Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
15 replies to this topic

#1 LSGMgmt

LSGMgmt

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 26 May 2011 - 07:05 AM

Hello and thank you for this chance to deal with this!

Looking into a program in my MSCONFIG startup called "SVUpdate" got me going starting with HIJACK THIS and leading to you. Here is the log from the HIJACK THIS scan. I have done nothing to anything but am very concerned about SVCupdate.
Thank you in advance for your assistance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:59:01 AM, on 5/26/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Real\RealPlayer\RecordingManager.exe
C:\Program Files (x86)\Adobe Media Player\Adobe Media Player.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\LSG\Downloads\hijack this\HijackThis.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\LSG\Downloads\malware\dds.scr
C:\Windows\SysWOW64\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeAcrobat5] C:\Windows\system32\MSOffice\update.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SvUpdate] C:\Users\LSG\AppData\Roaming\Windows NT\svchost.exe
O4 - HKCU\..\Run: [AdobeAcrobat6] C:\Windows\system32\MSOffice\update.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\LSG\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\MSOffice\update.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\MSOffice\update.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Sprint Con App Svc (CASprint) - PCTEL - C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 11407 bytes

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 02 June 2011 - 11:34 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 LSGMgmt

LSGMgmt
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 02 June 2011 - 07:14 PM

I was glad to get your response and thank you for taking time with this. Below are the two scan reports you requested. As far as an update on this computer ... the internet is excruciatingly slow. I am using an overdrive [rp hot spot from Sprint. They replaced it yesterday so its a new one. Web pasges load very slow ... downloads can be measured in kb.

Thank you again. I look forward to where this all goes.

L

OTL logfile created on: 6/2/2011 4:45:05 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\LSG\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 58.51% Memory free
7.93 Gb Paging File | 6.26 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 48.01 Gb Free Space | 10.31% Space Free | Partition Type: NTFS

Computer Name: LSG-PC | User Name: LSG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 16:34:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\LSG\Desktop\OTL.exe
PRC - [2011/05/25 11:09:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/04/18 10:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/07/20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 17:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 16:34:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\LSG\Desktop\OTL.exe
MOD - [2011/04/18 10:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 20:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/10/08 15:08:42 | 000,149,504 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/29 13:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 19:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV - [2010/07/20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2010/05/05 00:58:36 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/15 12:02:34 | 000,111,872 | ---- | M] (PCTEL) [Disabled | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/10/15 12:02:02 | 000,124,160 | ---- | M] (PCTEL) [Disabled | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/26 04:12:41 | 000,150,520 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2011/04/18 10:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/06 15:47:57 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/21 17:00:02 | 000,032,424 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/06/20 20:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/06/20 20:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/05/12 15:42:50 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2010/04/26 19:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 19:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2010/04/26 19:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/04/26 19:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/08/13 15:10:20 | 000,034,304 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swvspser.sys -- (swvspser)
DRV:64bit: - [2009/08/04 11:42:00 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2009/08/04 11:40:58 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 13:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 20:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 01:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/04 08:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/08 18:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/10/15 11:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/10/15 11:58:26 | 000,247,808 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/10/15 11:56:10 | 000,043,032 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2007/07/26 10:28:54 | 000,055,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV:64bit: - [2007/04/27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007/04/27 08:40:00 | 000,056,872 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2007/01/18 15:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2011/01/21 18:47:28 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/10/05 15:10:42 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (Aspi32)
DRV - [2009/02/10 18:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2008/10/15 11:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search
IE - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 4B 32 BD 2E F5 CB 01 [binary data]
IE - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/advanced_search?hl=en&authuser=0"
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.7
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.8.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/14 13:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/05 19:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 09:26:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/05/31 09:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins

[2011/03/02 18:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LSG\AppData\Roaming\Mozilla\Extensions
[2011/06/02 16:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions
[2011/03/08 00:08:55 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/03/02 18:27:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/02 18:27:53 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2011/03/02 18:27:53 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/04/05 01:14:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/28 01:49:16 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/05/07 11:38:32 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/02/21 02:16:27 | 000,000,705 | ---- | M] () -- C:\Users\LSG\AppData\Roaming\Mozilla\Firefox\Profiles\mji1i0w7.default\searchplugins\webster.xml
File not found (No name found) --
() (No name found) -- C:\USERS\LSG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MJI1I0W7.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
() (No name found) -- C:\USERS\LSG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MJI1I0W7.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI
() (No name found) -- C:\USERS\LSG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MJI1I0W7.DEFAULT\EXTENSIONS\BIGNEWTAB@GKN.ME.UK.XPI
() (No name found) -- C:\USERS\LSG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MJI1I0W7.DEFAULT\EXTENSIONS\SORTPLACES@ANDYHALFORD.COM.XPI
() (No name found) -- C:\USERS\LSG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MJI1I0W7.DEFAULT\EXTENSIONS\TABSOPENRELATIVE-MOD@WORLD3.NET.XPI
() (No name found) -- C:\USERS\LSG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MJI1I0W7.DEFAULT\EXTENSIONS\TILETABS@DW-DEV.XPI
() (No name found) -- C:\USERS\LSG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MJI1I0W7.DEFAULT\EXTENSIONS\ZOOMPAGE@DW-DEV.XPI
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

O1 HOSTS File: ([2011/05/26 04:54:06 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Mouse Gestures) - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll (Drowse)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2104958060-2083299904-761906441-1000..\Run: [Google Update] File not found
O4 - HKU\S-1-5-21-2104958060-2083299904-761906441-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-2104958060-2083299904-761906441-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\MSOffice\update.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2104958060-2083299904-761906441-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\MSOffice\update.exe
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll (Drowse)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\LSG\AppData\Roaming\recyclerr\recyclerr.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{422789f3-4448-11e0-bb22-002219ebb5a4}\Shell - "" = AutoRun
O33 - MountPoints2\{422789f3-4448-11e0-bb22-002219ebb5a4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e799985e-8134-11e0-98ac-002219ebb5a4}\Shell - "" = AutoRun
O33 - MountPoints2\{e799985e-8134-11e0-98ac-002219ebb5a4}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{f3be124b-7fdb-11e0-a82b-002219ebb5a4}\Shell - "" = AutoRun
O33 - MountPoints2\{f3be124b-7fdb-11e0-a82b-002219ebb5a4}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 16:33:25 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\LSG\Desktop\OTL.exe
[2011/06/02 11:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver
[2011/05/31 09:26:42 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/05/31 09:26:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/05/31 09:26:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/05/31 09:26:02 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2011/05/31 09:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/05/31 09:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/05/30 04:52:13 | 000,000,000 | ---D | C] -- C:\Users\LSG\Desktop\LSF EDIT PROJECTS FINISHED
[2011/05/30 04:50:21 | 000,000,000 | ---D | C] -- C:\Users\LSG\Desktop\__REFERENCE
[2011/05/30 03:07:05 | 000,000,000 | ---D | C] -- C:\RealPlayer SP Plus 1.1.1.12.0.0.614
[2011/05/30 03:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/05/30 03:01:02 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2011/05/30 03:01:02 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2011/05/30 03:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2011/05/29 22:05:27 | 000,000,000 | ---D | C] -- C:\Users\LSG\HANGOVER 2
[2011/05/29 21:20:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MEDIA
[2011/05/29 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Avid Projects
[2011/05/29 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\LSG\bridesmaid
[2011/05/28 13:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0
[2011/05/26 04:13:17 | 000,000,000 | ---D | C] -- C:\Users\LSG\DoctorWeb
[2011/05/26 04:12:41 | 000,150,520 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\dwprot.sys
[2011/05/23 06:37:05 | 000,000,000 | ---D | C] -- C:\Users\LSG\Documents\A
[2011/05/18 09:39:28 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
[2011/05/18 09:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/05/18 09:38:08 | 000,030,336 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2011/05/18 09:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sprint
[2011/05/18 09:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sprint
[2011/05/18 09:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research in Motion
[2011/05/18 09:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motorola Shared
[2011/05/18 09:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sprint
[2011/05/18 09:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
[2011/05/18 09:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[2011/05/16 18:13:39 | 000,000,000 | ---D | C] -- C:\Users\LSG\Desktop\Benedict Arnold-VS Promo 2
[2011/05/16 14:03:53 | 000,000,000 | ---D | C] -- C:\Users\LSG\Desktop\Desk
[2011/05/16 13:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless
[2011/05/16 13:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2011/05/16 13:32:54 | 000,000,000 | ---D | C] -- C:\Users\LSG\AppData\Roaming\Sierra Wireless
[2011/05/12 16:27:50 | 000,000,000 | ---D | C] -- C:\Users\LSG\Documents\New folder
[2011/05/12 16:04:05 | 000,000,000 | ---D | C] -- C:\Users\LSG\Documents\PASS
[2011/05/11 02:20:46 | 000,000,000 | ---D | C] -- C:\Users\LSG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EasyRecovery Professional
[2011/05/11 02:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyRecovery Professional
[2011/05/11 02:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ontrack
[2011/05/10 23:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/05/10 16:34:27 | 000,000,000 | ---D | C] -- C:\Users\LSG\Documents\Quicken
[2011/05/06 17:13:58 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2011/05/06 17:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2011
[2011/05/06 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2011/05/06 17:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2011/05/06 17:12:58 | 000,000,000 | ---D | C] -- C:\Users\LSG\AppData\Roaming\Intuit
[2011/05/06 17:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/05/05 12:09:10 | 000,544,256 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\SysWow64\mmclient.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\LSG\*.tmp files -> C:\Users\LSG\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 16:34:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\LSG\Desktop\OTL.exe
[2011/06/02 16:31:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104958060-2083299904-761906441-1000UA.job
[2011/06/02 13:14:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/02 11:20:03 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 11:20:03 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 10:55:55 | 012,441,625 | ---- | M] () -- C:\Users\LSG\Desktop\Charlie Brooker_s Screenwipe - Reality TV Editing.flv
[2011/06/02 10:50:10 | 014,083,350 | ---- | M] () -- C:\Users\LSG\Desktop\Film editing with Albert Brooks.flv
[2011/06/02 10:10:56 | 3193,614,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 19:31:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104958060-2083299904-761906441-1000Core.job
[2011/05/31 09:26:47 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2011/05/31 09:26:42 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/05/31 09:26:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/05/31 09:26:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/05/31 09:26:02 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2011/05/31 09:26:02 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2011/05/31 09:26:02 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2011/05/30 21:22:07 | 1141,109,118 | ---- | M] () -- C:\Users\LSG\Desktop\LSG -161 submitted v2.mov
[2011/05/30 04:47:09 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/30 04:47:09 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/30 04:47:09 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/30 04:43:01 | 004,972,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/30 04:41:09 | 000,002,743 | ---- | M] () -- C:\Users\Public\Desktop\Avid Media Composer.lnk
[2011/05/26 04:54:06 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/26 04:12:41 | 000,150,520 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\dwprot.sys
[2011/05/25 16:38:21 | 000,005,357 | ---- | M] () -- C:\Windows\SysNative\The second he got caught cheating she threw him out and a box full of his bleep went with him! Lucky for us in the box was this hot amateur porno tape they made before she gave him the boot! Priscill.flv.lnk
[2011/05/24 02:03:26 | 000,083,512 | ---- | M] () -- C:\Users\LSG\Desktop\icones.zip
[2011/05/16 17:34:23 | 000,001,303 | ---- | M] () -- C:\Users\LSG\Desktop\Benedict Arnold-VS Promo - Shortcut.lnk
[2011/05/12 00:47:42 | 000,530,753 | ---- | M] () -- C:\Users\LSG\Documents\set-up-code-list.pdf
[2011/05/06 17:13:20 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/05/05 12:09:10 | 000,544,256 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWow64\mmclient.dll
[2011/05/04 04:26:07 | 000,002,515 | ---- | M] () -- C:\Users\LSG\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\LSG\*.tmp files -> C:\Users\LSG\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 10:31:52 | 012,441,625 | ---- | C] () -- C:\Users\LSG\Desktop\Charlie Brooker_s Screenwipe - Reality TV Editing.flv
[2011/06/02 10:27:02 | 014,083,350 | ---- | C] () -- C:\Users\LSG\Desktop\Film editing with Albert Brooks.flv
[2011/05/31 09:26:47 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2011/05/30 21:20:16 | 1141,109,118 | ---- | C] () -- C:\Users\LSG\Desktop\LSG -161 submitted v2.mov
[2011/05/30 04:54:28 | 000,938,452 | ---- | C] () -- C:\Users\LSG\Desktop\LSG sig.jpg
[2011/05/30 04:54:28 | 000,041,189 | ---- | C] () -- C:\Users\LSG\Desktop\LSG sig 1.jpg
[2011/05/30 04:41:09 | 000,002,743 | ---- | C] () -- C:\Users\Public\Desktop\Avid Media Composer.lnk
[2011/05/24 02:03:26 | 000,083,512 | ---- | C] () -- C:\Users\LSG\Desktop\icones.zip
[2011/05/17 04:34:15 | 001,931,848 | ---- | C] () -- C:\Users\LSG\Desktop\COC LOGO EFFECT_x264.mp4
[2011/05/16 17:34:23 | 000,001,303 | ---- | C] () -- C:\Users\LSG\Desktop\Benedict Arnold-VS Promo - Shortcut.lnk
[2011/05/16 13:34:49 | 000,028,808 | ---- | C] () -- C:\Windows\SysNative\drivers\swmsflt.sys
[2011/05/12 00:47:41 | 000,530,753 | ---- | C] () -- C:\Users\LSG\Documents\set-up-code-list.pdf
[2011/05/06 17:12:51 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/26 22:28:02 | 000,190,124 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/15 11:38:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/15 01:25:42 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/15 00:44:57 | 000,059,206 | ---- | C] () -- C:\Users\LSG\AppData\Roaming\SQLite3.dll
[2011/04/15 00:44:55 | 000,061,440 | ---- | C] () -- C:\Users\LSG\AppData\Roaming\chrtmp
[2011/03/14 01:51:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/05 19:50:11 | 000,037,839 | ---- | C] () -- C:\Users\LSG\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/03/02 18:03:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/09 16:21:02 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\ntrights.exe
[2009/10/05 16:09:42 | 001,658,973 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll
[2009/10/05 16:09:42 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\PtSSE2.dll
[2009/10/05 16:09:42 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\Cpuinf32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/15 11:58:34 | 000,028,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/02/08 17:20:32 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\winOGL.dll
[2006/04/07 17:25:58 | 000,000,015 | -H-- | C] () -- C:\Users\LSG\AppData\Roaming\logs.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 1238 bytes -> C:\ProgramData\Microsoft:ZBFUQLFqKxCdMy1TgZotFi79
@Alternate Data Stream - 1165 bytes -> C:\ProgramData\Microsoft:bvQbnR82Vrv8Pe65HZrU
@Alternate Data Stream - 1145 bytes -> C:\Users\LSG\AppData\Local\Temp:adME7kwLgzuK4Plf
@Alternate Data Stream - 1117 bytes -> C:\ProgramData\Microsoft:HYHQjmo00YC7ejnPmAb9sWMv5z
@Alternate Data Stream - 1098 bytes -> C:\ProgramData\Microsoft:4KqHXln8B2QjweAEvKtV
@Alternate Data Stream - 1095 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:SEJxe0HOBMakX3kHb
@Alternate Data Stream - 1019 bytes -> C:\ProgramData\Microsoft:0EpYHrAixyXEURNdEro

< End of report >

OTL Extras logfile created on: 6/2/2011 4:45:05 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\LSG\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 58.51% Memory free
7.93 Gb Paging File | 6.26 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 48.01 Gb Free Space | 10.31% Space Free | Partition Type: NTFS

Computer Name: LSG-PC | User Name: LSG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files (x86)\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files (x86)\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2226CE02-C89A-444A-96F5-C4B355BFFE29}" = Knoll Light Factory
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Intel® PROSet/Wireless WiFi Driver
"{2F227ACA-204C-4529-BA33-D095C42C72DB}" = Avid Audio Drivers (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48A97A6D-BDB0-4BD2-9F48-48107D902477}" = Knoll 3D Flares
"{4D0EB6AA-93C6-452F-A540-6A105AB3A02C}" = Red Giant Text Anarchy
"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{954AB6B3-B4B4-43C0-9355-DE8A888446D4}" = MacDrive 8
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{97F381E0-CCC3-4F22-9078-033CBC597391}" = Red Giant Psunami
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BD5D2BEF-8EDE-4CEA-AF85-4BF665699D26}" = ToonIt
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24185972-C785-4D02-82A1-632FD14C14EC}" = Avid MediaLog
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3AAAAA09-1385-4632-AFF3-6A9D3B4634EC}" = Mouse Gestures for Internet Explorer (x86)
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}" = Sierra Wireless USB MUX Driver Package
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5AE7D9E5-9530-4216-98EA-C3E7D0752FB3}" = Avid Log Exchange
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5F6C549F-78DA-4E0E-AE70-0BD981936D99}" = Nuance PDF Reader
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6D7D94E8-7B49-400C-843E-C1E7C3396893}" = Avid Media Composer
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7F0E4311-D46D-456E-97CC-44F7E331DE66}" = Sorenson Squeeze 7.0
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7BE4592-E101-4806-BF9A-D88CF5E387E4}" = MetaSync
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5BC49DF-35C6-4C01-A79F-E638E4BF19B3}" = Avid EDL Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{E8692F58-03E1-4DBB-8D1A-A70AB1DC634A}" = Avid FilmScribe
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.2.2
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"InstallShield_{2226CE02-C89A-444A-96F5-C4B355BFFE29}" = Knoll Light Factory
"InstallShield_{48A97A6D-BDB0-4BD2-9F48-48107D902477}" = Knoll 3D Flares
"InstallShield_{4D0EB6AA-93C6-452F-A540-6A105AB3A02C}" = Red Giant Text Anarchy
"InstallShield_{97F381E0-CCC3-4F22-9078-033CBC597391}" = Red Giant Psunami
"InstallShield_{BD5D2BEF-8EDE-4CEA-AF85-4BF665699D26}" = ToonIt
"klvideoconvert_is1" = K-Lite Video Conversion Pack 1.6.0
"Knoll Light Factory Pro 2.5 AVX" = Knoll Light Factory Pro 2.5 AVX
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.15
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealPlayer 12.0" = RealPlayer
"Red Giant ToonIt AVX" = Red Giant ToonIt AVX
"Starry Night Pro Plus 6" = Starry Night Pro Plus 6
"Tidy Start Menu" = Tidy Start Menu
"TrueCrypt" = TrueCrypt
"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009
"UltraISO_is1" = UltraISO Premium V9.35
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2104958060-2083299904-761906441-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 LSGMgmt

LSGMgmt
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 02 June 2011 - 07:19 PM

PS

Antarctica? Really?

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 02 June 2011 - 07:26 PM

Hi!

Lets see where we stand after these scans:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O4 - HKU\S-1-5-21-2104958060-2083299904-761906441-1000..\Run: [Google Update] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\LSG\AppData\Roaming\recyclerr\recyclerr.exe) - File not found
    O33 - MountPoints2\{422789f3-4448-11e0-bb22-002219ebb5a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{422789f3-4448-11e0-bb22-002219ebb5a4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{e799985e-8134-11e0-98ac-002219ebb5a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{e799985e-8134-11e0-98ac-002219ebb5a4}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    O33 - MountPoints2\{f3be124b-7fdb-11e0-a82b-002219ebb5a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3be124b-7fdb-11e0-a82b-002219ebb5a4}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    [2011/05/25 16:38:21 | 000,005,357 | ---- | M] () -- C:\Windows\SysNative\The second he got caught cheating she threw him out and a box full of his bleep went with him! Lucky for us in the box was this hot amateur porno tape they made before she gave him the boot! Priscill.flv.lnk
    [2006/04/07 17:25:58 | 000,000,015 | -H-- | C] () -- C:\Users\LSG\AppData\Roaming\logs.dat
    @Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:FB1B13D8
    @Alternate Data Stream - 1238 bytes -> C:\ProgramData\Microsoft:ZBFUQLFqKxCdMy1TgZotFi79
    @Alternate Data Stream - 1165 bytes -> C:\ProgramData\Microsoft:bvQbnR82Vrv8Pe65HZrU
    @Alternate Data Stream - 1145 bytes -> C:\Users\LSG\AppData\Local\Temp:adME7kwLgzuK4Plf
    @Alternate Data Stream - 1117 bytes -> C:\ProgramData\Microsoft:HYHQjmo00YC7ejnPmAb9sWMv5z
    @Alternate Data Stream - 1098 bytes -> C:\ProgramData\Microsoft:4KqHXln8B2QjweAEvKtV
    @Alternate Data Stream - 1095 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:SEJxe0HOBMakX3kHb
    @Alternate Data Stream - 1019 bytes -> C:\ProgramData\Microsoft:0EpYHrAixyXEURNdEro
    
    :Reg
    
    :Files
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\windows\\system32\\userinit.exe,"
    "Shell"="explorer.exe"
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 05 June 2011 - 12:05 PM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 06 June 2011 - 11:18 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 07 June 2011 - 02:00 PM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 07 June 2011 - 02:01 PM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 09 June 2011 - 08:07 AM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 10 June 2011 - 09:35 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 14 June 2011 - 07:42 AM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 16 June 2011 - 10:34 AM

Still with me?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 18 June 2011 - 03:47 PM

Hi!

Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.


Thanks,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 21 June 2011 - 01:40 PM

Still with me?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users