:40:52 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2012-01-12 13:40:45 -------- d-----w- C:\Program Files (x86)\adawaretb
    2012-01-12 13:40:38 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2012-01-12 13:40:25 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2012-01-10 19:58:14 307760 ----a-w- C:\Windows\System32\drivers\SynTP.sys
    2012-01-10 19:58:14 207144 ----a-w- C:\Windows\System32\SynTPAPI.dll
    2012-01-10 19:58:14 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
    2012-01-10 19:58:14 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
    2012-01-10 19:58:14 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
    2012-01-10 19:58:13 396584 ----a-w- C:\Windows\System32\SynCOM.dll
    2012-01-10 19:58:13 263464 ----a-w- C:\Windows\System32\SynCtrl.dll
    2012-01-10 19:58:13 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
    2012-01-10 19:58:13 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
    2012-01-05 18:20:12 -------- d-----w- C:\Program Files\BT Broadband Desktop Help
    2012-01-05 18:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\Motive
    2012-01-05 18:17:24 -------- d-----w- C:\Program Files\Common Files\Motive
    2012-01-05 18:16:53 -------- d-----w- C:\Program Files (x86)\BT Broadband Desktop Help
    2012-01-05 18:16:03 -------- d-----w- C:\Program Files (x86)\BTHomeHub
    2012-01-04 18:40:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2012-01-04 18:31:28 -------- d-----w- C:\Windows\SysWow64\xlive
    2012-01-04 18:31:18 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-01-04 17:52:42 -------- d-----w- C:\ProgramData\App4rTemp
    2012-01-03 12:26:20 -------- d-----w- C:\Users\Flash4203\AppData\Local\Broadcom
    2012-01-03 12:21:09 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
    2012-01-03 12:21:09 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
    2012-01-03 12:21:09 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
    2012-01-03 12:21:09 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
    2012-01-03 12:20:39 -------- d-----w- C:\Program Files\WIDCOMM
    2012-01-03 08:22:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 08:22:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
    2012-01-02 18:18:22 -------- d-----w- C:\Users\Flash4203\AppData\Local\Build.A.Gadget
    2012-01-02 15:07:01 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2012-01-02 15:06:46 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2012-01-02 15:06:40 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2012-01-02 15:06:05 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2012-01-02 00:53:13 474624 ----a-w- C:\Windows\System32\lxdihcp.dll
    2012-01-02 00:53:13 434176 ----a-w- C:\Windows\System32\lxdiinst.dll
    2012-01-02 00:53:01 -------- d-----w- C:\Program Files\Lexmark 3500-4500 Series
    2012-01-01 23:55:04 -------- d-----w- C:\Program Files (x86)\Lexmark 3500-4500 Series
    2012-01-01 23:02:53 138240 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdidrpp.dll
    .
    ==================== Find3M ====================
    .
    2012-01-13 21:20:55 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2012-01-13 21:20:54 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-12-30 18:05:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
    2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 15:23:37.43 ===============
  5. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    DDS attach

    attach.txt



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/05/2010 18:50:12
    System Uptime: 29/01/2012 14:31:21 (1 hours ago)
    .
    Motherboard: Alienware | |
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | CPU 1 | 1597/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 142.285 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\9&32781D9&0&001F00BA8DD4_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\9&32781D9&0&001F00BA8DD4_C00000000
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000004-0000-1000-8000-0002EE000002}_LOCALMFG&000F\9&32781D9&0&001F00BA8DD4_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000004-0000-1000-8000-0002EE000002}_LOCALMFG&000F\9&32781D9&0&001F00BA8DD4_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00004C47-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\9&32781D9&0&001FE3F985FB_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00004C47-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\9&32781D9&0&001FE3F985FB_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\9&32781D9&0&001F00BA8DD4_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\9&32781D9&0&001F00BA8DD4_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP201: 22/01/2012 18:17:59 - Windows Update
    RP202: 22/01/2012 18:30:22 - Windows Update
    RP203: 22/01/2012 18:34:24 - Windows Modules Installer
    RP204: 22/01/2012 18:36:00 - Restore Operation
    RP205: 24/01/2012 13:24:19 - Installed DirectX
    RP206: 24/01/2012 13:27:38 - Installed Microsoft Games for Windows - LIVE Redistributable
    RP207: 24/01/2012 13:33:11 - Windows Modules Installer
    RP208: 27/01/2012 12:50:18 - Installed DirectX
    RP209: 27/01/2012 12:51:46 - Installed DirectX
    RP210: 27/01/2012 13:37:59 - Windows Update
    RP211: 29/01/2012 00:23:20 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    ABBYY FineReader 6.0 Sprint
    abcAVI
    Ad-Aware
    Ad-Aware Security Toolbar
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.5.0
    Adobe Shockwave Player 11.5
    Advertising Center
    Age of Empires® III: Complete Collection
    Apple Application Support
    Apple Software Update
    AviSynth 2.5
    Batman: Arkham City™
    BitTorrent
    BitTorrentBar Toolbar
    BT Broadband Desktop Help
    BTHomeHub
    Business Contact Manager for Outlook 2007 SP2
    CivCity
    Command Center
    Conduit Engine
    Core FTP LE
    CyberLink PowerDVD 8
    CyberLink YouCam
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Driver Download Manager
    Driving Test Success 2003-2004
    Dual-Core Optimizer
    DVD Flick
    EASEUS Partition Master 8.0.1 Home Edition
    Fallout 3 - Game of the Year Edition
    Feedback Tool
    Fraps
    Free ISO Creator version 2.8
    FrostWire 4.21.6
    Google Earth Plug-in
    Google Update Helper
    GoToAssist Corporate
    Hazard Perception Training 2003-2004
    ImagXpress
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft Expression Design 4
    Microsoft Expression Encoder 4
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft Expression Web 4
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoHelper MergeModules
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero StartSmart
    Nero StartSmart Help
    NeroExpress
    neroxml
    Norton 360
    NovaBench 3.0.4
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    OSD Setup
    Picasa 3
    Project64 1.6
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
    RollerCoaster Tycoon 3
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Shockwave
    Sid Meier's Civilization 4
    Skype Click to Call
    Skype™ 5.5
    Spybot - Search & Destroy
    Steam
    SwiftKit
    System Requirements Lab
    System Requirements Lab CYRI
    The Elder Scrolls V: Skyrim
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Videora iPhone 4 Converter 6
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    XAMPP 1.7.7
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/01/2012 15:18:45, Error: bowser [8003] - The master browser has received a server announcement from the computer ROBERT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{580C7698-3C64-42DD-A71A-9329E765254A}. The master browser is stopping or an election is being forced.
    29/01/2012 14:33:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.
    29/01/2012 14:33:58, Error: Service Control Manager [7000] - The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    29/01/2012 14:33:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
    29/01/2012 14:33:43, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    29/01/2012 00:25:51, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function..
    28/01/2012 23:23:44, Error: Service Control Manager [7000] - The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
    28/01/2012 22:55:09, Error: volsnap [14] - The shadow copies of volume E: were aborted because of an IO failure on volume E:.
    28/01/2012 14:17:47, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    27/01/2012 17:09:51, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    26/01/2012 13:59:02, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    22/01/2012 18:53:09, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    22/01/2012 18:51:41, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    22/01/2012 18:33:14, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
    22/01/2012 18:25:02, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    22/01/2012 18:24:32, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    22/01/2012 18:24:32, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Norton.
    One of them has to go.
    I suggest Lavasoft goes.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  7. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    ASWMBR and bootkit

    this is the log asked for

    aswmbr

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-29 20:54:29
    -----------------------------
    20:54:29.520 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:54:29.520 Number of processors: 8 586 0x1E05
    20:54:29.521 ComputerName: FLASHALIEN-PC UserName: Flash4203
    20:54:34.543 Initialize success
    20:58:37.808 AVAST engine defs: 12012900
    20:59:10.512 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:59:10.515 Disk 0 Vendor: ST932042 D005 Size: 305245MB BusType: 3
    20:59:10.533 Disk 0 MBR read successfully
    20:59:10.536 Disk 0 MBR scan
    20:59:10.541 Disk 0 Windows VISTA default MBR code
    20:59:10.545 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    20:59:10.551 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
    20:59:10.587 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
    20:59:10.595 Service scanning
    20:59:18.067 Modules scanning
    20:59:18.078 Disk 0 trace - called modules:
    20:59:18.097 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    20:59:18.107 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c28790]
    20:59:18.118 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a8050]
    20:59:20.773 AVAST engine scan C:\Windows
    20:59:22.581 AVAST engine scan C:\Windows\system32
    21:03:30.392 AVAST engine scan C:\Windows\system32\drivers
    21:03:49.581 AVAST engine scan C:\Users\Flash4203
    21:21:11.092 AVAST engine scan C:\ProgramData
    21:23:56.914 Scan finished successfully
    21:26:26.642 Disk 0 MBR has been saved successfully to "C:\Users\Flash4203\Desktop\MBR.dat"
    21:26:26.649 The log file has been saved successfully to "C:\Users\Flash4203\Desktop\aswMBR.txt"


    this is bootkit remover

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...



    ^^^^^^^^^^^^^^^^^^^^^^

    i belive thats what you asked for?
  8. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Yes.

    Did you?
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    I uninstalled ad-ware when first asked to sorry not to say.

    I downloaded combofix on my laptop (on my phone ATM)

    I started running combofix at about 12am and it seems to be hanging on stage 49? and the time now is 13.25

    Is this normal? The program itself has not crashed as the _ is flashing under completed stage_48???
  10. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Finally Combofix finished

    Finally Combofix finished

    ComboFix 12-01-30.01 - Flash4203 30/01/2012 12:09:18.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4085.2011 [GMT 0:00]
    Running from: c:\users\Flash4203\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\java.exe
    c:\windows\system32\jucheck.exe
    c:\windows\system32\jusched.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-30 14:49 . 2012-01-30 14:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-01-30 14:49 . 2012-01-30 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-28 19:40 . 2012-01-28 19:40 -------- d-----r- c:\program files (x86)\Skype
    2012-01-27 17:05 . 2012-01-27 17:07 -------- d-----w- c:\program files\xampp
    2012-01-27 13:26 . 2012-01-27 13:26 -------- d-----w- c:\program files (x86)\CoreFTP
    2012-01-27 12:51 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
    2012-01-27 12:49 . 2012-01-27 12:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-01-27 12:49 . 2012-01-27 12:52 -------- d-----w- c:\program files (x86)\Microsoft Expression
    2012-01-24 13:36 . 2012-01-24 13:36 -------- d-----w- c:\program files (x86)\Reference Assemblies
    2012-01-24 13:36 . 2012-01-24 13:36 -------- d-----w- c:\program files (x86)\MSBuild
    2012-01-24 13:36 . 2012-01-24 13:36 -------- d-----w- c:\program files\Reference Assemblies
    2012-01-24 13:36 . 2012-01-24 13:36 -------- d-----w- c:\program files\MSBuild
    2012-01-24 13:33 . 2012-01-24 13:33 -------- d-----w- c:\users\Flash4203\AppData\Local\Fallout3
    2012-01-23 23:05 . 2012-01-23 23:05 -------- d-----w- c:\users\Flash4203\AppData\Roaming\Malwarebytes
    2012-01-23 23:04 . 2012-01-23 23:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-23 23:04 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-23 23:04 . 2012-01-23 23:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-22 17:39 . 2012-01-22 17:39 -------- d--h--w- c:\windows\msdownld.tmp
    2012-01-22 00:37 . 2012-01-22 00:37 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-01-22 00:36 . 2012-01-22 00:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-01-22 00:36 . 2012-01-22 00:36 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-01-21 17:11 . 2012-01-21 17:11 -------- d-----w- c:\program files\iPod
    2012-01-21 17:11 . 2012-01-21 17:13 -------- d-----w- c:\program files\iTunes
    2012-01-17 11:45 . 2012-01-17 11:45 4376224 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-01-15 21:51 . 2012-01-15 21:51 -------- d-----w- c:\programdata\Age of Empires 3
    2012-01-13 21:22 . 2012-01-13 21:22 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
    2012-01-13 17:55 . 2012-01-13 17:55 -------- d-----w- c:\windows\en
    2012-01-13 15:36 . 2012-01-13 15:36 -------- d-----w- c:\programdata\NovaTech Network
    2012-01-13 15:31 . 2012-01-13 15:31 -------- d-----w- c:\program files (x86)\Novawave
    2012-01-13 14:53 . 2012-01-13 15:42 -------- d-----w- c:\users\Flash4203\AppData\Local\NVIDIA Corporation
    2012-01-12 13:41 . 2012-01-12 13:41 -------- d-----w- c:\users\Flash4203\AppData\Local\adaware
    2012-01-12 13:41 . 2012-01-30 11:50 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2012-01-12 13:40 . 2012-01-12 13:40 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2012-01-12 13:40 . 2012-01-12 13:41 -------- d-----w- c:\program files (x86)\adawaretb
    2012-01-12 13:40 . 2012-01-12 13:40 -------- d-----w- c:\program files (x86)\Lavasoft
    2012-01-10 19:58 . 2009-10-23 13:27 307760 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2012-01-10 19:58 . 2009-10-23 13:23 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
    2012-01-10 19:58 . 2009-10-23 13:23 207144 ----a-w- c:\windows\system32\SynTPAPI.dll
    2012-01-10 19:58 . 2009-10-23 13:23 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
    2012-01-10 19:58 . 2009-08-07 09:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-01-10 19:58 . 2009-10-23 13:23 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll
    2012-01-10 19:58 . 2009-10-23 13:23 263464 ----a-w- c:\windows\system32\SynCtrl.dll
    2012-01-10 19:58 . 2009-10-23 13:23 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
    2012-01-10 19:58 . 2009-10-23 13:23 396584 ----a-w- c:\windows\system32\SynCOM.dll
    2012-01-05 18:28 . 2012-01-05 18:28 -------- d-----w- c:\users\Flash4203\AppData\Roaming\Motive
    2012-01-05 18:20 . 2012-01-05 18:20 -------- d-----w- c:\program files\BT Broadband Desktop Help
    2012-01-05 18:18 . 2012-01-05 18:28 -------- d-----w- c:\programdata\Motive
    2012-01-05 18:17 . 2012-01-05 18:18 -------- d-----w- c:\program files (x86)\Common Files\Motive
    2012-01-05 18:17 . 2012-01-05 18:20 -------- d-----w- c:\program files\Common Files\Motive
    2012-01-05 18:16 . 2012-01-05 18:16 -------- d-----w- c:\program files (x86)\BT Broadband Desktop Help
    2012-01-05 18:16 . 2012-01-05 18:16 -------- d-----w- c:\program files (x86)\BTHomeHub
    2012-01-04 19:32 . 2012-01-22 18:54 -------- d-----w- c:\users\UpdatusUser.FLASHALIEN-PC
    2012-01-04 18:40 . 2012-01-04 19:02 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2012-01-04 18:31 . 2012-01-04 18:31 -------- d-----w- c:\windows\SysWow64\xlive
    2012-01-04 18:31 . 2012-01-04 18:31 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2012-01-04 17:52 . 2012-01-04 17:52 -------- d-----w- c:\programdata\App4rTemp
    2012-01-03 12:26 . 2012-01-03 12:26 -------- d-----w- c:\users\Flash4203\AppData\Local\Broadcom
    2012-01-03 12:21 . 2009-07-02 22:41 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
    2012-01-03 12:21 . 2009-07-02 22:41 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
    2012-01-03 12:21 . 2009-07-02 22:41 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
    2012-01-03 12:21 . 2009-07-02 22:41 21160 ----a-w- c:\windows\system32\drivers\btwrchid.sys
    2012-01-03 12:20 . 2012-01-03 12:20 -------- d-----w- c:\program files\WIDCOMM
    2012-01-03 08:22 . 2012-01-03 08:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 08:22 . 2012-01-03 08:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
    2012-01-02 18:18 . 2012-01-02 18:18 -------- d-----w- c:\users\Flash4203\AppData\Local\Build.A.Gadget
    2012-01-02 15:07 . 2012-01-02 15:07 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2012-01-02 15:06 . 2012-01-02 15:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2012-01-02 15:06 . 2012-01-02 15:06 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2012-01-02 15:06 . 2012-01-02 15:06 108544 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    2012-01-02 15:05 . 2012-01-02 15:06 -------- d-----w- c:\program files (x86)\real
    2012-01-02 00:53 . 2007-05-17 11:17 474624 ----a-w- c:\windows\system32\lxdihcp.dll
    2012-01-02 00:53 . 2007-05-17 11:16 434176 ----a-w- c:\windows\system32\lxdiinst.dll
    2012-01-02 00:53 . 2012-01-02 00:53 -------- d-----w- c:\program files\Lexmark 3500-4500 Series
    2012-01-01 23:55 . 2012-01-02 00:53 -------- d-----w- c:\program files (x86)\Lexmark 3500-4500 Series
    2012-01-01 23:02 . 2007-03-16 04:11 138240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxdidrpp.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-13 21:20 . 2010-05-21 06:34 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2012-01-13 21:20 . 2006-07-12 01:35 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-12-30 18:05 . 2011-08-10 09:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-24 04:52 . 2011-12-16 00:31 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-05 05:32 . 2011-12-16 00:24 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 04:26 . 2011-12-16 00:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-11-04 01:53 . 2011-12-21 03:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-04 01:44 . 2011-12-21 03:01 1390080 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 01:44 . 2011-12-21 03:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 01:34 . 2011-12-21 03:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-03 22:47 . 2011-12-21 03:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-11-03 22:40 . 2011-12-21 03:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39 . 2011-12-21 03:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-11-03 22:31 . 2011-12-21 03:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-12-21 15:44 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-12-21 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
    "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2011-11-15 59240]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-05 32768]
    "lxdimon.exe"="c:\program files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
    "lxdiamon"="c:\program files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-07-09 95560]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-01-02 296056]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-01-12 75048]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
    "adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-07-09 22:53 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176]
    R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]
    R3 ALSysIO;ALSysIO;c:\users\FLASH4~1\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
    R3 GPU-Z;GPU-Z;c:\users\FLASH4~1\AppData\Local\Temp\GPU-Z.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 136176]
    R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
    R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
    R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
    R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
    R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSvia64.sys [2011-12-15 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/01/13 21:22];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-12 23:08 146928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-02 89600]
    S2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [2011-09-10 18432]
    S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-07-09 2409800]
    S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-08-09 517632]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-11 138360]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
    S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WINRING0_1_2_0
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 19:52]
    .
    2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 19:52]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
    "lxdiamon"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-15 487424]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2010-08-12 3451904]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.alienware.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.254
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    FF - ProfilePath - c:\users\Flash4203\AppData\Roaming\Mozilla\Firefox\Profiles\2x20les0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-01-30 14:53:40
    ComboFix-quarantined-files.txt 2012-01-30 14:53
    .
    Pre-Run: 156,053,864,448 bytes free
    Post-Run: 154,611,998,720 bytes free
    .
    - - End Of File - - 1CB7C2377EEDFCCCCDA4E4C1F27A482E
  11. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Well it seems quicker ( might just be me) and when i opened skype before i ran the tests ( after logging on to get the security progs back up) it wasnt flagged. here are the logs you required.


    OTL.txt

    OTL logfile created on: 1/30/2012 4:37:19 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Flash4203\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.99 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.49% Memory free
    7.98 Gb Paging File | 5.51 Gb Available in Paging File | 69.07% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 144.08 Gb Free Space | 50.84% Space Free | Partition Type: NTFS

    Computer Name: FLASHALIEN-PC | User Name: Flash4203 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/30 16:35:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flash4203\Desktop\OTL.exe
    PRC - [2012/01/02 15:06:01 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/11/15 21:52:04 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    PRC - [2011/11/11 18:25:36 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2011/11/11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2011/11/01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2011/10/15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/09/10 09:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\Program Files\xampp\apache\bin\httpd.exe
    PRC - [2011/09/09 17:46:10 | 008,158,720 | ---- | M] () -- C:\Program Files\xampp\mysql\bin\mysqld.exe
    PRC - [2011/09/06 17:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 15:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    PRC - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/01 17:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    PRC - [2010/08/12 09:40:12 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    PRC - [2010/08/12 09:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
    PRC - [2010/07/09 22:54:05 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    PRC - [2010/07/09 22:54:04 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    PRC - [2010/07/09 22:53:42 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    PRC - [2010/05/21 13:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    PRC - [2010/05/21 13:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2010/01/12 23:08:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    PRC - [2009/10/13 16:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/10/13 16:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/10/13 13:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/07/16 20:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2009/04/27 13:30:54 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
    PRC - [2009/04/27 13:30:52 | 000,434,856 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
    PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/27 15:21:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
    MOD - [2012/01/27 15:21:30 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
    MOD - [2012/01/27 15:21:18 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
    MOD - [2012/01/27 15:21:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2012/01/27 15:19:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
    MOD - [2012/01/27 15:18:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2012/01/27 15:18:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2012/01/27 15:18:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    MOD - [2012/01/27 15:18:28 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4125c0f3e271c399191632e9a5c61517\System.Data.ni.dll
    MOD - [2012/01/27 15:18:19 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
    MOD - [2012/01/27 15:18:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2012/01/27 15:18:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2012/01/27 15:18:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2012/01/27 15:18:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/13 20:21:47 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
    MOD - [2011/09/13 20:21:46 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
    MOD - [2011/09/13 20:21:46 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
    MOD - [2011/09/13 20:21:46 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
    MOD - [2011/09/13 20:21:46 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
    MOD - [2011/09/13 20:21:46 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
    MOD - [2011/09/13 20:21:46 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
    MOD - [2011/09/13 20:21:46 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
    MOD - [2011/09/13 20:21:46 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
    MOD - [2011/09/13 20:21:46 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
    MOD - [2011/09/13 20:21:46 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
    MOD - [2011/09/13 20:21:46 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
    MOD - [2011/09/13 20:21:46 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
    MOD - [2011/09/13 20:21:45 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
    MOD - [2011/09/13 20:21:45 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
    MOD - [2011/09/13 20:21:45 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
    MOD - [2011/09/13 20:21:45 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
    MOD - [2011/08/18 15:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/07/09 22:54:55 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
    MOD - [2010/07/09 22:53:15 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
    MOD - [2009/06/24 23:31:45 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
    MOD - [2009/04/27 13:30:54 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
    MOD - [2009/04/27 13:30:52 | 000,434,856 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
    MOD - [2007/05/02 05:11:56 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll
    MOD - [2007/05/02 05:11:56 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll
    MOD - [2007/05/02 05:10:58 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll
    MOD - [2007/04/30 08:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
    MOD - [2007/04/30 08:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll
    MOD - [2007/04/30 08:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.NetworkCardDevMon.dll
    MOD - [2007/03/23 15:41:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiscw.dll
    MOD - [2007/03/05 10:45:26 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdidatr.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/10 09:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\xampp\apache\bin\httpd.exe -- (Apache2.2)
    SRV:64bit: - [2011/09/09 17:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- C:\Program Files\xampp\mysql\bin\mysqld.exe -- (mysql)
    SRV:64bit: - [2011/06/07 19:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
    SRV:64bit: - [2010/07/09 22:53:42 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
    SRV:64bit: - [2010/05/21 09:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
    SRV:64bit: - [2009/09/15 19:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2007/06/11 15:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
    SRV:64bit: - [2007/06/11 15:15:00 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
    SRV - [2012/01/06 17:55:44 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/09/19 16:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2010/10/10 11:52:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/04 13:10:00 | 000,016,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\OSD\OSD_Service.exe -- (HappyOSD)
    SRV - [2009/10/13 16:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/10/13 13:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdicoms.exe -- (lxdi_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/07/07 23:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2011/06/02 18:47:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/31 03:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/03/31 03:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/03/24 09:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/03/24 09:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/22 06:27:46 | 000,028,264 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ITECIRfilter.sys -- (ITECIRfilter)
    DRV:64bit: - [2011/03/15 02:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/27 06:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2011/01/27 05:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/07/13 08:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
    DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2009/12/10 01:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
    DRV:64bit: - [2009/12/02 07:45:32 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
    DRV:64bit: - [2009/10/23 13:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/10/13 16:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/10/13 05:22:02 | 000,178,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
    DRV:64bit: - [2009/09/15 19:49:02 | 000,499,712 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
    DRV:64bit: - [2009/09/15 04:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/08/21 08:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:53:46 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel(R)
    DRV:64bit: - [2009/07/13 19:53:42 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
    DRV:64bit: - [2009/07/13 19:42:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma) Intel(R)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/02 22:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/07/02 22:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/01 13:50:52 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
    DRV:64bit: - [2008/10/03 20:39:00 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2008/09/25 03:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2008/03/03 23:19:04 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2007/07/28 00:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2007/04/11 14:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
    DRV:64bit: - [2007/04/11 14:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
    DRV:64bit: - [2006/11/01 16:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/12/20 21:03:51 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120129.008\EX64.SYS -- (NAVEX15)
    DRV - [2011/12/20 21:03:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120129.008\ENG64.SYS -- (NAVENG)
    DRV - [2011/12/15 23:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSviA64.sys -- (IDSVia64)
    DRV - [2011/12/01 02:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/11/11 11:55:55 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/11/11 11:55:55 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/03/24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/03/24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2010/08/12 09:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/08/12 09:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/01/12 23:08:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/01/13 21:22:14] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
    IE - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: " "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2790392&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6
    FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/01/30 11:49:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6 [2012/01/30 11:49:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/22 18:49:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/02 15:06:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/14 12:41:54 | 000,000,000 | ---D | M]

    [2010/11/01 11:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flash4203\AppData\Roaming\Mozilla\Extensions
    [2012/01/30 15:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flash4203\AppData\Roaming\Mozilla\Firefox\Profiles\2x20les0.default\extensions
    [2011/09/16 17:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flash4203\AppData\Roaming\Mozilla\Firefox\Profiles\2x20les0.default\extensions\engine@conduit.com-trash
    [2010/12/29 19:41:48 | 000,000,863 | ---- | M] () -- C:\Users\Flash4203\AppData\Roaming\Mozilla\Firefox\Profiles\2x20les0.default\searchplugins\conduit.xml
    [2012/01/28 19:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/28 19:40:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/11/10 22:04:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/06 16:08:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/16 20:21:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/08/03 09:38:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/23 15:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/01/30 11:49:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_3_6
    [2012/01/30 11:49:22 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
    [2012/01/22 18:49:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    File not found (No name found) -- C:\USERS\FLASH4203\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2X20LES0.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/11/11 14:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
    [2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
  13. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Cont.....

    O1 HOSTS File: ([2012/01/30 14:50:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
    O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
    O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [lxdiamon] C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
    O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe (HH)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O4 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{580C7698-3C64-42DD-A71A-9329E765254A}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F66180D-9967-4881-92FD-056C8B3B64D8}: DhcpNameServer = 150.100.11.4
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/30 16:34:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Flash4203\Desktop\OTL.exe
    [2012/01/30 16:30:31 | 000,000,000 | R--D | C] -- C:\Users\Flash4203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
    [2012/01/30 16:30:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/30 12:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/30 12:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/30 12:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/30 12:05:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/30 12:05:00 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/01/30 12:01:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/30 11:55:01 | 004,394,165 | R--- | C] (Swearware) -- C:\Users\Flash4203\Desktop\ComboFix.exe
    [2012/01/29 21:29:06 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Flash4203\Desktop\boot_cleaner.exe
    [2012/01/29 20:53:50 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Flash4203\Desktop\aswMBR.exe
    [2012/01/29 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{FBBD4FCA-807F-4CC5-A71F-7B571413CD5E}
    [2012/01/29 18:50:18 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{B7030B51-7EEC-4F03-9B1B-EA0AEF972E34}
    [2012/01/29 15:20:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Flash4203\Desktop\dds.scr
    [2012/01/28 19:40:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2012/01/28 19:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/01/28 18:15:53 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{2314BC52-D889-4A3D-BD3A-8BE3E1EC0423}
    [2012/01/28 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{96AEE6F5-62B6-403E-9D7A-74EFA81AFEED}
    [2012/01/28 01:39:23 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{C0F89A18-FF02-4CD8-A75D-A7507ED0ACC4}
    [2012/01/28 01:39:01 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{6CAB5866-C387-46F5-8650-262CB350E0A2}
    [2012/01/27 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
    [2012/01/27 17:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\xampp
    [2012/01/27 13:38:48 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{60DB3526-3461-4A9A-8D32-218E8D618CAA}
    [2012/01/27 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{DF34E1A5-AA16-407C-A450-904788C31B52}
    [2012/01/27 13:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreFTP
    [2012/01/27 13:26:12 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP
    [2012/01/27 12:52:35 | 000,000,000 | --SD | C] -- C:\Users\Flash4203\Documents\My Web Sites
    [2012/01/27 12:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
    [2012/01/27 12:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2012/01/27 12:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression
    [2012/01/26 21:31:23 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{A6D0820F-5DA7-4B63-9B9D-BEF16B732451}
    [2012/01/26 21:31:00 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{46FAE201-DEB6-4B36-B5DF-02F9AE6D0A8B}
    [2012/01/24 13:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
    [2012/01/24 13:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
    [2012/01/24 13:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2012/01/24 13:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2012/01/24 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\Fallout3
    [2012/01/23 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Roaming\Malwarebytes
    [2012/01/23 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/23 23:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/23 23:04:25 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/23 23:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/21 17:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/21 17:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/21 17:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/15 21:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
    [2012/01/14 15:45:30 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{AA8D8477-C57F-4768-8B4A-906CBD6231E1}
    [2012/01/14 15:45:08 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{A3ECCE3C-AD66-4A1C-A4C6-60C8883B745E}
    [2012/01/14 12:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/01/13 21:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
    [2012/01/13 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{537F8D0B-3389-4C7D-8F08-1B19E6F52184}
    [2012/01/13 18:14:18 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{014D1732-3986-40B4-98F7-640945D3717C}
    [2012/01/13 17:55:44 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/01/13 17:49:23 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\{7A1819AF-C10E-4644-BCC9-A72EEB2493B4}
    [2012/01/13 15:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NovaTech Network
    [2012/01/13 15:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaBench
    [2012/01/13 15:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novawave
    [2012/01/13 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\NVIDIA Corporation
    [2012/01/12 13:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2012/01/12 13:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2012/01/12 13:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
    [2012/01/11 14:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012/01/10 19:58:14 | 000,307,760 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
    [2012/01/10 19:58:14 | 000,207,144 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
    [2012/01/10 19:58:14 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
    [2012/01/10 19:58:14 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
    [2012/01/10 19:58:13 | 000,396,584 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
    [2012/01/10 19:58:13 | 000,263,464 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
    [2012/01/10 19:58:13 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
    [2012/01/10 19:58:13 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
    [2012/01/10 19:47:40 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
    [2012/01/10 19:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
    [2012/01/05 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Roaming\Motive
    [2012/01/05 18:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Broadband Desktop Help
    [2012/01/05 18:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
    [2012/01/05 18:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
    [2012/01/05 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
    [2012/01/05 18:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
    [2012/01/05 18:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BT Broadband Desktop Help
    [2012/01/05 18:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BTHomeHub
    [2012/01/05 18:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BTHomeHub
    [2012/01/04 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\Documents\Games for Windows - LIVE Demos
    [2012/01/04 19:30:31 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2012/01/04 19:30:31 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2012/01/04 18:54:11 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\Documents\WB Games
    [2012/01/04 18:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2012/01/04 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
    [2012/01/04 18:31:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
    [2012/01/04 18:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    [2012/01/04 18:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2012/01/04 17:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
    [2012/01/04 13:22:59 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\Documents\Finding work
    [2012/01/03 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\Broadcom
    [2012/01/03 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\Documents\Bluetooth Exchange Folder
    [2012/01/03 12:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
    [2012/01/02 18:18:22 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Local\Build.A.Gadget
    [2012/01/02 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Flash4203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/01/02 15:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2012/01/02 15:06:03 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/01/02 15:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
    [2012/01/02 15:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real
    [2012/01/02 00:53:13 | 000,474,624 | ---- | C] ( ) -- C:\Windows\SysNative\lxdihcp.dll
    [2012/01/02 00:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
    [2012/01/02 00:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 3500-4500 Series
    [2012/01/02 00:01:59 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
    [2012/01/02 00:01:59 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
    [2012/01/02 00:01:59 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
    [2012/01/02 00:01:59 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
    [2012/01/02 00:01:59 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
    [2012/01/02 00:01:59 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
    [2012/01/02 00:01:59 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
    [2012/01/02 00:01:59 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
    [2012/01/02 00:01:59 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
    [2012/01/02 00:01:59 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
    [2012/01/02 00:01:59 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
    [2012/01/02 00:01:59 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
    [2012/01/02 00:01:59 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
    [2012/01/02 00:01:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
    [2012/01/02 00:01:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
    [2012/01/01 23:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 3500-4500 Series
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/30 16:35:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flash4203\Desktop\OTL.exe
    [2012/01/30 16:30:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/30 16:26:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/30 15:38:32 | 000,000,024 | ---- | M] () -- C:\Users\Flash4203\random.dat
    [2012/01/30 15:37:42 | 000,000,048 | ---- | M] () -- C:\Users\Flash4203\jagex_cl_runescape_LIVE.dat
    [2012/01/30 14:50:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/30 11:58:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/30 11:58:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/30 11:55:07 | 004,394,165 | R--- | M] (Swearware) -- C:\Users\Flash4203\Desktop\ComboFix.exe
    [2012/01/30 11:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/30 11:47:08 | 3212,181,504 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/29 21:26:26 | 000,000,512 | ---- | M] () -- C:\Users\Flash4203\Desktop\MBR.dat
    [2012/01/29 20:54:16 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Flash4203\Desktop\aswMBR.exe
    [2012/01/29 15:20:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Flash4203\Desktop\dds.scr
    [2012/01/29 00:25:04 | 000,836,258 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/29 00:25:04 | 000,702,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/29 00:25:04 | 000,140,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/29 00:24:57 | 000,836,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/28 22:56:54 | 000,302,592 | ---- | M] () -- C:\Users\Flash4203\Desktop\qm2dmcqm.exe
    [2012/01/28 19:40:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/01/28 03:12:13 | 000,001,705 | ---- | M] () -- C:\Users\Flash4203\Desktop\ExpressionWeb.exe - Shortcut.lnk
    [2012/01/27 17:09:58 | 000,000,814 | ---- | M] () -- C:\Users\Flash4203\Desktop\XAMPP Control Panel.lnk
    [2012/01/27 13:26:12 | 000,000,780 | ---- | M] () -- C:\Users\Flash4203\Desktop\Core FTP LE.lnk
    [2012/01/26 13:40:35 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/01/26 13:40:35 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/01/25 14:29:44 | 000,000,353 | ---- | M] () -- C:\Users\Flash4203\AppData\Roaming\Network Meter_Settings.ini
    [2012/01/23 23:04:28 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/23 22:53:32 | 000,007,657 | ---- | M] () -- C:\Users\Flash4203\AppData\Local\Resmon.ResmonCfg
    [2012/01/23 22:33:03 | 000,000,221 | ---- | M] () -- C:\Users\Flash4203\Desktop\Fallout 3 - Game of the Year Edition.url
    [2012/01/22 17:35:42 | 000,000,165 | ---- | M] () -- C:\Users\Flash4203\AppData\Roaming\Battery Meter_Settings.ini
    [2012/01/21 23:27:18 | 000,000,412 | ---- | M] () -- C:\Users\Flash4203\AppData\Roaming\All CPU Meter_Settings.ini
    [2012/01/21 17:13:13 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/15 18:10:13 | 000,000,222 | ---- | M] () -- C:\Users\Flash4203\Desktop\Age of Empires III Complete Collection.url
    [2012/01/14 18:47:52 | 000,000,129 | ---- | M] () -- C:\Users\Flash4203\jagex_runescape_preferences2.dat
    [2012/01/14 18:47:02 | 000,000,046 | ---- | M] () -- C:\Users\Flash4203\jagex_runescape_preferences.dat
    [2012/01/14 12:41:55 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/01/13 21:22:08 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk
    [2012/01/13 15:37:36 | 000,000,991 | ---- | M] () -- C:\Users\Flash4203\Documents\firsttest.nbr
    [2012/01/13 14:54:25 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\NVIDIA System Monitor.lnk
    [2012/01/13 14:53:25 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Performance.lnk
    [2012/01/12 13:18:13 | 000,440,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120128-182225.backup
    [2012/01/11 13:33:57 | 009,218,204 | ---- | M] () -- C:\Users\Flash4203\Documents\Image.nrg
    [2012/01/10 19:42:14 | 000,414,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/01/10 19:36:56 | 000,002,635 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
    [2012/01/05 18:22:31 | 000,001,412 | ---- | M] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
    [2012/01/05 18:16:27 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\BT Broadband Life.LNK
    [2012/01/05 18:16:20 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\BT Yahoo! Online.LNK
    [2012/01/03 20:43:30 | 000,440,051 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120112-131813.backup
    [2012/01/03 12:21:29 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/01/02 23:02:31 | 000,000,221 | ---- | M] () -- C:\Users\Flash4203\Desktop\Batman Arkham City.url
    [2012/01/02 15:06:56 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2012/01/02 15:06:03 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/01/02 01:06:25 | 000,071,536 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
    [2012/01/02 01:06:12 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
    [2012/01/02 00:02:49 | 000,076,431 | ---- | M] () -- C:\Windows\SysWow64\LexFiles.ulf
    [2012/01/01 23:09:44 | 000,000,047 | ---- | M] () -- C:\Windows\WinInit.Ini
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/30 12:05:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/30 12:05:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/30 12:05:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/30 12:05:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/30 12:05:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/29 21:26:26 | 000,000,512 | ---- | C] () -- C:\Users\Flash4203\Desktop\MBR.dat
    [2012/01/28 22:56:53 | 000,302,592 | ---- | C] () -- C:\Users\Flash4203\Desktop\qm2dmcqm.exe
    [2012/01/28 03:12:13 | 000,001,705 | ---- | C] () -- C:\Users\Flash4203\Desktop\ExpressionWeb.exe - Shortcut.lnk
    [2012/01/27 17:09:58 | 000,000,814 | ---- | C] () -- C:\Users\Flash4203\Desktop\XAMPP Control Panel.lnk
    [2012/01/27 13:26:12 | 000,000,780 | ---- | C] () -- C:\Users\Flash4203\Desktop\Core FTP LE.lnk
    [2012/01/23 23:04:28 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/23 22:53:32 | 000,007,657 | ---- | C] () -- C:\Users\Flash4203\AppData\Local\Resmon.ResmonCfg
    [2012/01/23 22:33:03 | 000,000,221 | ---- | C] () -- C:\Users\Flash4203\Desktop\Fallout 3 - Game of the Year Edition.url
    [2012/01/21 23:57:47 | 000,000,165 | ---- | C] () -- C:\Users\Flash4203\AppData\Roaming\Battery Meter_Settings.ini
    [2012/01/21 23:27:18 | 000,000,412 | ---- | C] () -- C:\Users\Flash4203\AppData\Roaming\All CPU Meter_Settings.ini
    [2012/01/21 23:16:18 | 000,000,353 | ---- | C] () -- C:\Users\Flash4203\AppData\Roaming\Network Meter_Settings.ini
    [2012/01/21 17:13:13 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/15 18:10:13 | 000,000,222 | ---- | C] () -- C:\Users\Flash4203\Desktop\Age of Empires III Complete Collection.url
    [2012/01/14 18:47:01 | 000,000,024 | ---- | C] () -- C:\Users\Flash4203\random.dat
    [2012/01/14 12:41:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/01/14 12:41:54 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/01/13 21:22:08 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk
    [2012/01/13 15:37:36 | 000,000,991 | ---- | C] () -- C:\Users\Flash4203\Documents\firsttest.nbr
    [2012/01/13 14:54:25 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\NVIDIA System Monitor.lnk
    [2012/01/13 14:53:25 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\Performance.lnk
    [2012/01/11 12:47:19 | 009,218,204 | ---- | C] () -- C:\Users\Flash4203\Documents\Image.nrg
    [2012/01/10 19:36:55 | 000,002,635 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
    [2012/01/05 18:22:31 | 000,001,412 | ---- | C] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
    [2012/01/05 18:16:27 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\BT Broadband Life.LNK
    [2012/01/05 18:16:20 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\BT Yahoo! Online.LNK
    [2012/01/03 12:20:49 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/01/02 23:02:31 | 000,000,221 | ---- | C] () -- C:\Users\Flash4203\Desktop\Batman Arkham City.url
    [2012/01/02 15:06:55 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2012/01/02 00:53:13 | 000,434,176 | ---- | C] () -- C:\Windows\SysNative\lxdiinst.dll
    [2012/01/02 00:02:47 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
    [2012/01/02 00:01:59 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
    [2012/01/02 00:01:59 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
    [2012/01/02 00:01:58 | 000,965,785 | ---- | C] () -- C:\Windows\SysWow64\lxdihelp.chm
    [2012/01/02 00:01:58 | 000,001,900 | ---- | C] () -- C:\Windows\SysWow64\lxdi.loc
    [2012/01/01 23:09:44 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/05/19 17:50:04 | 000,001,940 | ---- | C] () -- C:\Users\Flash4203\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/26 20:21:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2011/04/26 19:56:37 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/04/26 19:56:37 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/04/11 19:36:11 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2011/04/11 19:36:11 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2011/04/11 19:36:10 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2011/04/11 19:36:10 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2011/04/11 19:36:10 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2011/02/23 19:03:01 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2011/02/23 19:03:01 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2010/07/09 22:54:55 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2010/07/09 22:53:15 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
    [2010/06/12 22:51:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/05/28 18:55:20 | 000,836,258 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/05/21 13:38:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
    [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/24 23:31:45 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/04/26 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\Atari
    [2012/01/30 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\BitTorrent
    [2012/01/30 00:20:20 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\CoreFTP
    [2012/01/23 21:10:16 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\FrostWire
    [2011/03/11 21:43:12 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\GARMIN
    [2011/05/01 13:29:11 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\ImgBurn
    [2011/04/26 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\Leadertech
    [2012/01/04 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\Lexmark Productivity Studio
    [2011/02/23 19:47:20 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\LG Electronics
    [2011/05/15 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\My Games
    [2010/11/05 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\NCH Swift Sound
    [2010/10/30 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\OpenCandy
    [2011/09/18 10:32:04 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\Raptr
    [2010/10/30 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\Red Kawa
    [2011/09/11 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\Tific
    [2010/10/24 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Flash4203\AppData\Roaming\Windows Live Writer
    [2012/01/10 19:42:38 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012/01/12 11:13:00 | 000,092,809 | ---- | M] () -- C:\aaw7boot.log
    [2012/01/30 14:53:41 | 000,029,777 | ---- | M] () -- C:\ComboFix.txt
    [2012/01/30 11:47:08 | 3212,181,504 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/01 22:59:09 | 000,001,288 | ---- | M] () -- C:\lxdi.log
    [2010/05/21 08:50:16 | 000,003,157 | RH-- | M] () -- C:\mfg.sdr
    [2012/01/30 11:47:24 | 4282,912,768 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/21 06:15:42 | 000,000,209 | ---- | M] () -- C:\setup.log
    [2011/09/18 19:02:13 | 000,002,736 | ---- | M] () -- C:\{F4A8F57E-B8AD-4304-868A-0EDB499D94B4}
    [2011/09/18 18:44:06 | 000,001,760 | ---- | M] () -- C:\{F76174B1-35F2-4B6C-86FD-CD29A4D1A9E4}

    < %systemroot%\Fonts\*.com >
    [2012/01/24 13:35:30 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2012/01/24 13:35:30 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2012/01/24 13:35:30 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2012/01/24 13:35:30 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/04 18:13:19 | 000,000,221 | -HS- | M] () -- C:\Users\Flash4203\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/29 20:54:16 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Flash4203\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Flash4203\Desktop\boot_cleaner.exe
    [2012/01/30 11:55:07 | 004,394,165 | R--- | M] (Swearware) -- C:\Users\Flash4203\Desktop\ComboFix.exe
    [2012/01/30 16:35:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flash4203\Desktop\OTL.exe
    [2012/01/28 22:56:54 | 000,302,592 | ---- | M] () -- C:\Users\Flash4203\Desktop\qm2dmcqm.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/11/08 11:13:46 | 000,000,402 | -HS- | M] () -- C:\Users\Flash4203\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
  14. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Extras.txt

    OTL Extras logfile created on: 1/30/2012 4:37:19 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Flash4203\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.99 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.49% Memory free
    7.98 Gb Paging File | 5.51 Gb Available in Paging File | 69.07% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 144.08 Gb Free Space | 50.84% Space Free | Partition Type: NTFS

    Computer Name: FLASHALIEN-PC | User Name: Flash4203 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [abcAVI Tag Editor] -- "C:\Program Files (x86)\abcAVI\avi_tags.exe" "%1" (Alexander A. Sorkin)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [abcAVI Tag Editor] -- "C:\Program Files (x86)\abcAVI\avi_tags.exe" "%1" (Alexander A. Sorkin)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
    "{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
    "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROSetDX" = Intel(R) Network Connections 14.8.43.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{33D5D3BC-5818-46DF-9454-8713BD6332C1}" = Hazard Perception Training 2003-2004
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3645F0DB-89E9-47CB-B2E5-ACC33209CED6}" = Driving Test Success 2003-2004
    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
    "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
    "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{88603FC0-6B3C-442D-981E-E3D49F083548}_is1" = NovaBench 3.0.4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{98E5A0C3-86ED-4429-9386-F0DB49E958EA}" = OSD Setup
    "{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{f9de0087-eb6e-4b33-99da-0a7026287f24}" = Nero 9 Essentials
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "abcavi_tag_editor_is1" = abcAVI
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AviSynth" = AviSynth 2.5
    "BitTorrent" = BitTorrent
    "BT Broadband Desktop Help" = BT Broadband Desktop Help
    "BTHomeHub" = BTHomeHub
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CoreFTP" = Core FTP LE
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "DVD Flick_is1" = DVD Flick
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "Fraps" = Fraps
    "Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
    "FrostWire" = FrostWire 4.21.6
    "GoToAssist" = GoToAssist Corporate
    "ImgBurn" = ImgBurn
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "N360" = Norton 360
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Picasa 3" = Picasa 3
    "PROHYBRIDR" = 2007 Microsoft Office system
    "RealPlayer 15.0" = RealPlayer
    "RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
    "Shockwave" = Shockwave
    "Steam App 105450" = Age of Empires® III: Complete Collection
    "Steam App 22370" = Fallout 3 - Game of the Year Edition
    "Steam App 57400" = Batman: Arkham City™
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "SystemRequirementsLab" = System Requirements Lab
    "Videora iPhone 4 Converter" = Videora iPhone 4 Converter 6
    "Web_4.0.1165.0" = Microsoft Expression Web 4
    "WinLiveSuite" = Windows Live Essentials
    "xampp" = XAMPP 1.7.7
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4246233278-2119612700-2560158112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "bd4d3a0508d364f5" = Dell Driver Download Manager
    "SwiftKit" = SwiftKit

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/22/2012 2:24:31 PM | Computer Name = FlashAlien-PC | Source = Windows Search Service | ID = 3029
    Description =

    Error - 1/22/2012 2:24:32 PM | Computer Name = FlashAlien-PC | Source = Windows Search Service | ID = 3029
    Description =

    Error - 1/22/2012 2:24:32 PM | Computer Name = FlashAlien-PC | Source = Windows Search Service | ID = 3028
    Description =

    Error - 1/22/2012 2:24:32 PM | Computer Name = FlashAlien-PC | Source = Windows Search Service | ID = 3058
    Description =

    Error - 1/22/2012 2:24:32 PM | Computer Name = FlashAlien-PC | Source = Windows Search Service | ID = 7010
    Description =

    Error - 1/22/2012 8:23:41 PM | Computer Name = FlashAlien-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 1/23/2012 9:22:15 PM | Computer Name = FlashAlien-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1514 Start
    Time: 01ccda36778863a1 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 1/24/2012 9:17:51 AM | Computer Name = FlashAlien-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ApplePhotoStreams.exe, version: 7.1.75.5,
    time stamp: 0x4eb0a8dc Faulting module name: MSVCR80.dll, version: 8.0.50727.6195,
    time stamp: 0x4dcddbf3 Exception code: 0xc0000005 Fault offset: 0x000174a0 Faulting
    process id: 0x1180 Faulting application start time: 0x01ccda9a8d1fcefd Faulting application
    path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    Faulting
    module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
    Report
    Id: d07cd5e8-468d-11e1-8f39-0026b9642227

    Error - 1/24/2012 9:18:09 AM | Computer Name = FlashAlien-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: sidebar.exe, version: 6.1.7601.17514, time
    stamp: 0x4ce7a1c7 Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time
    stamp: 0x4a5bdfbe Exception code: 0x40000015 Fault offset: 0x000000000002aa8e Faulting
    process id: 0x8bc Faulting application start time: 0x01ccda9a8b7cdccd Faulting application
    path: C:\Program Files\Windows Sidebar\sidebar.exe Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
    Id: db575fdd-468d-11e1-8f39-0026b9642227

    Error - 1/25/2012 5:14:57 PM | Computer Name = FlashAlien-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    [ Dell Events ]
    Error - 7/12/2011 7:18:05 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/12/2011 7:21:28 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/12/2011 7:21:28 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/10/2011 5:41:28 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/10/2011 5:41:28 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/27/2011 11:40:43 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/27/2011 11:40:43 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/27/2011 1:52:05 PM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/27/2011 1:52:05 PM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/18/2011 7:24:58 AM | Computer Name = FlashAlien-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ OSession Events ]
    Error - 5/29/2010 5:17:17 AM | Computer Name = Flash4203-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/31/2010 5:53:53 AM | Computer Name = Flash4203-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 266
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 10/19/2010 3:03:23 PM | Computer Name = Flash4203-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3362
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/25/2011 1:43:16 PM | Computer Name = FlashAlien-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/10/2011 5:45:34 AM | Computer Name = FlashAlien-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11/18/2011 8:38:47 AM | Computer Name = FlashAlien-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 200
    seconds with 180 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/30/2012 7:48:46 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
    Fusion Service service to connect.

    Error - 1/30/2012 7:48:46 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7000
    Description = The Alienware Fusion Service service failed to start due to the following
    error: %%1053

    Error - 1/30/2012 7:49:01 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService
    service to connect.

    Error - 1/30/2012 7:49:01 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7000
    Description = The lxdiCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 1/30/2012 7:49:54 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 1/30/2012 8:09:16 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7034
    Description = The HappyOSD service terminated unexpectedly. It has done this 1
    time(s).

    Error - 1/30/2012 8:14:53 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/30/2012 10:49:21 AM | Computer Name = FlashAlien-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 1/30/2012 10:50:04 AM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/30/2012 12:30:32 PM | Computer Name = FlashAlien-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-4246233278-2119612700-2560158112-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
      O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
      O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
      O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
      O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    first two scans

    OTL

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-4246233278-2119612700-2560158112-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Flash4203
    ->Temp folder emptied: 1780126 bytes
    ->Temporary Internet Files folder emptied: 7700566 bytes
    ->Java cache emptied: 59124535 bytes
    ->FireFox cache emptied: 41759848 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 706 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: UpdatusUser.FLASHALIEN-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16992 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 105.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Flash4203
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUser.FLASHALIEN-PC

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Flash4203
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUser.FLASHALIEN-PC

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01302012_174957

    Files\Folders moved on Reboot...
    C:\Users\Flash4203\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDT1RVRL\ads[1].htm moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDT1RVRL\ads[2].htm moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDT1RVRL\topic176795[1].htm moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPFAAVO3\avatar-body[1].png moved successfully.
    C:\Windows\temp\~DFC4189A19F93CF650.TMP moved successfully.

    Registry entries deleted on Reboot...


    -----------------------------------------------------------------------------------

    Security Check scans

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Spybot Teatimer.exe is disabled!
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    ``````````End of Log````````````
  17. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Farbar


    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Flash4203 (administrator) on 30-01-2012 at 18:14:08
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    ----------------------------------------
  18. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    ESET found no threat
  19. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===============================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  20. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Was i infected? if so what was i infected with?


    and here is the log

    OTL log


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Flash4203
    ->Temp folder emptied: 378541 bytes
    ->Temporary Internet Files folder emptied: 34195352 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 432119 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: UpdatusUser.FLASHALIEN-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33984 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 229044550 bytes

    Total Files Cleaned = 252.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Flash4203
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUser.FLASHALIEN-PC

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Flash4203
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUser.FLASHALIEN-PC

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.31.0 log created on 01302012_221010

    Files\Folders moved on Reboot...
    C:\Users\Flash4203\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{43B5EA26-8D6D-4125-97FB-0A39BC25E16E}.tmp not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8482CC14-2B40-4DFD-BC42-232C3A383912}.tmp not found!
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\11178136150@x45[1].htm moved successfully.
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\MoneynewsRSS[1].xml not found!
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\partner[1].htm moved successfully.
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\RSS-Celebrity-Features[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\rss-money-news[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\RSS-Movies-News[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\RSS-TV-News[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\RSS-TV-Photos[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\RSSBF6LBeautyFull[1].xml not found!
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\videoByTag[1].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\videoByTag[2].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\videoByTag[3].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRX9LRR0\videoByTag[4].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\4773[1].htm moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\ads[2].htm moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\ads[3].htm moved successfully.
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\cars-rss[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\RSS-MusicNews-pa[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\RSSUKTechandGadgetslatestfeatures[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\RSSUKTechandGadgetslatestFuturenews[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\rss_latestukworldnews[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\rss_oddnews[1].xml not found!
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\rss_worldnews_pa[1].xml not found!
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\videoByTag[1].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\videoByTag[2].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKFOH6T3\videoByTag[3].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8M8VV4H\239607376@x95[1].htm moved successfully.
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8M8VV4H\RSS-Music-Features[1].xml not found!
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8M8VV4H\videoByTag[1].xml moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CU7H693H\11178136150@x45[1].htm moved successfully.
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CU7H693H\avatar-body[1].png moved successfully.
    File\Folder C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CU7H693H\RSS-TravelPhotosBF6L[1].xml not found!
    C:\Users\Flash4203\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CU7H693H\videoByTag[1].xml moved successfully.
    C:\Windows\temp\~DFDE945B9DFA60142A.TMP moved successfully.

    Registry entries deleted on Reboot...
  21. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Combofix removed couple of trojans.
    Plus we cleaned some garbage.

    Any current issues?
  22. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    oh my i had a couple of trojens :| can i see them in the log i posted?

    and no. Thank you so much for the help.

    may come on with the rest of the computers now. especially my brothers. :p
  23. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.