Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects / Windows Security Center Cannot be Enbaled


  • This topic is locked This topic is locked
3 replies to this topic

#1 rikster1x

rikster1x

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 15 October 2011 - 05:38 AM

Hi there - I really hope you can help!

1) I got a virus recently which disables (or at least that's what I think it's doing) "Windows Security Center". I've tried re-enabling it by opening up services, scrolling down to "Security Center", and once opened, I select the "automatic" option, click apply and then click start. Unfortunately, seconds later, I get a message saying (at the bottom right corner of the screen from "Windows Action Center") that the Security Center is disabled.

2) I use Norton Internet Security 2011, have used the Malwarebytes quick scan, OTL Tool and TDSS Killer based on the guidance I saw you give on another forum post - http://www.bleepingcomputer.com/forums/topic411624.html. Like in this user's problem, when I used Spybot, it detects the following:

Microsoft.WindowsSecurityCenter_disabled:

[SBI $2E20C9A9] Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2

[SBI $2E20C9A9] Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2 (64 bit)

I then proceed to click on "Fix selected problems", which, unfortunately, does not work.

3) In addition to disabling the Security Center, it also appears to have hijacked my Internet browser (Firefox 7.0.1 with NoScript enabled) and Internet Explorer 9. Sometimes, when I click on a website link, it either redirects me back to the Google home page, or sends me to different video sharing websites. Thankfully it hasn't sent me to any advertising sites, or even explicit sex ones for that matter.

5) I was going to use a "system restore point", but I beleieve this may be infected from what I have read too. I am not even sure whether I have one (dont shoot me please).

6) I'm trying to stay away from the last resort, which in my case is reformatting the computer, because I have no external hard drive, and I have close to 1.2 gigs in use at the moment.

7) I tried using the GMER program 3 times, however it didn't work. I then read that it does not work on 64 bit versions of Windows, which is my case.

9) I also tried using TDSSKiller, but that too didn't work.

10) I've also cleared my Java cache, and still get the problem. Both Firefox and IE redirect my searches. (Either back to Google or hxxp://www.videobash.com/video_play?utm_source=chad_new_source&utm_medium=PT&utm_campaign=chad_new_source-shortvideopage) It's a another video sharing website. Also, my connection seems to be getting slower and slower. However, I have another computer on the same network, but that one works perfectly fine.

Also, I'm using Windows 7 Home Premium (64 bit), and when I used all of the aforementioned programs, I made sure I ran them as an administrator.

If there's any other information (or logs) I can share, please let me know.

Thanks for taking the time to look at my problem. I really really appreciate it! :)

Rikster

I shall post the DDS Log, the OTL Log and The Malwarebytes Logs here.

-----------------------------------------------------------------------------------------------------------------------------


DDS Log
_________________________________________________________________________________________

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Rik at 11:22:48 on 2011-10-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.3972 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Rik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\Rik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C3E1FFC-C02E-472A-BDB1-C2D9D9C2657B} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [2011-9-29 1152632]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111014.031\IDSviA64.sys [2011-10-15 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-9 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-10-14 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-9 1692480]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-15 136824]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-14 1153368]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-9-15 30192]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-15 10:07:02 -------- d-----w- C:\_OTL
2011-10-15 09:49:59 -------- d-----w- C:\Users\Rik\AppData\Roaming\Malwarebytes
2011-10-15 09:49:53 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-15 09:49:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-15 09:49:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-15 08:33:43 -------- d-----w- C:\Users\Rik\AppData\Local\CrashDumps
2011-10-14 20:14:50 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-10-14 19:44:20 -------- d-----w- C:\ProgramData\NortonInstaller
2011-10-14 19:44:20 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-10-14 17:13:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-14 17:13:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-14 17:11:28 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-14 17:11:28 -------- d-----w- C:\Windows\System32\Wat
2011-10-14 16:33:46 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-14 16:33:46 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-14 16:33:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-14 16:33:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 12:46:07 -------- d-----w- C:\Users\Rik\AppData\Roaming\ZoomBrowser EX
2011-09-29 15:28:05 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-29 11:43:05 -------- d-----w- C:\Users\Rik\AppData\Local\Logitech® Webcam Software
2011-09-29 11:41:05 -------- d-----w- C:\Users\Rik\AppData\Local\LogiShrd
2011-09-29 11:40:18 53248 ----a-r- C:\Users\Rik\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-09-29 11:39:28 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2011-09-27 12:32:51 -------- d-----w- C:\Users\Rik\AppData\Local\ElevatedDiagnostics
2011-09-26 18:42:09 -------- d-----w- C:\Users\Rik\AppData\Local\{6F118BA5-ED7B-4E45-AE08-D1039590FD13}
2011-09-26 18:41:56 -------- d-----w- C:\Users\Rik\AppData\Local\{FEA85AC7-36B3-4AC5-B826-D6BD63E1AF20}
2011-09-26 18:41:56 -------- d-----w- C:\Users\Rik\AppData\Local\{AAC0C122-4518-4D2D-BB90-D1894D4728DB}
2011-09-22 16:07:50 -------- d-----w- C:\Users\Rik\AppData\Local\DDMSettings
2011-09-22 16:00:00 -------- d-----w- C:\Program Files\DivX
2011-09-22 15:59:32 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-09-22 15:55:14 -------- d-----w- C:\Program Files (x86)\DivX
2011-09-22 15:52:43 -------- d-----w- C:\ProgramData\DivX
2011-09-22 05:48:38 -------- d-----w- C:\Users\Rik\AppData\Local\Diagnostics
2011-09-18 18:59:27 -------- d-----w- C:\Users\Rik\AppData\Local\{B2FFB881-8818-41BF-B325-B89C2A74CEC0}
2011-09-18 18:59:16 -------- d-----w- C:\Users\Rik\AppData\Local\{BC6C6058-C599-4447-959D-139A0E065897}
2011-09-18 18:08:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-18 18:03:11 -------- d-----w- C:\Windows\en
2011-09-18 18:00:59 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb79aa241cc762c0a\Silverlight.4.0.exe
2011-09-18 18:00:44 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e2e232a71cc762c05\MeshBetaRemover.exe
2011-09-18 17:59:50 -------- d-----w- C:\Users\Rik\AppData\Local\{4A49D700-CAC0-4E7A-BD2E-FFBB7DACD78E}
2011-09-18 17:59:39 -------- d-----w- C:\Users\Rik\AppData\Local\{EE81B6EA-D3EF-4D5F-92B7-298421EB4942}
2011-09-18 17:51:35 -------- d-----w- C:\Users\Rik\AppData\Local\{44497EEE-AFB9-426D-A6EA-5082B3D36130}
2011-09-18 17:51:24 -------- d-----w- C:\Users\Rik\AppData\Local\{B3066915-C0D8-4DAC-95BB-668E8D4219AE}
2011-09-18 15:25:43 348160 ----a-w- C:\Windows\SysWow64\FlatBtn6.ocx
2011-09-18 15:25:42 348160 ----a-w- C:\Windows\SysWow64\MEnc.ocx
2011-09-18 15:25:42 -------- d-----w- C:\Program Files (x86)\WAV to MP3 Encoder
2011-09-18 11:50:49 -------- d-----w- C:\Users\Rik\AppData\Local\{0848A5B1-5FD3-4B8D-90B7-85028A933D8E}
2011-09-18 09:38:48 -------- d-----w- C:\Users\Rik\AppData\Local\Deployment
2011-09-18 09:38:48 -------- d-----w- C:\Users\Rik\AppData\Local\Apps
2011-09-18 09:24:24 -------- d-----w- C:\Users\Rik\AppData\Local\{FBE3DD31-D8A1-4116-A270-8C5F158D2EFE}
2011-09-18 09:24:13 -------- d-----w- C:\Users\Rik\AppData\Local\{72A1DC87-1FD9-4BE1-A447-EE8A25AC8399}
2011-09-18 09:11:39 -------- d-----w- C:\Users\Rik\AppData\Local\{EC0BDC91-E794-44E4-978A-BB41FCA67795}
2011-09-18 09:11:27 -------- d-----w- C:\Users\Rik\AppData\Local\{67088DA4-35BF-4200-BB82-A77178DFFEDD}
2011-09-17 10:58:51 79872 --sha-r- C:\Windows\SysWow64\msrdc2.dll
2011-09-16 18:38:33 -------- d-----w- C:\Users\Rik\AppData\Local\{F5D21D91-FE2C-4E91-B82D-6D114322D538}
2011-09-16 18:35:44 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-09-16 16:45:21 -------- d-----w- C:\ProgramData\ALM
2011-09-16 16:33:47 -------- d-----w- C:\Users\Rik\Adobe Flash Builder 4
2011-09-16 15:02:46 -------- d-----w- C:\Program Files (x86)\My Company Name
2011-09-16 13:43:53 -------- d-----w- C:\Users\Rik\AppData\Local\{3AC2ADC7-0CBA-4478-8867-C8C47596E1E1}
2011-09-16 13:43:42 -------- d-----w- C:\Users\Rik\AppData\Local\{950F84CE-1AFE-4B3F-9ABF-BA73DEA3E207}
2011-09-16 13:31:21 -------- d-----w- C:\Users\Rik\SyncUP
2011-09-16 09:16:09 -------- d-----w- C:\Users\Rik\AppData\Local\{019203C2-312D-4B9F-A369-4A546AB42B42}
2011-09-16 09:15:57 -------- d-----w- C:\Users\Rik\AppData\Local\{AB0658A5-BC84-4FCE-81F6-3306A1A3D5E0}
2011-09-16 08:38:32 90112 ----a-w- C:\Windows\unvise32.exe
2011-09-16 08:38:31 -------- d-----w- C:\Program Files (x86)\LooksBuilderSE
2011-09-16 08:36:30 -------- d-----w- C:\Program Files (x86)\Common Files\Pinnacle
2011-09-16 08:36:21 -------- d-----w- C:\Users\Rik\AppData\Local\Downloaded Installations
2011-09-16 08:36:01 -------- d-----w- C:\Users\Rik\AppData\Local\Pinnacle
2011-09-16 08:35:55 -------- d-----w- C:\ProgramData\Pinnacle Studio Ultimate Collection
2011-09-16 08:31:47 -------- d-----w- C:\Program Files (x86)\Common Files\Pegasus Imaging
2011-09-16 08:31:45 -------- d-----w- C:\Program Files (x86)\Common Files\Yahoo!
2011-09-16 08:31:44 -------- d-----w- C:\ProgramData\Studio 14
2011-09-16 08:31:44 -------- d-----w- C:\ProgramData\Pinnacle Studio Plus
2011-09-16 08:29:14 -------- d-----w- C:\Program Files (x86)\Pinnacle
2011-09-15 17:03:15 -------- d-----w- C:\Users\Rik\AppData\Local\Adobe
2011-09-15 15:15:10 -------- d-----w- C:\Users\Rik\AppData\Local\{F44433FB-8EF2-46F9-A77E-947DFDE323F6}
2011-09-15 15:14:57 -------- d-----w- C:\Users\Rik\AppData\Local\{B39A0C77-61AA-47A8-B3EC-A92386E359C6}
2011-09-15 14:03:14 -------- d-----w- C:\Users\Rik\AppData\Roaming\PCDr
2011-09-15 14:00:29 -------- d-----w- C:\ProgramData\PCDr
2011-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\AVI MPEG RM WMV Splitter
2011-09-15 11:36:55 -------- d-----w- C:\Program Files (x86)\AVI MPEG RM WMV Joiner
2011-09-15 11:19:28 -------- d-----w- C:\Users\Rik\AppData\Local\{8F7FE633-B601-4BC8-ABEE-83E0AE4A2F06}
2011-09-15 11:19:11 -------- d-----w- C:\Users\Rik\AppData\Local\{387167CC-00C7-41F1-B58F-24E76C898795}
2011-09-15 11:01:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
.
==================== Find3M ====================
.
2011-10-14 19:45:38 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-09-10 04:38:59 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-09-10 04:16:33 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-09-09 20:58:21 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-09 20:57:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-19 08:27:30 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2011-08-19 08:27:30 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2011-08-19 08:27:30 4869024 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2011-08-19 08:27:30 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2011-08-19 08:27:22 263456 ----a-w- C:\Windows\System32\lvco13301394.dll
2011-08-19 08:27:22 176416 ----a-w- C:\Windows\System32\lvcod64.dll
2011-08-19 08:26:50 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2011-08-19 08:26:50 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-08-19 08:26:46 307488 ----a-w- C:\Windows\SysWow64\LVCodec2.dll
2011-08-19 08:26:20 336408 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2011-08-19 08:26:20 336408 ----a-w- C:\Windows\System32\DevManagerCore.dll
2011-08-19 08:26:20 10898456 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2011-08-19 08:26:20 10898456 ----a-w- C:\Windows\System32\LogiDPP.dll
2011-08-19 08:26:20 104472 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2011-08-19 08:26:20 104472 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-12 11:19:40 16920 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll
2011-07-26 05:49:14 38958 ----a-w- C:\Windows\System32\Repository.reg
2011-07-22 20:51:50 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 11:24:20.92 ===============

Edited by Orange Blossom, 15 October 2011 - 01:00 PM.
Deactivated link. ~ OB


BC AdBot (Login to Remove)

 


#2 rikster1x

rikster1x
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 15 October 2011 - 05:42 AM

MBAM Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7951

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15/10/2011 10:53:29
mbam-log-2011-10-15 (10-53-29).txt

Scan type: Quick scan
Objects scanned: 179189
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adware Away v3.0.1_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\adware away (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\adware away (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\AdAway.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\AdAway.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\adwareaway.chm (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\enumautorun.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\EnumDlls.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\EProcess.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\global.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\scanatstartup.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\screenshot.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\unins000.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\unins000.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\program files (x86)\adware away\Update.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\adware away\adware away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\adware away\uninstall.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\adware away\user manual.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.


OTL Txt File Log

OTL logfile created on: 15/10/2011 11:00:28 - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Rik\Documents\Applications
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.98 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.83% Memory free
11.96 Gb Paging File | 9.34 Gb Available in Paging File | 78.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.98 Gb Total Space | 76.84 Gb Free Space | 5.55% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 303.06 Gb Free Space | 32.53% Space Free | Partition Type: NTFS

Computer Name: RIK-PC | User Name: Rik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/15 10:43:36 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Rik\My Documents\Applications\OTL.exe
PRC - [2011/10/02 00:05:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2011/04/29 18:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/10 16:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/11/04 18:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 18:31:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 18:30:49 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 18:30:41 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 18:30:24 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/14 18:28:42 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/14 18:28:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 18:28:37 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/10/14 18:28:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 18:28:34 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2011/10/14 18:28:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 18:28:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 18:28:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 18:28:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 18:28:05 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 18:28:01 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/02 00:05:17 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 20:36:35 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/19 10:26:16 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LvApi11.dll
MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/24 23:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2011/04/29 18:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2011/04/29 18:13:50 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/04/29 18:13:48 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/29 21:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 21:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/09 22:03:49 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/14 20:45:38 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/10 05:38:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/10 05:38:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/20 03:37:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/16 02:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/22 04:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/14 13:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/02/03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/10/14 20:50:47 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20111014.024\EX64.SYS -- (NAVEX15)
DRV - [2011/10/14 20:50:47 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/10/14 20:50:47 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/14 20:50:47 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20111014.024\ENG64.SYS -- (NAVENG)
DRV - [2011/10/13 14:57:40 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111014.031\IDSviA64.sys -- (IDSVia64)
DRV - [2011/09/29 21:38:50 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110929.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Rik\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rik\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rik\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/09/09 22:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/09 22:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/09 22:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/14 20:43:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/16 16:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/22 17:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/10/15 10:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_1_3 [2011/10/15 10:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/02 00:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 17:06:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/14 20:43:58 | 000,000,000 | ---D | M]

[2011/09/14 23:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rik\AppData\Roaming\Mozilla\Extensions
[2011/09/16 10:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/02 00:05:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/03 01:25:08 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/03 01:25:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/03 01:25:08 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/03 01:25:08 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rik\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rik\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rik\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Bing Bar (Disabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rik\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/18 12:45:08 | 000,001,906 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Rik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C3E1FFC-C02E-472A-BDB1-C2D9D9C2657B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) -C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 10:49:59 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\Malwarebytes
[2011/10/15 10:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/15 10:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/15 10:49:50 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/15 10:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/15 09:33:43 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\CrashDumps
[2011/10/14 21:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/10/14 20:46:09 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\Symantec
[2011/10/14 20:45:38 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/14 20:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/14 20:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/14 20:45:31 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA64.sys
[2011/10/14 20:45:31 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys
[2011/10/14 20:45:31 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS64.sys
[2011/10/14 20:45:31 | 000,386,168 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys
[2011/10/14 20:45:31 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.sys
[2011/10/14 20:45:31 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys
[2011/10/14 20:45:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011/10/14 20:45:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D
[2011/10/14 20:45:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/10/14 20:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/10/14 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/14 20:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/14 20:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/10/14 18:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/14 18:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/14 18:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/14 18:11:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/10/14 18:11:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/10/14 17:34:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/14 17:34:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/14 17:34:51 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/14 17:34:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/14 17:34:50 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/14 17:34:50 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/14 17:34:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/14 17:34:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/14 17:34:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/14 17:34:18 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/14 17:34:18 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/14 17:34:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/14 17:34:17 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/14 17:33:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/14 17:33:43 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/14 08:59:21 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\My Webs
[2011/10/13 13:46:07 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\ZoomBrowser EX
[2011/10/05 06:22:50 | 000,000,000 | ---D | C] -- C:\Users\Rik\Desktop\New folder (2)
[2011/09/29 16:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2011/09/29 12:43:05 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\Logitech® Webcam Software
[2011/09/29 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\skypePM
[2011/09/29 12:41:21 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\Skype
[2011/09/29 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\SightSpeed Recordings
[2011/09/29 12:41:05 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\LogiShrd
[2011/09/29 12:40:18 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\Leadertech
[2011/09/29 12:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/09/29 12:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2011/09/29 12:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/09/29 12:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011/09/29 12:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2011/09/29 12:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2011/09/27 20:37:57 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\HPAppData
[2011/09/27 13:32:51 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\ElevatedDiagnostics
[2011/09/26 19:42:09 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{6F118BA5-ED7B-4E45-AE08-D1039590FD13}
[2011/09/26 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{FEA85AC7-36B3-4AC5-B826-D6BD63E1AF20}
[2011/09/26 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{AAC0C122-4518-4D2D-BB90-D1894D4728DB}
[2011/09/22 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\DivX
[2011/09/22 17:07:50 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\DDMSettings
[2011/09/22 17:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/09/22 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/09/22 16:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/09/22 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/09/22 16:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/09/22 06:48:38 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\Diagnostics
[2011/09/18 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{B2FFB881-8818-41BF-B325-B89C2A74CEC0}
[2011/09/18 19:59:16 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{BC6C6058-C599-4447-959D-139A0E065897}
[2011/09/18 19:08:28 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/18 19:03:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/18 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/18 18:59:50 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{4A49D700-CAC0-4E7A-BD2E-FFBB7DACD78E}
[2011/09/18 18:59:39 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{EE81B6EA-D3EF-4D5F-92B7-298421EB4942}
[2011/09/18 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{44497EEE-AFB9-426D-A6EA-5082B3D36130}
[2011/09/18 18:51:24 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{B3066915-C0D8-4DAC-95BB-668E8D4219AE}
[2011/09/18 16:25:43 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\Windows\SysWow64\FlatBtn6.ocx
[2011/09/18 16:25:43 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WAV to MP3 Encoder
[2011/09/18 16:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV to MP3 Encoder
[2011/09/18 16:25:42 | 000,348,160 | ---- | C] (DGP) -- C:\Windows\SysWow64\MEnc.ocx
[2011/09/18 16:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WAV to MP3 Encoder
[2011/09/18 12:50:49 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{0848A5B1-5FD3-4B8D-90B7-85028A933D8E}
[2011/09/18 10:39:31 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/18 10:38:48 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\Deployment
[2011/09/18 10:38:48 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\Apps
[2011/09/18 10:24:24 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{FBE3DD31-D8A1-4116-A270-8C5F158D2EFE}
[2011/09/18 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{72A1DC87-1FD9-4BE1-A447-EE8A25AC8399}
[2011/09/18 10:11:39 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{EC0BDC91-E794-44E4-978A-BB41FCA67795}
[2011/09/18 10:11:27 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{67088DA4-35BF-4200-BB82-A77178DFFEDD}
[2011/09/16 19:38:33 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{F5D21D91-FE2C-4E91-B82D-6D114322D538}
[2011/09/16 19:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/09/16 17:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/09/16 17:33:47 | 000,000,000 | ---D | C] -- C:\Users\Rik\Adobe Flash Builder 4
[2011/09/16 17:28:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2011/09/16 16:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/09/16 15:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/16 15:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/09/16 15:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011/09/16 14:43:53 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{3AC2ADC7-0CBA-4478-8867-C8C47596E1E1}
[2011/09/16 14:43:42 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{950F84CE-1AFE-4B3F-9ABF-BA73DEA3E207}
[2011/09/16 14:31:21 | 000,000,000 | ---D | C] -- C:\Users\Rik\SyncUP
[2011/09/16 10:43:50 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\EFN Logo and Watermark
[2011/09/16 10:16:09 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{019203C2-312D-4B9F-A369-4A546AB42B42}
[2011/09/16 10:15:57 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{AB0658A5-BC84-4FCE-81F6-3306A1A3D5E0}
[2011/09/16 09:52:25 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\Pinnacle Studio
[2011/09/16 09:38:32 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011/09/16 09:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio Plugins
[2011/09/16 09:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilderSE
[2011/09/16 09:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle
[2011/09/16 09:36:21 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\Downloaded Installations
[2011/09/16 09:36:01 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\Pinnacle
[2011/09/16 09:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2011/09/16 09:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
[2011/09/16 09:34:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2011/09/16 09:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging
[2011/09/16 09:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2011/09/16 09:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14
[2011/09/16 09:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2011/09/16 09:31:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2011/09/16 09:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2011/09/16 09:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2011/09/15 18:58:02 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\WinRAR
[2011/09/15 18:58:02 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/15 18:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/15 18:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/09/15 18:03:15 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\Adobe
[2011/09/15 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\Rik\Desktop\Transfer Convert
[2011/09/15 17:15:35 | 000,000,000 | R--D | C] -- C:\Users\Rik\Desktop\Tracks
[2011/09/15 16:50:31 | 000,000,000 | ---D | C] -- C:\Users\Rik\Desktop\P
[2011/09/15 16:36:52 | 000,000,000 | R--D | C] -- C:\Users\Rik\Desktop\New Folder
[2011/09/15 16:36:20 | 000,000,000 | ---D | C] -- C:\Users\Rik\Desktop\Convert
[2011/09/15 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{F44433FB-8EF2-46F9-A77E-947DFDE323F6}
[2011/09/15 16:14:57 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{B39A0C77-61AA-47A8-B3EC-A92386E359C6}
[2011/09/15 15:33:16 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\Rik's Models
[2011/09/15 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\PST
[2011/09/15 15:33:05 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\Princess
[2011/09/15 15:33:04 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Kerry George
[2011/09/15 15:32:39 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Immortal Images 2008 V3 - Non N
[2011/09/15 15:32:19 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Immortal Images 2008 V2
[2011/09/15 15:32:04 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Escapefromnowhere 4
[2011/09/15 15:31:55 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Escapefromnowhere 3
[2011/09/15 15:31:36 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Escapefromnowhere 2
[2011/09/15 15:31:13 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Escapefromnowhere
[2011/09/15 15:30:44 | 000,000,000 | --SD | C] -- C:\Users\Rik\Documents\Escape From Nowhere 2008 Photo
[2011/09/15 15:03:14 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Roaming\PCDr
[2011/09/15 15:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2011/09/15 14:54:19 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\EFN V
[2011/09/15 12:59:54 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\EFN Pics
[2011/09/15 12:59:28 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\EFN 2010
[2011/09/15 12:48:12 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\Rik's Websites
[2011/09/15 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Rik\Documents\Website Archive
[2011/09/15 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/09/15 12:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVI MPEG RM WMV Splitter
[2011/09/15 12:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVI MPEG RM WMV Joiner
[2011/09/15 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{8F7FE633-B601-4BC8-ABEE-83E0AE4A2F06}
[2011/09/15 12:19:11 | 000,000,000 | ---D | C] -- C:\Users\Rik\AppData\Local\{387167CC-00C7-41F1-B58F-24E76C898795}
[2011/09/15 12:08:37 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\Rik\Documents\cnet_tweakslogon_zip.exe
[2011/09/15 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

========== Files - Modified Within 30 Days ==========

[2011/10/15 11:02:57 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 11:02:57 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 10:54:58 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\fcksp.job
[2011/10/15 10:54:57 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/15 10:54:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/15 10:54:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/10/15 10:54:48 | 523,063,295 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 10:49:53 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/15 10:44:37 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-100396752-4058879988-3885769057-1001UA.job
[2011/10/15 10:44:37 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-100396752-4058879988-3885769057-1001Core.job
[2011/10/15 10:33:53 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/15 10:33:53 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/15 10:33:53 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/14 20:45:41 | 001,426,626 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/10/14 20:45:38 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/14 20:45:38 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/14 20:45:38 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/14 18:13:39 | 000,001,284 | ---- | M] () -- C:\Users\Rik\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/14 17:48:46 | 004,968,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 04:40:01 | 000,001,110 | ---- | M] () -- C:\Users\Rik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/09/29 12:42:57 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/09/27 20:36:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/26 19:36:29 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/18 17:51:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/18 12:45:08 | 000,001,906 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/18 10:44:00 | 000,001,135 | ---- | M] () -- C:\Users\Rik\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/09/17 11:58:51 | 000,079,872 | RHS- | M] () -- C:\Windows\SysWow64\msrdc2.dll
[2011/09/16 19:50:35 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/09/16 09:34:48 | 000,001,220 | ---- | M] () -- C:\Users\Rik\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2011/09/15 12:08:38 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Users\Rik\Documents\cnet_tweakslogon_zip.exe
[2011/09/15 12:05:01 | 000,763,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2011/10/15 10:49:53 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 20:45:39 | 001,426,626 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/10/14 20:45:38 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/14 20:45:38 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/14 20:45:31 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS64.cat
[2011/10/14 20:45:28 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA.inf
[2011/10/14 20:45:28 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS.inf
[2011/10/14 20:45:28 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymNet.inf
[2011/10/14 20:45:28 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.inf
[2011/10/14 20:45:28 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.inf
[2011/10/14 20:45:28 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Iron.inf
[2011/10/14 20:45:24 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.cat
[2011/10/14 20:45:24 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.cat
[2011/10/14 20:45:24 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA64.cat
[2011/10/14 20:45:24 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet64.cat
[2011/10/14 20:45:24 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.cat
[2011/10/14 20:45:24 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011/10/14 18:13:39 | 000,001,284 | ---- | C] () -- C:\Users\Rik\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/13 04:40:01 | 000,001,110 | ---- | C] () -- C:\Users\Rik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/09/29 12:42:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/29 12:04:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/09/18 17:51:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/09/18 12:54:04 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4 64-bit.lnk
[2011/09/18 10:39:04 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-100396752-4058879988-3885769057-1001UA.job
[2011/09/18 10:39:03 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-100396752-4058879988-3885769057-1001Core.job
[2011/09/17 11:58:51 | 000,079,872 | RHS- | C] () -- C:\Windows\SysWow64\msrdc2.dll
[2011/09/17 11:58:51 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\fcksp.job
[2011/09/16 15:56:50 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/09/16 10:25:38 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/16 09:34:48 | 000,001,220 | ---- | C] () -- C:\Users\Rik\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2011/09/16 09:30:16 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/09/15 17:18:00 | 001,437,175 | ---- | C] () -- C:\Users\Rik\Documents\luxs2010PL.pdf
[2011/09/15 17:17:44 | 049,821,633 | ---- | C] () -- C:\Users\Rik\Documents\EOS_System_2nd_Edition-p8505-c3841-en_EU-1300111663.pdf
[2011/09/15 12:38:38 | 009,624,937 | ---- | C] () -- C:\Users\Rik\Documents\steepletone%20catalogue%20v5.pdf
[2011/09/15 12:38:38 | 008,471,915 | ---- | C] () -- C:\Users\Rik\Documents\Simple Lighting Techniques for Portrait Photographers.pdf
[2011/09/15 12:38:38 | 001,612,191 | ---- | C] () -- C:\Users\Rik\Documents\scan of electrical and gas test.jpg
[2011/09/15 12:38:38 | 001,458,948 | ---- | C] () -- C:\Users\Rik\Documents\scan.jpg
[2011/09/15 12:38:38 | 000,168,114 | ---- | C] () -- C:\Users\Rik\Documents\Speakers manual_2.pdf
[2011/09/15 12:38:37 | 000,168,114 | ---- | C] () -- C:\Users\Rik\Documents\manual_2.pdf
[2011/09/15 12:38:37 | 000,050,408 | ---- | C] () -- C:\Users\Rik\Documents\p87.pdf
[2011/09/15 12:38:37 | 000,046,961 | ---- | C] () -- C:\Users\Rik\Documents\P11D 2011.pdf
[2011/09/15 12:38:37 | 000,040,240 | ---- | C] () -- C:\Users\Rik\Documents\SAMPLE_Model_Release_-_English_-_Dec_2008.pdf
[2011/09/15 12:38:37 | 000,022,783 | ---- | C] () -- C:\Users\Rik\Documents\NoClocks.zip
[2011/09/15 12:38:37 | 000,003,660 | ---- | C] () -- C:\Users\Rik\Documents\Owner2.jpg
[2011/09/15 12:38:29 | 842,946,678 | ---- | C] () -- C:\Users\Rik\Documents\Image.nrg
[2011/09/15 12:38:28 | 005,777,819 | ---- | C] () -- C:\Users\Rik\Documents\CS_Catalogue_UK2010.pdf
[2011/09/15 12:38:28 | 001,498,840 | ---- | C] () -- C:\Users\Rik\Documents\2010%20owners%20maual%20for%20print%20english%20french%20german.pdf
[2011/09/15 12:38:28 | 000,151,293 | ---- | C] () -- C:\Users\Rik\Documents\Dental Claim Form.pdf
[2011/09/15 12:38:28 | 000,000,000 | -H-- | C] () -- C:\Users\Rik\Documents\Default.rdp
[2011/09/14 20:38:33 | 000,206,464 | ---- | C] () -- C:\Windows\hpoins49.dat
[2011/09/14 20:25:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/09/14 20:15:45 | 000,004,820 | ---- | C] () -- C:\Windows\CAMUNWISE.INI
[2011/09/14 20:11:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\Wh2Robo.dll
[2011/09/14 20:05:35 | 000,000,048 | ---- | C] () -- C:\Windows\winfile.ini
[2011/09/09 22:04:21 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/09/09 22:04:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/09/09 22:04:21 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/09/09 22:04:21 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/09/09 22:04:21 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/02/10 17:10:51 | 000,763,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/23 09:51:58 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/10 05:40:56 | 000,025,667 | RH-- | M] () -- C:\dell.sdr
[2011/10/15 10:54:48 | 523,063,295 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/29 10:06:57 | 000,000,160 | ---- | M] () -- C:\log.txt
[2011/10/15 10:54:49 | 2129,076,223 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


If you need further logs please do let me know! Many, Many thanks in advance for any assiatnce you can offer!

Regards

Rikster

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 20 October 2011 - 05:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423588 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 25 October 2011 - 05:45 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users