Solved Infected with stubborn rootkit please assist me

C

Claire

Posts: 38   +0
Infected with 8000000.@ I have followed 5-step Viruses/Spyware/Malware Prelimary Removal Instructions and I paste here the requested log files. Please could you help me clean my computer I have been unable to do so myself.

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware (Trial) 1.62.0.1100
www.malwarebytes.org

Database version: v2012.07.05.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Claire :: CLAIRE-LAPTOP [administrator]

Protection: Disabled

05/07/2012 22:32:45
mbam-log-2012-07-05 (22-32-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213890
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Btw it is not deleted.

GMER

No modifications = no log

DDS

dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Claire at 23:22:39 on 2012-07-05
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3895.1948 [GMT 1:00]
.
AV: Trend Micro Internet Security Pro *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/mediaget/{6B1CAC1B-0070-4B5C-BFFE-3B56A5FB67CC}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Trend Micro NSC BHO: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - TmIEPlugInBHO Class
BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - TmBpIeBHO Class
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
StartupFolder: C:\Users\Claire\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B57CFBD5-C545-44B5-B3A8-D0307CF94AB8} : DhcpNameServer = 10.8.232.109 10.8.232.199
TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\35B4951303937333 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\C696E6B6379737 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\D61676079656 : DhcpNameServer = 10.8.232.109 10.8.232.199
TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\E6567736163747C656D257E69667562737964797 : DhcpNameServer = 10.8.232.109 10.8.232.199
TCP: Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}\F42716E67656440303247354 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: Madroach.dll
LSA: Notification Packages = scecli DPPWDFLT
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - TmIEPlugInBHO Class
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Fingerprint Software Extension - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - TmBpIeBHO Class
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: Madroach.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.ncl.ac.uk/students/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Claire\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R0 WAEMU;WAEMU;C:\Windows\system32\Drivers\waemu.sys --> C:\Windows\system32\Drivers\waemu.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [2010-1-29 89600]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-5 44808]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-4-21 59904]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 655944]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1656112]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-5 688360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-5 136176]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-3 113120]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2012-5-13 14544]
.
=============== Created Last 30 ================
.
2012-07-05 21:54:30--------d-----w-C:\Program Files (x86)\ESET
2012-07-05 21:53:57--------d-----w-C:\Windows\Downloaded Program Files
2012-07-05 21:31:27711240----a-w-C:\Windows\isRS-000.tmp
2012-07-05 17:13:50110080----a-r-C:\Users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-07-05 17:13:50110080----a-r-C:\Users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-07-05 17:13:50110080----a-r-C:\Users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-07-05 17:13:49--------d-----w-C:\sh4ldr
2012-07-05 17:13:49--------d-----w-C:\Program Files\Enigma Software Group
2012-07-05 17:13:02--------d-----w-C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-05 17:08:03--------d-----w-C:\Windows\System32\wbem\Logs
2012-07-05 16:33:29--------d-----w-C:\Users\Claire\AppData\Roaming\DriverCure
2012-07-05 16:33:28--------d-----w-C:\Users\Claire\AppData\Roaming\SpeedyPC Software
2012-07-05 16:32:52--------d-----w-C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-05 16:32:47--------d-----w-C:\ProgramData\SpeedyPC Software
2012-07-05 16:32:47--------d-----w-C:\Program Files (x86)\SpeedyPC Software
2012-07-05 15:58:27--------d-----w-C:\Users\Claire\AppData\Local\Google
2012-07-05 12:04:3354072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2012-07-05 12:04:29958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-07-05 12:04:2871064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-05 12:03:4341224----a-w-C:\Windows\avastSS.scr
2012-07-05 12:03:33--------d-----w-C:\ProgramData\AVAST Software
2012-07-05 12:03:33--------d-----w-C:\Program Files\AVAST Software
2012-07-05 09:24:2924904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-07-05 09:24:29--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 09:21:00105744----a-w-C:\Windows\System32\drivers\tmtdi.sys
2012-07-05 09:19:23--------d-----w-C:\Program Files\Trend Micro
2012-07-05 08:28:5656----a-w-C:\Windows\System32\SupportTool.exe.bat
2012-07-05 08:17:16--------d-----w-C:\Program Files (x86)\Trend Micro
2012-07-05 08:00:14129024----a-w-C:\Windows\RegBootClean64.exe
2012-07-03 23:18:37--------d-sh--w-C:\Windows\System32\%APPDATA%
2012-06-30 14:03:49102400----a-w-C:\Windows\RegBootClean.exe
2012-06-30 12:15:50--------d-----w-C:\Users\Claire\AppData\Roaming\Nuance
2012-06-30 12:15:50--------d-----w-C:\Users\Claire\AppData\Roaming\FLEXnet
2012-06-30 12:09:26--------d-----w-C:\Program Files (x86)\Common Files\IVA
2012-06-30 12:09:12--------d-----w-C:\Program Files (x86)\Common Files\Nuance
2012-06-30 12:04:44--------d-----w-C:\ProgramData\Nuance
2012-06-30 12:04:44--------d-----w-C:\Program Files (x86)\Nuance
2012-06-30 10:03:0569000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\offreg.dll
2012-06-30 09:33:29--------d-----w-C:\Users\Claire\AppData\Roaming\Uvfo
2012-06-30 09:33:29--------d-----w-C:\Users\Claire\AppData\Roaming\Pame
2012-06-29 08:51:209013136----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\mpengine.dll
2012-06-28 22:09:55191488----a-w-C:\Windows\SysWow64\hlvdd.dll
2012-06-28 22:09:19--------d-----w-C:\Topas4-1
2012-06-28 22:09:0477824----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-06-28 22:09:0432768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-28 22:09:04225280----a-w-C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-28 22:09:04176128----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-06-28 22:09:03610436----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-06-27 06:28:29--------d-----w-C:\Users\Claire\AppData\Local\Apple Computer
2012-06-27 06:27:5334152----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-27 06:27:53126312----a-w-C:\Windows\System32\GEARAspi64.dll
2012-06-27 06:27:53107368----a-w-C:\Windows\SysWow64\GEARAspi.dll
2012-06-27 06:26:56--------d-----w-C:\Program Files\iPod
2012-06-27 06:26:53--------d-----w-C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-27 06:26:53--------d-----w-C:\Program Files\iTunes
2012-06-27 06:26:53--------d-----w-C:\Program Files (x86)\iTunes
2012-06-27 06:25:23--------d-----w-C:\Program Files\Bonjour
2012-06-27 06:25:23--------d-----w-C:\Program Files (x86)\Bonjour
2012-06-26 17:59:23--------d-----w-C:\Program Files (x86)\Oracle
2012-06-26 17:58:53772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-06-20 21:09:11770384----a-w-C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 21:09:11421200----a-w-C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 22:24:452622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-18 22:24:2199840----a-w-C:\Windows\System32\wudriver.dll
2012-06-18 22:23:4936864----a-w-C:\Windows\System32\wuapp.exe
2012-06-18 22:23:49186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-16 19:41:36--------d-----w-C:\SmartDraw 2010
2012-06-16 18:52:44--------d-----w-C:\Users\Claire\AppData\Roaming\YourFileDownloader
2012-06-16 18:05:20--------d-----w-C:\Users\Claire\AppData\Roaming\SmartDraw
2012-06-16 17:21:18--------d-----w-C:\Users\Claire\AppData\Roaming\Progeny
2012-06-12 23:13:1076288----a-w-C:\Windows\System32\rdpwsx.dll
2012-06-12 23:13:10149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-06-12 23:13:099216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-06-12 23:13:055505392----a-w-C:\Windows\System32\ntoskrnl.exe
2012-06-12 23:13:043958128----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 23:13:043902320----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 23:12:523144192----a-w-C:\Windows\System32\win32k.sys
2012-06-12 23:12:50204800----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-06-10 14:59:40--------d-----w-C:\Users\Claire\AppData\Local\Amazon
.
==================== Find3M ====================
.
2012-07-05 20:21:40148664----a-w-C:\Windows\SysWow64\WRusr.dll
2012-07-05 20:21:40113168----a-w-C:\Windows\System32\drivers\WRkrn.sys
2012-07-05 20:21:40101808----a-w-C:\Windows\System32\WRusr.dll
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-05-04 18:29:16687504----a-w-C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:24:00.27 ===============
attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 07/05/2010 23:50:11
System Uptime: 05/07/2012 22:47:49 (1 hours ago)
.
Motherboard: Dell Inc. | | 0G2R51
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 2126/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 106.733 GiB free.
D: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP225: 29/06/2012 09:50:26 - Windows Update
RP226: 30/06/2012 12:22:40 - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).
RP227: 30/06/2012 12:48:13 - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).
RP228: 30/06/2012 12:54:52 - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).
RP229: 30/06/2012 13:03:09 - Installed Dragon NaturallySpeaking 11.
RP230: 05/07/2012 13:03:20 - avast! Free Antivirus Setup
RP231: 05/07/2012 18:04:24 - SpeedyPC Pro Backup
RP232: 05/07/2012 18:13:09 - Installed SpyHunter
RP233: 05/07/2012 21:03:02 - SpeedyPC Pro Backup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Accelerometer
Adobe AIR
Adobe Reader 9.1.2
Amazon Kindle
Any DVD Cloner Platinum 1.0.6
Apple Application Support
Apple Software Update
avast! Free Antivirus
BatteryCare 0.9.9.0
BBC iPlayer Desktop
Bing Bar Platform
BitTorrent
Business Contact Manager for Outlook 2007 SP2
Cambridge Structural Database System 2012
CambridgeSoft Activation Client
CambridgeSoft ChemDraw Ultra 12.0
ChemAxon Marvin Beans 5.4.1.1
Citrix XenApp Web Plugin
Diamond 3
Dragon NaturallySpeaking 11
Dropbox
EndNote X1
EndNote X4
ESET Online Scanner v3
GameXN GO
Google Chrome
Google Update Helper
HP Deskjet 1050 J410 series Help
HP Photo Creations
Huawei modem
iLivid
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 7 Update 5
JavaFX 2.1.1
JChem .NET API 5.4.1.1062
Junk Mail filter update
Live! Cam Avatar Creator
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.62.0.1100
MestReNova 7.1.2-10008
MestReNova LITE 5.2.5-5780
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiKTeX 2.9
Mozilla Firefox 13.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.0.2.377
Nokia Connectivity Cable Driver
Nokia PC Suite
PANalytical X'Pert HighScore
PC Connectivity Solution
Platon Taskbar 1.15
QuickTime
ResearchSoft Direct Export Helper
Rosetta Stone Version 3
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Searchqu Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype Click to Call
Skype™ 5.9
Spartan '08 V1.2.0
SpeedyPC Pro
Spotify
TalkByText Home Edition
TeXnicCenter Version 1.0 Stable RC1
Topas4-1
Uninstall WinGX
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.1
WhiteBoardMeeting
WinArchiver Virtual Drive
WinDjView 1.0.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
YourFileDownloader
.
==== Event Viewer Messages From Past Week ========
.
30/06/2012 13:10:53, Error: Service Control Manager [7030] - The Dragon Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/07/2012 22:49:46, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/07/2012 22:49:46, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The process cannot access the file because it is being used by another process.
05/07/2012 22:49:41, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
05/07/2012 22:49:41, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
05/07/2012 22:49:06, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/07/2012 22:48:57, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
05/07/2012 22:48:28, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
05/07/2012 22:48:27, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.
05/07/2012 22:48:27, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
05/07/2012 22:48:27, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
05/07/2012 19:15:04, Error: Service Control Manager [7000] - The WinArchiver Service service failed to start due to the following error: The system cannot find the file specified.
05/07/2012 19:15:03, Error: Service Control Manager [7000] - The WRSVC service failed to start due to the following error: The system cannot find the file specified.
05/07/2012 19:15:01, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
05/07/2012 18:13:24, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
05/07/2012 18:10:53, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
05/07/2012 18:10:28, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
05/07/2012 18:10:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
05/07/2012 18:10:05, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/07/2012 18:09:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
05/07/2012 18:04:56, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
05/07/2012 17:45:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
05/07/2012 17:40:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
05/07/2012 17:40:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DHCP Client service to connect.
05/07/2012 17:40:23, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
05/07/2012 17:40:23, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/07/2012 17:40:23, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/07/2012 17:40:22, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/07/2012 17:40:22, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/07/2012 17:40:22, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
05/07/2012 17:40:22, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05/07/2012 12:06:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa81077dd5c0, 0x0000000000000000, 0xfffff88005dc0037, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070512-27066-01.
05/07/2012 10:21:32, Error: Service Control Manager [7000] - The tmeevw service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
05/07/2012 10:00:04, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 3 time(s).
05/07/2012 09:54:32, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 2 time(s).
05/07/2012 09:49:03, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).
05/07/2012 09:03:01, Error: Service Control Manager [7001] - The Trend Micro Personal Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: The system cannot find the file specified.
05/07/2012 09:03:01, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: The system cannot find the file specified.
05/07/2012 09:01:20, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
05/07/2012 08:09:44, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
05/07/2012 00:31:47, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
04/07/2012 21:46:41, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
04/07/2012 21:46:41, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
Thanks in advance,
Claire
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Hi Broni,

Thanks for the reply. I have followed the instructions (after making a mistake and pressing F12 to access boot options that way, but I just pressed Esc to leave).

Here is FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 05-07-2012 01
Ran by SYSTEM at 06-07-2012 02:32:36
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [487424 2010-01-05] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2010-01-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2010-01-08] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [4099352 2009-12-18] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-11] (Microsoft)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [330 2012-07-05] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-06-27] (Malwarebytes Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [688360 2012-07-05] (Webroot)
HKU\Claire\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2010-11-14] (Acresso Corporation)
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-17] (Microsoft)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: Madroach.dll
Lsa: [Notification Packages] scecli
DPPWDFLT
Startup: C:\Users\Claire\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [59904 2009-11-29] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-06-27] (Malwarebytes Corporation)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-06-02] (Enigma Software Group USA, LLC.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe [244736 2010-01-05] (IDT, Inc.)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [688360 2012-07-05] (Webroot)

========================== Drivers (Whitelisted) =============

2 aksdf; C:\Windows\System32\Drivers\aksdf.sys [78208 2011-11-24] (SafeNet Inc.)
3 akshasp; C:\Windows\System32\Drivers\akshasp.sys [53760 2011-02-09] (Aladdin Knowledge Systems Ltd.)
3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [21120 2011-08-08] (SafeNet Inc.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
2 Hardlock; C:\Windows\System32\Drivers\Hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2008-12-13] (Huawei Technologies Co., Ltd.)
3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2008-12-30] (Huawei Technologies Co., Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-06-27] (Malwarebytes Corporation)
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105744 2012-07-05] (Trend Micro Inc.)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
0 WAEMU; C:\Windows\System32\Drivers\WAEMU.sys [110136 2011-03-03] (WinArchiver Computing, Inc.)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [113168 2012-07-05] (Webroot)
2 TMAgent; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-05 13:54 - 2012-07-05 13:54 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-05 13:48 - 2012-07-05 17:24 - 00000112 ____A C:\Windows\setupact.log
2012-07-05 13:48 - 2012-07-05 13:48 - 00000000 ____A C:\Windows\setuperr.log
2012-07-05 13:47 - 2012-07-05 13:47 - 00004878 ____A C:\Windows\PFRO.log
2012-07-05 13:30 - 2012-06-26 23:58 - 10623040 ____A (Malwarebytes Corporation ) C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
2012-07-05 13:29 - 2012-07-05 13:29 - 10598437 ____A C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100.zip
2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100 (1).zip
2012-07-05 12:51 - 2012-07-05 12:48 - 00607260 ____R (Swearware) C:\Users\Claire\Desktop\dds.com
2012-07-05 12:48 - 2012-07-05 12:48 - 00607260 ____R (Swearware) C:\Users\Claire\Downloads\dds.com
2012-07-05 12:36 - 2012-07-05 12:36 - 00000000 ____A C:\Users\Claire\Desktop\gmer.log
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\skluvput.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\id8gpgt6.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\gph1ztc2.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\2pbv4lxd.exe
2012-07-05 10:13 - 2012-07-05 09:14 - 00008192 ____A C:\shldr.mbr
2012-07-05 10:13 - 2010-03-11 06:17 - 00185835 ____A C:\shldr
2012-07-05 09:13 - 2012-07-05 09:14 - 00000000 ____D C:\sh4ldr
2012-07-05 09:13 - 2012-07-05 09:13 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-05 09:13 - 2012-07-05 09:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-05 09:12 - 2012-07-05 09:12 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Claire\Downloads\SpyHunter-Installer.exe
2012-07-05 08:34 - 2012-07-05 09:00 - 00000494 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-05 08:33 - 2012-07-05 08:33 - 00001197 ____A C:\Users\Claire\Desktop\SpeedyPC Pro.lnk
2012-07-05 08:33 - 2012-07-05 08:33 - 00000000 ____D C:\Users\Claire\AppData\Roaming\SpeedyPC Software
2012-07-05 08:33 - 2012-07-05 08:33 - 00000000 ____D C:\Users\Claire\AppData\Roaming\DriverCure
2012-07-05 08:32 - 2012-07-05 08:42 - 00000466 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-05 08:32 - 2012-07-05 08:42 - 00000422 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-05 08:32 - 2012-07-05 08:32 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-05 08:32 - 2012-07-05 08:32 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-05 08:31 - 2012-07-05 08:31 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Claire\Downloads\SpeedyPC Pro Installer.exe
2012-07-05 08:30 - 2012-07-05 08:30 - 00001205 ____A C:\Users\Claire\Downloads\FixNCR.reg
2012-07-05 07:58 - 2012-07-05 07:58 - 00000000 ____D C:\Users\Claire\AppData\Local\Google
2012-07-05 07:12 - 2012-07-05 07:12 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-05 07:11 - 2012-07-05 17:24 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-05 07:11 - 2012-07-05 17:21 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-05 07:11 - 2012-07-05 07:12 - 00000000 ____D C:\Program Files (x86)\Google
2012-07-05 04:04 - 2012-07-05 04:19 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-05 04:04 - 2012-07-05 04:04 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-05 04:04 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-05 04:04 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-05 04:04 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-05 04:04 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-05 04:04 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-05 04:04 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-05 04:04 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-05 04:03 - 2012-07-05 04:03 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-05 04:03 - 2012-07-05 04:03 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-05 04:03 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-05 04:03 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-05 04:01 - 2012-07-05 04:01 - 89050280 ____A C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
2012-07-05 03:44 - 2012-07-05 09:06 - 00000000 ____D C:\Users\Claire\Desktop\TMRBLog
2012-07-05 03:42 - 2012-07-05 03:42 - 08656400 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\root.com
2012-07-05 03:21 - 2012-07-05 03:21 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Claire\Downloads\claire.com
2012-07-05 01:24 - 2012-07-05 13:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 01:24 - 2012-07-05 13:31 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-05 01:24 - 2012-06-27 02:58 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-05 01:21 - 2012-07-05 01:10 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2012-07-05 01:19 - 2012-07-05 01:27 - 00000000 ____D C:\Program Files\Trend Micro
2012-07-05 00:38 - 2012-07-05 01:18 - 00001168 ____A C:\Windows\System32\TmInstall.log
2012-07-05 00:28 - 2012-07-05 13:48 - 00000410 _RASH C:\Users\All Users\ntuser.pol
2012-07-05 00:28 - 2012-07-05 01:20 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat
2012-07-05 00:17 - 2012-07-05 00:17 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-07-05 00:08 - 2012-07-05 00:13 - 117896248 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
2012-07-05 00:00 - 2012-07-05 00:00 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-04 15:34 - 2012-07-04 15:34 - 00001264 ____A C:\Users\Public\Desktop\MestReNova.lnk
2012-07-03 17:35 - 2012-07-04 15:50 - 00128240 ____A C:\Users\Claire\Documents\pleoindicatrix.pptx
2012-07-03 15:18 - 2012-07-03 15:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-30 16:03 - 2012-06-30 16:03 - 00069347 ____A C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
2012-06-30 07:25 - 2012-06-30 07:25 - 00002075 ____A C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
2012-06-30 06:36 - 2012-06-30 06:36 - 05994639 ____A C:\Users\Claire\Documents\trainingcomputers.wma
2012-06-30 06:11 - 2012-06-30 06:11 - 00153149 ____A C:\Users\Claire\Documents\Untitled.wma
2012-06-30 06:03 - 2012-07-02 14:55 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Nuance
2012-06-30 04:15 - 2012-06-30 04:15 - 00000000 ____D C:\Users\Claire\AppData\Roaming\FLEXnet
2012-06-30 04:10 - 2012-06-30 04:10 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____D C:\Users\All Users\Nuance
2012-06-30 04:04 - 2012-06-30 04:04 - 00000000 ____D C:\Program Files (x86)\Nuance
2012-06-30 01:33 - 2012-07-05 00:54 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Uvfo
2012-06-30 01:33 - 2012-06-30 01:33 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Pame
2012-06-29 09:56 - 2012-06-29 09:56 - 00000670 ____A C:\Users\Claire\Documents\iTunes.txt
2012-06-28 14:54 - 2012-06-28 14:54 - 00000000 ____D C:\Users\Claire\Desktop\key prog
2012-06-28 14:09 - 2012-06-28 14:09 - 00000000 ____D C:\Topas4-1
2012-06-28 14:09 - 2006-10-18 10:12 - 00191488 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2012-06-28 13:53 - 2012-06-28 13:53 - 00000000 ____D C:\Users\Claire\Desktop\Structure Database
2012-06-28 13:51 - 2012-06-28 13:52 - 00000000 ____D C:\Users\Claire\Desktop\Topas 4.1 (D)
2012-06-26 22:28 - 2012-06-28 06:47 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Apple Computer
2012-06-26 22:28 - 2012-06-26 22:28 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-26 22:28 - 2012-06-26 22:28 - 00000000 ____D C:\Users\Claire\AppData\Local\Apple Computer
2012-06-26 22:27 - 2009-05-18 04:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-06-26 22:27 - 2008-04-17 03:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-06-26 22:27 - 2008-04-17 03:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-06-26 22:26 - 2012-06-26 22:27 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-26 22:26 - 2012-06-26 22:27 - 00000000 ____D C:\Program Files\iTunes
2012-06-26 22:26 - 2012-06-26 22:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-26 22:26 - 2012-06-26 22:26 - 00000000 ____D C:\Program Files\iPod
2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files\Bonjour
2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-26 22:25 - 2012-06-26 22:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-26 22:21 - 2012-06-26 22:22 - 79225752 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunes64Setup.exe
2012-06-26 22:19 - 2012-06-26 22:20 - 77251480 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunesSetup.exe
2012-06-26 09:59 - 2012-06-26 09:59 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-26 09:58 - 2012-05-04 10:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-26 09:58 - 2012-05-04 10:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-26 09:56 - 2012-06-26 09:56 - 00894448 ____A (Oracle Corporation) C:\Users\Claire\Desktop\jxpiinstall.exe
2012-06-25 17:50 - 2012-06-25 17:50 - 00000000 ____D C:\Users\Claire\Downloads\Homeland S01e04 - HD
2012-06-25 11:36 - 2012-06-26 09:45 - 00000000 ____D C:\Users\Claire\Downloads\Homeland (2011)S01E04 X264HD (NL Eng Subs) HD WEB-DL
2012-06-25 08:52 - 2012-06-25 08:52 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-25 08:51 - 2012-06-25 08:51 - 22259528 ____A C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
2012-06-23 14:45 - 2012-06-25 10:02 - 75951566 ____A C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
2012-06-20 13:40 - 2012-06-20 14:59 - 00000000 ____D C:\Users\Claire\Downloads\Homeland (2011)S01E03 X264HD (NL Eng Subs) HD WEB-DL
2012-06-20 03:31 - 2012-06-20 04:20 - 00000000 ____D C:\Users\Claire\Downloads\Homeland (2011) S01E02 X264HD (NL Eng Subs) HDTV TBS
2012-06-18 14:24 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 14:24 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 14:24 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 14:24 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 14:24 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 14:24 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 14:24 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 14:23 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 14:23 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-16 22:54 - 2012-06-16 23:07 - 00000000 ____D C:\Users\Claire\Desktop\New folder (3)
2012-06-16 16:32 - 2012-06-16 16:32 - 00099589 ____A C:\Users\Claire\Documents\LnCp3Timeline.sdr
2012-06-16 11:41 - 2012-07-05 09:06 - 00000000 ____D C:\SmartDraw 2010
2012-06-16 11:41 - 2012-06-16 11:41 - 00000655 ____A C:\Users\Claire\Desktop\SmartDraw 2010.lnk
2012-06-16 10:52 - 2012-06-16 10:52 - 00000000 ____D C:\Users\Claire\AppData\Roaming\YourFileDownloader
2012-06-16 10:51 - 2012-06-16 10:51 - 04110768 ____A (http://yourfiledownloader.com) C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
2012-06-16 10:47 - 2012-06-16 10:47 - 00000000 ____A C:\Users\Claire\Desktop\smartdraw_crack_0.exe
2012-06-16 10:20 - 2012-06-16 10:20 - 00001682 ____A C:\Users\Claire\Desktop\TERENASSLCA.cer
2012-06-16 10:05 - 2012-06-16 11:42 - 00000000 ____D C:\Users\Claire\AppData\Roaming\SmartDraw
2012-06-16 10:05 - 2012-06-16 10:05 - 00000000 ____D C:\Users\Claire\Documents\SmartDraw
2012-06-16 10:05 - 2012-06-16 10:05 - 00000000 ____D C:\Users\Claire\AppData\System
2012-06-16 10:04 - 2012-06-16 10:04 - 00538752 ____A C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
2012-06-16 09:48 - 2010-09-06 16:41 - 00000000 ____D C:\Users\Claire\Desktop\Keygen
2012-06-16 09:32 - 2012-06-16 09:32 - 24043176 ____A C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
2012-06-16 09:21 - 2012-07-05 09:04 - 00000000 ___RD C:\Users\Claire\Documents\My Timelines
2012-06-16 09:21 - 2012-06-16 09:21 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Progeny
2012-06-15 17:42 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-15 17:42 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-15 17:42 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-15 17:42 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-15 17:42 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-15 17:42 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-15 17:42 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-15 17:42 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-15 17:42 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-15 17:42 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-15 17:42 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-15 17:42 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-15 17:42 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-15 17:42 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-15 17:42 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-15 17:42 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-15 17:42 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-15 17:42 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-15 17:42 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-15 17:42 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-15 17:42 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-15 17:42 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-15 17:42 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-15 17:42 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-15 17:42 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-15 17:42 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-15 17:42 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-15 17:42 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 15:13 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 15:13 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 15:13 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 15:13 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 15:13 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 15:13 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 15:12 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 15:12 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-10 06:59 - 2012-06-10 07:00 - 00000000 ____D C:\Users\Claire\Documents\My Kindle Content
2012-06-10 06:59 - 2012-06-10 06:59 - 28901696 ____A (Amazon.com) C:\Users\Claire\Desktop\KindleForPC-installer.exe
2012-06-10 06:59 - 2012-06-10 06:59 - 00002241 ____A C:\Users\Claire\Desktop\Kindle.lnk
2012-06-10 06:59 - 2012-06-10 06:59 - 00000000 ____D C:\Users\Claire\AppData\Local\Amazon


============ 3 Months Modified Files ========================

2012-07-05 17:24 - 2012-07-05 13:48 - 00000112 ____A C:\Windows\setupact.log
2012-07-05 17:24 - 2012-07-05 07:11 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-05 17:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 17:21 - 2012-07-05 07:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-05 17:21 - 2009-07-13 21:13 - 00794982 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-05 13:55 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 13:55 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 13:48 - 2012-07-05 13:48 - 00000000 ____A C:\Windows\setuperr.log
2012-07-05 13:48 - 2012-07-05 00:28 - 00000410 _RASH C:\Users\All Users\ntuser.pol
2012-07-05 13:47 - 2012-07-05 13:47 - 00004878 ____A C:\Windows\PFRO.log
2012-07-05 13:31 - 2012-07-05 01:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-05 13:29 - 2012-07-05 13:29 - 10598437 ____A C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100.zip
2012-07-05 13:25 - 2012-07-05 13:25 - 10598437 ____A C:\Users\Claire\Downloads\mbam-setup-1.62.0.1100 (1).zip
2012-07-05 12:48 - 2012-07-05 12:51 - 00607260 ____R (Swearware) C:\Users\Claire\Desktop\dds.com
2012-07-05 12:48 - 2012-07-05 12:48 - 00607260 ____R (Swearware) C:\Users\Claire\Downloads\dds.com
2012-07-05 12:36 - 2012-07-05 12:36 - 00000000 ____A C:\Users\Claire\Desktop\gmer.log
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\skluvput.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\id8gpgt6.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\gph1ztc2.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00302592 ____A C:\Users\Claire\Downloads\2pbv4lxd.exe
2012-07-05 12:21 - 2012-03-04 13:51 - 00148664 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-07-05 12:21 - 2012-03-04 13:51 - 00113168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-07-05 12:21 - 2012-03-04 13:51 - 00101808 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-07-05 09:14 - 2012-07-05 10:13 - 00008192 ____A C:\shldr.mbr
2012-07-05 09:13 - 2010-05-07 14:50 - 00002258 ____A C:\0
2012-07-05 09:12 - 2012-07-05 09:12 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Claire\Downloads\SpyHunter-Installer.exe
2012-07-05 09:00 - 2012-07-05 08:34 - 00000494 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-05 08:42 - 2012-07-05 08:32 - 00000466 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-05 08:42 - 2012-07-05 08:32 - 00000422 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-05 08:41 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-05 08:33 - 2012-07-05 08:33 - 00001197 ____A C:\Users\Claire\Desktop\SpeedyPC Pro.lnk
2012-07-05 08:31 - 2012-07-05 08:31 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Claire\Downloads\SpeedyPC Pro Installer.exe
2012-07-05 08:30 - 2012-07-05 08:30 - 00001205 ____A C:\Users\Claire\Downloads\FixNCR.reg
2012-07-05 07:12 - 2012-07-05 07:12 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-05 04:19 - 2012-07-05 04:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-05 04:04 - 2012-07-05 04:04 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-05 04:01 - 2012-07-05 04:01 - 89050280 ____A C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
2012-07-05 03:42 - 2012-07-05 03:42 - 08656400 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\root.com
2012-07-05 03:21 - 2012-07-05 03:21 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Claire\Downloads\claire.com
2012-07-05 01:20 - 2012-07-05 00:28 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat
2012-07-05 01:18 - 2012-07-05 00:38 - 00001168 ____A C:\Windows\System32\TmInstall.log
2012-07-05 01:10 - 2012-07-05 01:21 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2012-07-05 00:18 - 2010-05-07 14:53 - 00000824 ____A C:\Windows\System32\Drivers\etc\tmvsthfud.bin
2012-07-05 00:18 - 2010-05-07 14:53 - 00000824 ____A C:\Windows\System32\Drivers\etc\tmvsthfss.bin
2012-07-05 00:13 - 2012-07-05 00:08 - 117896248 ____A (Trend Micro Inc.) C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
2012-07-05 00:00 - 2012-07-05 00:00 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-04 15:50 - 2012-07-03 17:35 - 00128240 ____A C:\Users\Claire\Documents\pleoindicatrix.pptx
2012-07-04 15:34 - 2012-07-04 15:34 - 00001264 ____A C:\Users\Public\Desktop\MestReNova.lnk
2012-07-03 08:21 - 2012-07-05 04:04 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-07-05 04:04 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-07-05 04:04 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-07-05 04:04 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-07-05 04:04 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-07-05 04:04 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-07-05 04:04 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-07-05 04:03 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2012-07-05 04:03 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-02 14:55 - 2012-06-30 06:03 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-02 14:49 - 2010-06-17 05:58 - 00327680 ____A C:\Windows\System32\Ikeext.etl
2012-07-01 12:18 - 2010-06-18 07:47 - 00002212 ____A C:\Users\Claire\.csds_defaults
2012-06-30 16:03 - 2012-06-30 16:03 - 00069347 ____A C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
2012-06-30 07:25 - 2012-06-30 07:25 - 00002075 ____A C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
2012-06-30 06:36 - 2012-06-30 06:36 - 05994639 ____A C:\Users\Claire\Documents\trainingcomputers.wma
2012-06-30 06:11 - 2012-06-30 06:11 - 00153149 ____A C:\Users\Claire\Documents\Untitled.wma
2012-06-30 04:10 - 2012-06-30 04:10 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
2012-06-29 09:56 - 2012-06-29 09:56 - 00000670 ____A C:\Users\Claire\Documents\iTunes.txt
2012-06-27 02:58 - 2012-07-05 01:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 23:58 - 2012-07-05 13:30 - 10623040 ____A (Malwarebytes Corporation ) C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
2012-06-26 22:28 - 2012-06-26 22:28 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-26 22:22 - 2012-06-26 22:21 - 79225752 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunes64Setup.exe
2012-06-26 22:20 - 2012-06-26 22:19 - 77251480 ____A (Apple Inc.) C:\Users\Claire\Desktop\iTunesSetup.exe
2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-26 09:58 - 2012-06-26 09:58 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-26 09:56 - 2012-06-26 09:56 - 00894448 ____A (Oracle Corporation) C:\Users\Claire\Desktop\jxpiinstall.exe
2012-06-25 10:02 - 2012-06-23 14:45 - 75951566 ____A C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
2012-06-25 08:52 - 2012-06-25 08:52 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-25 08:51 - 2012-06-25 08:51 - 22259528 ____A C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
2012-06-20 12:31 - 2011-10-31 12:43 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-16 16:37 - 2011-10-01 08:05 - 00001607 ____A C:\Users\Claire\Desktop\Play games (GameXN).lnk
2012-06-16 16:32 - 2012-06-16 16:32 - 00099589 ____A C:\Users\Claire\Documents\LnCp3Timeline.sdr
2012-06-16 11:41 - 2012-06-16 11:41 - 00000655 ____A C:\Users\Claire\Desktop\SmartDraw 2010.lnk
2012-06-16 10:51 - 2012-06-16 10:51 - 04110768 ____A (http://yourfiledownloader.com) C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
2012-06-16 10:47 - 2012-06-16 10:47 - 00000000 ____A C:\Users\Claire\Desktop\smartdraw_crack_0.exe
2012-06-16 10:20 - 2012-06-16 10:20 - 00001682 ____A C:\Users\Claire\Desktop\TERENASSLCA.cer
2012-06-16 10:04 - 2012-06-16 10:04 - 00538752 ____A C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
2012-06-16 09:32 - 2012-06-16 09:32 - 24043176 ____A C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
2012-06-16 01:45 - 2009-07-13 20:45 - 00430336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 01:39 - 2010-05-08 03:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-10 06:59 - 2012-06-10 06:59 - 28901696 ____A (Amazon.com) C:\Users\Claire\Desktop\KindleForPC-installer.exe
2012-06-10 06:59 - 2012-06-10 06:59 - 00002241 ____A C:\Users\Claire\Desktop\Kindle.lnk
2012-06-03 12:55 - 2012-06-03 12:52 - 735358976 ____A C:\Users\Claire\Desktop\ubuntu-12.04-desktop-i386.iso
2012-06-02 14:19 - 2012-06-18 14:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 14:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 14:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 14:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 14:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 14:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 14:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-18 14:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-18 14:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 18:47 - 2012-06-15 17:42 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-15 17:42 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-15 17:42 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-15 17:42 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-15 17:42 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-15 17:42 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-15 17:42 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-15 17:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-15 17:42 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-15 17:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-15 17:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-15 17:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-15 17:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-15 17:42 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-15 17:42 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-15 17:42 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-15 17:42 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-15 17:42 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-15 17:42 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-15 17:42 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-15 17:42 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-15 17:42 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-15 17:42 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-15 17:42 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-15 17:42 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-15 17:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-15 17:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-15 17:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-12 15:12 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 14:18 - 2012-05-13 14:18 - 00835811 ____A C:\Users\Claire\Desktop\SetupBatteryCare.zip
2012-05-07 15:24 - 2012-05-07 14:52 - 00000315 ____A C:\Users\Claire\Desktop\combinations.txt
2012-05-07 15:22 - 2012-05-07 15:22 - 00001110 ____A C:\Users\Claire\Desktop\combinations-code.txt
2012-05-04 10:29 - 2012-06-26 09:58 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 10:29 - 2012-06-26 09:58 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 10:29 - 2010-05-07 15:42 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 02:52 - 2012-06-12 15:13 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-12 15:13 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-12 15:13 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 19:50 - 2012-06-12 15:12 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:34 - 2012-06-12 15:13 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-12 15:13 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-12 15:13 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-19 07:25 - 2012-04-19 07:25 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf


ZeroAccess:
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\@
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\L
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\00000001.@
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\80000000.@
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U\800000cb.@

ZeroAccess:
C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}
C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\@
C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\L
C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3894.68 MB
Available physical RAM: 3259.05 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3247.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:105.58 GB) NTFS
3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1919 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1918 MB 732 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1918 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 02:14

======================= End Of Log ==========================
 
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Hello again,

Here it is:

Farbar Recovery Scan Tool Version: 05-07-2012 01
Ran by SYSTEM at 2012-07-06 11:42:10
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Also I need to ask what I should do about an error message that keeps popping up on Windows Restart. Before I found this forum I was trying to remove the problem myself and one software tool I used was SpyHunter4. It did find the problem but has not removed it successfully. When Windows starts I get the following warning message (currently SpyHunter4 loads on start-up) saying: 'Your DNS settings have been modified. Accept changes or retore original (saved) settings?' The options are Accept, Restore or Remind me Later. I have been clicking the latter while following your instructions. Shall I look for some log files from SpyHunter to post?

Thanks Claire
 
Don't worry about any errors for now.
We just started.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    374 bytes · Views: 4
Combofix tells me trendmicro is running... I don't think it is. I realised it wasn't working so got rid of it apart from the installers and put Avast! on my computer instead. It's not in system tray and I diasbled everything else there. Trendmicro would have been in charge of the firewall etc when the trojan/virus infected my computer. Shall I continue to run Combofix?
 
And here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-07-2012 01
Ran by SYSTEM at 2012-07-07 02:52:03 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38} moved successfully.
C:\Users\Claire\AppData\Local\{fdeec899-b4bd-ff23-0bf7-a54a0cd6ba38} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
The log for combofix is below. Only glitch was that it made the computer restart when it was almost finished (scans all finished, but preparing log) and my disabling of the anti-virus (Avast and SpyHunter) did not stop it starting on the restart, sorry. I clciked to allow all the combo fix files to run. How does it look?

Combofix.txt

ComboFix 12-07-06.02 - Claire 07/07/2012 3:48.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3895.2427 [GMT 1:00]
Running from: c:\users\Claire\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security Pro *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Claire\AppData\Roaming\Pame
c:\users\Claire\AppData\Roaming\Pame\qaiqf.yky
c:\users\Claire\TrendMicro_TISPro_17.50_en-US_64-bit.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 02:58 . 2012-07-07 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 10:32 . 2012-07-06 10:32 -------- d-----w- C:\FRST
2012-07-05 21:54 . 2012-07-05 21:54 -------- d-----w- c:\program files (x86)\ESET
2012-07-05 21:53 . 2012-07-05 21:54 -------- d-----w- c:\windows\Downloaded Program Files
2012-07-05 17:13 . 2012-07-05 17:13 110080 ----a-r- c:\users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-07-05 17:13 . 2012-07-05 17:13 110080 ----a-r- c:\users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-07-05 17:13 . 2012-07-05 17:13 110080 ----a-r- c:\users\Claire\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-07-05 17:13 . 2012-07-05 17:14 -------- d-----w- C:\sh4ldr
2012-07-05 17:13 . 2012-07-05 17:13 -------- d-----w- c:\program files\Enigma Software Group
2012-07-05 17:13 . 2012-07-05 17:13 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-05 17:08 . 2012-07-05 17:08 -------- d-----w- c:\windows\system32\wbem\Logs
2012-07-05 16:33 . 2012-07-05 16:33 -------- d-----w- c:\users\Claire\AppData\Roaming\DriverCure
2012-07-05 16:33 . 2012-07-05 16:33 -------- d-----w- c:\users\Claire\AppData\Roaming\SpeedyPC Software
2012-07-05 16:32 . 2012-07-05 16:32 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-05 16:32 . 2012-07-05 16:32 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-05 16:32 . 2012-07-05 16:32 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-05 15:58 . 2012-07-05 15:58 -------- d-----w- c:\users\Claire\AppData\Local\Google
2012-07-05 15:11 . 2012-07-05 15:12 -------- d-----w- c:\program files (x86)\Google
2012-07-05 12:04 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-05 12:04 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-05 12:04 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-05 12:04 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-05 12:04 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-05 12:04 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-05 12:04 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-05 12:03 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-05 12:03 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-05 12:03 . 2012-07-05 12:03 -------- d-----w- c:\programdata\AVAST Software
2012-07-05 12:03 . 2012-07-05 12:03 -------- d-----w- c:\program files\AVAST Software
2012-07-05 09:24 . 2012-07-05 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 09:24 . 2012-06-27 10:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 09:21 . 2012-07-05 09:10 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-07-05 09:19 . 2012-07-05 09:27 -------- d-----w- c:\program files\Trend Micro
2012-07-05 08:28 . 2012-07-05 09:20 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-07-05 08:17 . 2012-07-05 08:17 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-05 08:00 . 2012-07-05 08:00 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-07-03 23:18 . 2012-07-03 23:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-30 14:03 . 2012-07-02 22:55 102400 ----a-w- c:\windows\RegBootClean.exe
2012-06-30 12:15 . 2012-06-30 12:15 -------- d-----w- c:\users\Claire\AppData\Roaming\Nuance
2012-06-30 12:15 . 2012-06-30 12:15 -------- d-----w- c:\users\Claire\AppData\Roaming\FLEXnet
2012-06-30 12:09 . 2012-06-30 12:09 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-06-30 12:09 . 2012-06-30 12:09 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-06-30 12:04 . 2012-06-30 12:04 -------- d-----w- c:\programdata\Nuance
2012-06-30 12:04 . 2012-06-30 12:04 -------- d-----w- c:\program files (x86)\Nuance
2012-06-30 10:03 . 2012-06-30 10:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\offreg.dll
2012-06-30 09:33 . 2012-07-05 08:54 -------- d-----w- c:\users\Claire\AppData\Roaming\Uvfo
2012-06-29 08:51 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6CA1BBD-F61B-403B-BDDD-F810BA612731}\mpengine.dll
2012-06-28 22:09 . 2006-10-18 18:12 191488 ----a-w- c:\windows\SysWow64\hlvdd.dll
2012-06-28 22:09 . 2012-06-28 22:09 -------- d-----w- C:\Topas4-1
2012-06-28 22:09 . 2001-09-05 05:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-06-28 22:09 . 2001-09-05 05:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-28 22:09 . 2001-09-05 05:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-06-28 22:09 . 2001-09-05 05:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-28 22:09 . 2009-01-15 09:55 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-06-27 06:28 . 2012-06-28 14:47 -------- d-----w- c:\users\Claire\AppData\Roaming\Apple Computer
2012-06-27 06:28 . 2012-06-27 06:28 -------- d-----w- c:\users\Claire\AppData\Local\Apple Computer
2012-06-27 06:27 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-27 06:27 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-06-27 06:27 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-06-27 06:26 . 2012-06-27 06:26 -------- d-----w- c:\program files\iPod
2012-06-27 06:26 . 2012-06-27 06:27 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-27 06:26 . 2012-06-27 06:27 -------- d-----w- c:\program files\iTunes
2012-06-27 06:26 . 2012-06-27 06:27 -------- d-----w- c:\program files (x86)\iTunes
2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files\Common Files\Apple
2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files\Bonjour
2012-06-27 06:25 . 2012-06-27 06:25 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-26 18:00 . 2012-06-26 18:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-26 17:59 . 2012-06-26 17:59 -------- d-----w- c:\program files (x86)\Oracle
2012-06-26 17:58 . 2012-05-04 18:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-20 21:09 . 2012-06-20 21:09 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 21:09 . 2012-06-20 21:09 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-20 20:31 . 2012-06-20 20:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-18 22:24 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 22:24 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 22:24 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 22:24 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 22:24 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 22:24 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 22:24 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 22:23 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 22:23 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 19:41 . 2012-07-05 17:06 -------- d-----w- C:\SmartDraw 2010
2012-06-16 18:52 . 2012-06-16 18:52 -------- d-----w- c:\users\Claire\AppData\Roaming\YourFileDownloader
2012-06-16 18:05 . 2012-06-16 19:42 -------- d-----w- c:\users\Claire\AppData\Roaming\SmartDraw
2012-06-16 17:21 . 2012-06-16 17:21 -------- d-----w- c:\users\Claire\AppData\Roaming\Progeny
2012-06-12 23:13 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 23:13 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 23:13 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 23:13 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 23:13 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 23:13 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 23:12 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 23:12 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-10 14:59 . 2012-06-10 14:59 -------- d-----w- c:\users\Claire\AppData\Local\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:21 . 2012-03-04 21:51 148664 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-07-05 20:21 . 2012-03-04 21:51 113168 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-05 20:21 . 2012-03-04 21:51 101808 ----a-w- c:\windows\system32\WRusr.dll
2012-05-30 22:14 . 2010-06-03 13:59 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-30 22:13 . 2010-05-29 21:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-30 22:13 . 2010-05-29 21:03 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-23 20:40 . 2010-05-29 21:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-23 20:40 . 2010-06-03 13:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-23 20:40 . 2010-07-04 23:53 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-04 18:29 . 2010-05-07 23:42 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-06-27 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-05 688360]
.
c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-12-25 95232]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-07-05 688360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 116224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys [2008-07-26 14544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 19504]
S0 WAEMU;WAEMU;c:\windows\system32\Drivers\waemu.sys [2011-03-04 110136]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-07-05 113168]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [2009-03-02 89600]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2011-11-24 78208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 59904]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-06-27 655944]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-02 25136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-06-27 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 15:11]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05 15:11]
.
2012-07-07 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-06 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-09 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-09 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-09 410136]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-12-18 4099352]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"combofix"="c:\combofix\CF9123.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/mediaget/{6B1CAC1B-0070-4B5C-BFFE-3B56A5FB67CC}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.ncl.ac.uk/students/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - wwwcache.ncl.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-YourFileDownloader - c:\program files (x86)\YourFileDownloader\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-07-07 04:08:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 03:08
.
Pre-Run: 117,970,591,744 bytes free
Post-Run: 117,374,521,344 bytes free
.
- - End Of File - - 73BBFF75EBC8522CF8DDD9E34F90ECA2
 
Looks good :)

How is computer doing?

==================================

Are you running two AV programs, TM and Avast?
If so you must uninstall one of them.

====================================

Uninstall SpeedyPC Software.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


================================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi computer seems much happier. Trend Micro is not installed anymore, I think it was showing up because it was in charge when the rootkit took over. I have checked in add and remove programs. when I search the system the installers are still present along with some ini, dll, xml, inf and sys files all to do with TM. Shall I delete this stuff?

I have deleted Speedy PC Pro.

Do you know why Malwarebytes still the 'run as admin' shield on - I am wary as this was what most things looked like when infected.

here is log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1100
www.malwarebytes.org

Database version: v2012.07.07.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Claire :: CLAIRE-LAPTOP [administrator]

Protection: Disabled

07/07/2012 04:39:17
mbam-log-2012-07-07 (04-39-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220492
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
The quarantine tab of Malwarebytes still lists all the files found before (previous scans) how should I get rid of them? Thanks for getting us here, I was very worried. I am going to do OTL now then hopefully sleep with a peaceful mind. I have to work, but any thing else I need to do or is advisable let me know. I will post OTL log before sleep.
 
It asks this every time I run it. and the icon has the little blue/yellow shield over it when running.

Also I have been using a number of flash disks with work on and some of them were in the computer before I realised it was infected. If possible I would like too keep them as they are. Is it possible to check them for infection?
 
User Account Control (UAC) is a valid and important part of Windows protection.
 
OLT.txt

OTL logfile created on: 7/7/2012 5:17:08 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Claire\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 61.41% Memory free
7.60 Gb Paging File | 6.04 Gb Available in Paging File | 79.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 109.27 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CLAIRE-LAPTOP | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 05:14:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/25 01:34:18 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/11/14 17:30:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2009/07/22 13:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/06/25 02:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/05/12 23:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/05/12 23:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/02/20 15:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/25 01:34:18 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2009/07/22 13:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/05 21:21:33 | 000,688,360 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/01/05 13:30:10 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/10/20 16:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 04:18:24 | 001,924,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe -- (AESTFilters)
SRV - [2012/06/27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/20 22:09:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/28 20:23:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/05 13:30:10 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe -- (STacSV)
SRV - [2009/11/30 04:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/07/13 04:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/12 23:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) @C:\Program Files (x86)
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/20 15:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/05 21:21:40 | 000,113,168 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2012/07/05 10:10:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 09:58:44 | 000,078,208 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011/10/07 09:31:42 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2011/08/09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2011/03/04 03:12:56 | 000,110,136 | ---- | M] (WinArchiver Computing, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\waemu.sys -- (WAEMU)
DRV:64bit: - [2011/02/09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/04/21 08:54:40 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/01/05 13:30:10 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 15:24:38 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/11/27 19:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/11/22 01:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/05 15:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/30 15:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/02 14:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/28 11:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 11:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/10 04:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/12/30 11:59:04 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2008/12/13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/26 21:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5F061A35-E649-4B35-A091-4220D1DBEEBA}
IE:64bit: - HKLM\..\SearchScopes\{5F061A35-E649-4B35-A091-4220D1DBEEBA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/mediaget/{6B1CAC1B-0070-4B5C-BFFE-3B56A5FB67CC}
IE - HKLM\..\SearchScopes,DefaultScope = {A2479573-D1E3-4DAB-959B-8A5C87839384}
IE - HKLM\..\SearchScopes\{A2479573-D1E3-4DAB-959B-8A5C87839384}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\..\SearchScopes,DefaultScope = {A2479573-D1E3-4DAB-959B-8A5C87839384}
IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/br...-0070-4B5C-BFFE-3B56A5FB67CC}?q={searchTerms}
IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\..\SearchScopes\{A2479573-D1E3-4DAB-959B-8A5C87839384}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://my.ncl.ac.uk/students/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1164
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://wwwcache.nacl.ac.uk/"
FF - prefs.js..network.proxy.backup.ftp: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "wwwcache.ncl.ac.uk"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/04/21 09:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/28 19:17:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/11 15:55:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/11 15:55:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/05 13:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 22:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/07 20:49:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/04/21 09:08:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 22:09:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/07 20:49:40 | 000,000,000 | ---D | M]

[2010/05/08 00:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claire\AppData\Roaming\Mozilla\Extensions
[2012/06/19 23:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\extensions
[2012/03/13 01:32:12 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/06/19 23:30:25 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\qtdaurbc.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/02/06 01:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/31 21:43:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/20 22:09:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 22:09:05 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/20 22:09:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 22:09:05 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/20 22:09:05 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/20 22:09:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/20 22:09:05 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Bio3D (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
CHR - plugin: ChemDraw (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/07 04:01:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-998672669-1911217701-4201026386-1003..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B57CFBD5-C545-44B5-B3A8-D0307CF94AB8}: DhcpNameServer = 10.8.232.109 10.8.232.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDD1AEA9-7AFA-4EEB-9266-7665510C5D8B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
coninued....

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 05:14:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2012/07/07 04:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/07/07 04:01:16 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/07 03:46:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/07 03:46:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/07 03:46:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/07 03:08:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/07 03:08:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/07 03:05:11 | 004,573,044 | R--- | C] (Swearware) -- C:\Users\Claire\Desktop\ComboFix.exe
[2012/07/06 11:32:27 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/05 22:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/05 22:53:57 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2012/07/05 22:30:45 | 010,623,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
[2012/07/05 21:51:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Claire\Desktop\dds.com
[2012/07/05 18:13:49 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/05 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/05 18:08:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/05 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\DriverCure
[2012/07/05 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\SpeedyPC Software
[2012/07/05 17:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/05 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Google
[2012/07/05 16:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/05 16:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/05 13:04:35 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/05 13:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/05 13:04:34 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/05 13:04:33 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/05 13:04:30 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/05 13:04:29 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/05 13:04:28 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/05 13:04:28 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/05 13:03:43 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/05 13:03:42 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/05 13:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/05 13:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/05 12:44:47 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\TMRBLog
[2012/07/05 12:42:24 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\root.com
[2012/07/05 10:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/05 10:24:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/05 10:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/05 10:21:00 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/07/05 10:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/05 09:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/05 09:08:28 | 117,896,248 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
[2012/07/05 08:09:56 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/07/05 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MestReNova
[2012/07/04 00:18:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/30 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Nuance
[2012/06/30 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\FLEXnet
[2012/06/30 13:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0
[2012/06/30 13:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
[2012/06/30 13:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2012/06/30 13:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/06/30 13:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2012/06/30 10:33:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Uvfo
[2012/06/28 23:54:57 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\key prog
[2012/06/28 23:09:55 | 000,191,488 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll
[2012/06/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topas4-1
[2012/06/28 23:09:19 | 000,000,000 | ---D | C] -- C:\Topas4-1
[2012/06/28 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\Structure Database
[2012/06/28 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\Topas 4.1 (D)
[2012/06/27 07:28:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Apple Computer
[2012/06/27 07:28:29 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Apple Computer
[2012/06/27 07:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/27 07:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/27 07:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/27 07:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/27 07:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/06/27 07:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/27 07:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/27 07:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/27 07:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/26 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/26 18:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/25 17:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/20 21:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/20 21:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/17 07:54:28 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\New folder (3)
[2012/06/16 20:41:53 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw 2010
[2012/06/16 20:41:36 | 000,000,000 | ---D | C] -- C:\SmartDraw 2010
[2012/06/16 19:52:44 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\YourFileDownloader
[2012/06/16 19:51:45 | 004,110,768 | ---- | C] (http://yourfiledownloader.com) -- C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
[2012/06/16 19:05:41 | 000,000,000 | ---D | C] -- C:\Users\Claire\Documents\SmartDraw
[2012/06/16 19:05:20 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\SmartDraw
[2012/06/16 18:48:19 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\Keygen
[2012/06/16 18:21:18 | 000,000,000 | R--D | C] -- C:\Users\Claire\Documents\My Timelines
[2012/06/16 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Progeny
[2012/06/10 15:59:56 | 000,000,000 | ---D | C] -- C:\Users\Claire\Documents\My Kindle Content
[2012/06/10 15:59:50 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/06/10 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\Amazon
[2012/06/10 15:59:12 | 028,901,696 | ---- | C] (Amazon.com) -- C:\Users\Claire\Desktop\KindleForPC-installer.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 05:21:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 05:14:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Desktop\OTL.exe
[2012/07/07 04:35:57 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/07/07 04:12:39 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 04:12:39 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 04:06:23 | 000,794,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/07 04:06:23 | 000,677,762 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/07 04:06:23 | 000,129,066 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/07 04:01:58 | 000,001,091 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/07/07 04:01:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/07 04:01:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 04:00:18 | 000,000,410 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/07 04:00:17 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/07/07 03:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 03:59:46 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 03:05:16 | 004,573,044 | R--- | M] (Swearware) -- C:\Users\Claire\Desktop\ComboFix.exe
[2012/07/05 22:31:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/05 22:29:23 | 010,598,437 | ---- | M] () -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
[2012/07/05 21:48:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Claire\Desktop\dds.com
[2012/07/05 21:21:40 | 000,148,664 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2012/07/05 21:21:40 | 000,113,168 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2012/07/05 21:21:40 | 000,101,808 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2012/07/05 18:14:03 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
[2012/07/05 18:13:51 | 000,002,258 | ---- | M] () -- C:\0
[2012/07/05 16:12:47 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/05 16:12:47 | 000,002,241 | ---- | M] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/05 13:19:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/05 13:04:35 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/05 13:01:26 | 089,050,280 | ---- | M] () -- C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
[2012/07/05 12:42:24 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\root.com
[2012/07/05 10:24:30 | 000,001,135 | ---- | M] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/05 10:20:04 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/07/05 10:10:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/07/05 09:18:24 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2012/07/05 09:18:24 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2012/07/05 09:13:19 | 117,896,248 | ---- | M] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe
[2012/07/05 09:00:14 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/07/05 00:34:30 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\MestReNova.lnk
[2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 17:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 17:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 17:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/02 23:55:09 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2012/07/01 21:18:43 | 000,002,212 | ---- | M] () -- C:\Users\Claire\.csds_defaults
[2012/07/01 01:03:32 | 000,069,347 | ---- | M] () -- C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
[2012/06/30 16:25:16 | 000,002,075 | ---- | M] () -- C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
[2012/06/30 15:36:34 | 005,994,639 | ---- | M] () -- C:\Users\Claire\Documents\trainingcomputers.wma
[2012/06/30 15:11:49 | 000,153,149 | ---- | M] () -- C:\Users\Claire\Documents\Untitled.wma
[2012/06/30 13:10:21 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 08:58:30 | 010,623,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100.exe
[2012/06/27 07:28:21 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/25 19:02:50 | 075,951,566 | ---- | M] () -- C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
[2012/06/25 17:52:41 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/25 17:51:32 | 022,259,528 | ---- | M] () -- C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
[2012/06/22 00:36:49 | 000,733,146 | ---- | M] () -- C:\Users\Claire\Documents\AtomicTheory.pdf
[2012/06/20 21:31:02 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/17 01:32:25 | 000,099,589 | ---- | M] () -- C:\Users\Claire\Documents\LnCp3Timeline.sdr
[2012/06/16 20:41:53 | 000,000,655 | ---- | M] () -- C:\Users\Claire\Desktop\SmartDraw 2010.lnk
[2012/06/16 19:51:46 | 004,110,768 | ---- | M] (http://yourfiledownloader.com) -- C:\Users\Claire\Desktop\SmartDraw-2012-full-cracked-version.rar_downloader_98838a.exe
[2012/06/16 19:47:47 | 000,000,000 | ---- | M] () -- C:\Users\Claire\Desktop\smartdraw_crack_0.exe
[2012/06/16 19:20:12 | 000,001,682 | ---- | M] () -- C:\Users\Claire\Desktop\TERENASSLCA.cer
[2012/06/16 19:04:32 | 000,538,752 | ---- | M] () -- C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
[2012/06/16 18:32:46 | 024,043,176 | ---- | M] () -- C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
[2012/06/16 10:45:55 | 000,430,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 00:38:10 | 010,712,356 | ---- | M] () -- C:\Users\Claire\Documents\Hajdu.pdf
[2012/06/10 15:59:50 | 000,002,241 | ---- | M] () -- C:\Users\Claire\Desktop\Kindle.lnk
[2012/06/10 15:59:24 | 028,901,696 | ---- | M] (Amazon.com) -- C:\Users\Claire\Desktop\KindleForPC-installer.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/07 04:35:57 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/07/07 03:46:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/07 03:46:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/07 03:46:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/07 03:46:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/07 03:46:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/05 22:29:30 | 010,598,437 | ---- | C] () -- C:\Users\Claire\Desktop\mbam-setup-1.62.0.1100 (2).zip
[2012/07/05 19:13:04 | 000,185,835 | ---- | C] () -- C:\shldr
[2012/07/05 19:13:04 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
[2012/07/05 16:12:47 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/05 16:12:47 | 000,002,241 | ---- | C] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/05 16:11:58 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 16:11:57 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 13:04:35 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/05 13:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/05 13:01:12 | 089,050,280 | ---- | C] () -- C:\Users\Claire\Desktop\avast_free_antivirus_setup.exe
[2012/07/05 10:24:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/05 10:24:30 | 000,001,135 | ---- | C] () -- C:\Users\Claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/05 09:28:56 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/07/05 09:28:53 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/05 09:00:14 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/07/05 00:34:30 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\MestReNova.lnk
[2012/07/01 01:03:32 | 000,069,347 | ---- | C] () -- C:\Users\Claire\Documents\CFJ0018arsub-1.diamdoc
[2012/06/30 16:25:16 | 000,002,075 | ---- | C] () -- C:\Users\Claire\AppData\Roaming\SAS7_000.DAT
[2012/06/30 15:36:34 | 005,994,639 | ---- | C] () -- C:\Users\Claire\Documents\trainingcomputers.wma
[2012/06/30 15:11:49 | 000,153,149 | ---- | C] () -- C:\Users\Claire\Documents\Untitled.wma
[2012/06/30 15:03:49 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/06/30 13:10:21 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2012/06/27 07:28:21 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/25 17:52:41 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/25 17:51:26 | 022,259,528 | ---- | C] () -- C:\Users\Claire\Desktop\vlc-2.0.1-win32.exe
[2012/06/23 23:45:44 | 075,951,566 | ---- | C] () -- C:\Users\Claire\Documents\Nd3+ absorption spec.bmp
[2012/06/22 00:36:49 | 000,733,146 | ---- | C] () -- C:\Users\Claire\Documents\AtomicTheory.pdf
[2012/06/17 01:32:25 | 000,099,589 | ---- | C] () -- C:\Users\Claire\Documents\LnCp3Timeline.sdr
[2012/06/16 20:41:53 | 000,000,655 | ---- | C] () -- C:\Users\Claire\Desktop\SmartDraw 2010.lnk
[2012/06/16 19:47:47 | 000,000,000 | ---- | C] () -- C:\Users\Claire\Desktop\smartdraw_crack_0.exe
[2012/06/16 19:20:12 | 000,001,682 | ---- | C] () -- C:\Users\Claire\Desktop\TERENASSLCA.cer
[2012/06/16 19:04:28 | 000,538,752 | ---- | C] () -- C:\Users\Claire\Desktop\smartdraw_YZ_SKTS7_setup.exe
[2012/06/16 18:32:45 | 024,043,176 | ---- | C] () -- C:\Users\Claire\Desktop\TimeLine_Maker_Pro_2.1.8.3_incl_keygen-_p30download.com_.zip
[2012/06/13 00:38:09 | 010,712,356 | ---- | C] () -- C:\Users\Claire\Documents\Hajdu.pdf
[2012/06/10 15:59:50 | 000,002,241 | ---- | C] () -- C:\Users\Claire\Desktop\Kindle.lnk
[2011/08/17 11:31:00 | 000,070,667 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011/07/10 13:56:31 | 000,004,608 | ---- | C] () -- C:\Users\Claire\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 11:33:57 | 000,000,040 | -HS- | C] () -- C:\Users\Claire\AppData\Roaming\.zreglib
[2010/07/28 11:19:36 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\sysplog2.dll
[2010/07/28 11:19:32 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\sysplog.dll
[2010/07/23 01:06:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/06/21 22:30:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/18 16:47:10 | 000,002,212 | ---- | C] () -- C:\Users\Claire\.csds_defaults

========== LOP Check ==========

[2010/07/28 15:28:04 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Any DVD Clone
[2010/07/29 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Any DVD Cloner Platinum
[2012/05/13 23:23:10 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\BatteryCare
[2010/05/08 01:00:38 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/08/17 11:36:46 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Birdstep Technology
[2012/07/05 18:06:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\BitTorrent
[2010/06/18 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\CCDC
[2010/05/07 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\DigitalPersona
[2012/07/05 17:33:29 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\DriverCure
[2011/10/31 10:23:05 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Dropbox
[2012/07/05 18:06:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\EndNote
[2012/07/05 18:06:32 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\ICAClient
[2012/05/13 03:21:24 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Interactive Text
[2010/10/13 21:38:34 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\IrfanView
[2012/07/05 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Mestrelab Research S.L
[2010/07/05 01:38:53 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Nokia
[2012/06/30 13:15:50 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Nuance
[2010/06/18 16:19:55 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Olex2Data
[2010/07/05 01:50:40 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\PC Suite
[2012/06/16 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Progeny
[2012/06/16 20:42:19 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\SmartDraw
[2012/07/05 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\SpeedyPC Software
[2012/06/10 01:30:45 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Spotify
[2012/07/05 09:54:52 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\Uvfo
[2012/06/16 19:52:44 | 000,000,000 | ---D | M] -- C:\Users\Claire\AppData\Roaming\YourFileDownloader
[2012/07/05 17:41:04 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:B946D9EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
 
Extras.txt

OTL Extras logfile created on: 7/7/2012 5:17:08 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Claire\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 61.41% Memory free
7.60 Gb Paging File | 6.04 Gb Available in Paging File | 79.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 109.27 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CLAIRE-LAPTOP | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B1F7FA7-906C-4AF0-8BD8-AADDF5FE28BC}" = Dell Backup and Recovery Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{FC09380E-74BE-41F5-8353-E97113969040}" = DigitalPersona Personal 4.01
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DW WLAN Card" = DW WLAN Card
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48DEAAF2-8276-4BBD-B7B6-91E454938476}" = CambridgeSoft ChemDraw Ultra 12.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{658E1017-A88D-4C19-8DED-87BA0A9E18AD}" = TalkByText Home Edition
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82AED4DB-D864-432B-BCF2-9A44C025EA62}" = JChem .NET API 5.4.1.1062
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B3151C01-8EEA-4328-892E-B3176FA5DBAC}" = Topas4-1
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.9.0
"{D1E0A65E-AA8C-4F3E-BB0A-B60C2C62DD3E}" = Diamond 3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D81A0984-D494-4603-9BDE-C290B9DF02C8}" = PANalytical X'Pert HighScore
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.0.6
"avast" = avast! Free Antivirus
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BitTorrent" = BitTorrent
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cambridge Structural Database System 2012 5.33" = Cambridge Structural Database System 2012
"ChemAxon Marvin Beans 5.4.1.1" = ChemAxon Marvin Beans 5.4.1.1
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"Huawei Modems" = Huawei modem
"IrfanView" = IrfanView (remove only)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1100
"MestReNova" = MestReNova 7.1.2-10008
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.0.2.377
"Nokia PC Suite" = Nokia PC Suite
"Platon for Windows Taskbar_is1" = Platon Taskbar 1.15
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Searchqu Toolbar" = Searchqu Toolbar
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Spartan '08 V1.2.0" = Spartan '08 V1.2.0
"Spotify" = Spotify
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 2.0.1
"WinArchiver Virtual Drive" = WinArchiver Virtual Drive
"WinDjView" = WinDjView 1.0.3
"WinGX_is1" = Uninstall WinGX
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-998672669-1911217701-4201026386-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2011 1:59:32 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2011 3:47:21 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 12/18/2011 3:50:11 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/19/2011 8:55:44 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/20/2011 8:19:42 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/20/2011 8:53:08 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 12/21/2011 9:44:53 AM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/22/2011 8:41:27 PM | Computer Name = Claire-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/22/2011 9:14:01 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 12/22/2011 9:16:55 PM | Computer Name = Claire-laptop | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ DigitalPersona Pro Events ]
Error - 12/26/2010 10:16:49 PM | Computer Name = Claire-laptop | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ Media Center Events ]
Error - 5/8/2012 11:17:12 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 16:17:12 - Error connecting to the internet. 16:17:12 - Unable
to contact server..

Error - 5/8/2012 11:20:43 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 16:20:37 - Error connecting to the internet. 16:20:37 - Unable
to contact server..

Error - 5/8/2012 12:20:49 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 17:20:49 - Error connecting to the internet. 17:20:49 - Unable
to contact server..

Error - 5/8/2012 12:20:55 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 17:20:54 - Error connecting to the internet. 17:20:54 - Unable
to contact server..

Error - 5/14/2012 11:53:12 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 16:53:12 - Error connecting to the internet. 16:53:12 - Unable
to contact server..

Error - 5/14/2012 11:56:41 AM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 16:56:37 - Error connecting to the internet. 16:56:37 - Unable
to contact server..

Error - 5/23/2012 3:39:27 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 20:39:27 - Error connecting to the internet. 20:39:27 - Unable
to contact server..

Error - 5/23/2012 3:39:37 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 20:39:32 - Error connecting to the internet. 20:39:32 - Unable
to contact server..

Error - 5/27/2012 7:28:39 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 00:28:39 - Error connecting to the internet. 00:28:39 - Unable
to contact server..

Error - 5/27/2012 7:28:48 PM | Computer Name = Claire-laptop | Source = MCUpdate | ID = 0
Description = 00:28:45 - Error connecting to the internet. 00:28:45 - Unable
to contact server..

[ OSession Events ]
Error - 5/18/2010 12:31:22 AM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 63445
seconds with 27120 seconds of active time. This session ended with a crash.

Error - 5/18/2010 12:34:56 AM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 12:55:30 AM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 64893
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 10/28/2010 2:02:32 PM | Computer Name = Claire-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 226
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/6/2012 10:00:47 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%2

Error - 7/6/2012 10:01:52 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/6/2012 10:01:52 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/6/2012 10:54:10 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/6/2012 10:58:08 PM | Computer Name = Claire-laptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/6/2012 10:58:48 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/6/2012 10:58:54 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/6/2012 11:00:16 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/6/2012 11:02:33 PM | Computer Name = Claire-laptop | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 7/6/2012 11:03:32 PM | Computer Name = Claire-laptop | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%126


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV:64bit: - [2012/07/05 10:10:27 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
[2012/07/05 12:42:24 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\root.com
[2012/07/05 10:21:00 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/07/05 10:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/05 09:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/05 09:08:28 | 117,896,248 | ---- | C] (Trend Micro Inc.) -- C:\Users\Claire\Desktop\TTi_5.0_HE_Full.exe

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hello again,

I am having to run the OTL fix from Safe Mode I hope that is OK. It kept not responding in Normal mode. I will post the log after reboot (on another computer here).
 
On reboot MalwareBytes notified me of this:

2012/07/07 01:58:44 +0100 CLAIRE-LAPTOP Claire MESSAGE Executing scheduled update: Daily
2012/07/07 01:58:45 +0100 CLAIRE-LAPTOP Claire ERROR Scheduled update failed: No address found failed with error code 0
2012/07/07 02:55:21 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
2012/07/07 02:55:23 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
2012/07/07 02:55:26 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
2012/07/07 02:55:26 +0100 CLAIRE-LAPTOP Claire ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/07/07 03:02:50 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
2012/07/07 03:02:53 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
2012/07/07 03:02:56 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
2012/07/07 03:02:56 +0100 CLAIRE-LAPTOP Claire ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/07/07 04:03:04 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
2012/07/07 04:03:06 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
2012/07/07 04:03:09 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
2012/07/07 04:03:11 +0100 CLAIRE-LAPTOP Claire MESSAGE IP Protection started successfully
2012/07/07 04:03:19 +0100 CLAIRE-LAPTOP Claire MESSAGE Stopping IP protection
2012/07/07 04:05:22 +0100 CLAIRE-LAPTOP Claire MESSAGE IP Protection stopped
2012/07/07 04:38:45 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting database refresh
2012/07/07 04:38:55 +0100 CLAIRE-LAPTOP Claire MESSAGE Database refreshed successfully
2012/07/07 14:57:16 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting protection
2012/07/07 14:57:20 +0100 CLAIRE-LAPTOP Claire MESSAGE Protection started successfully
2012/07/07 14:57:24 +0100 CLAIRE-LAPTOP Claire MESSAGE Starting IP protection
2012/07/07 14:57:26 +0100 CLAIRE-LAPTOP Claire MESSAGE IP Protection started successfully
2012/07/07 15:15:04 +0100 CLAIRE-LAPTOP Claire IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49922, Process: avastsvc.exe)
2012/07/07 15:15:04 +0100 CLAIRE-LAPTOP Claire IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49923, Process: avastsvc.exe)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back