Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow computer, issues opening word, adobe, excel


  • This topic is locked This topic is locked
23 replies to this topic

#1 Munchkin2

Munchkin2

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 18 October 2012 - 06:24 PM

Hi there,

After some of your wonderful help please.

Computer has been getting slower and slower, now have issues opening word and excel files from outlook, as well as adobe files, they open but take at least 2 minutes to think about it. Constantly getting the "Not responding" message. Also Bluetooth now not working either. Not sure if it is anything malicious, but am not sure what to do next.

Running Vista,and Office 2010.

Tried to run DDS.com, would run then started processing, but then would shut the software down. No files generated.

Ran GMER, and have pasted results from that file below.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-19 08:43:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\Users\~1\AppData\Local\Temp\fxldypow.sys


---- System - GMER 1.0.15 ----

SSDT 95F82A60 ZwAlertResumeThread
SSDT 95F82B40 ZwAlertThread
SSDT 95FA5450 ZwAllocateVirtualMemory
SSDT 94FB8DA8 ZwAlpcConnectPort
SSDT 95F88978 ZwAssignProcessToJobObject
SSDT 95FAF008 ZwCreateMutant
SSDT 96BF9550 ZwCreateSymbolicLinkObject
SSDT 9BF91330 ZwCreateThread
SSDT 94FC4A10 ZwDebugActiveProcess
SSDT 95FA55E0 ZwDuplicateObject
SSDT 95FA5268 ZwFreeVirtualMemory
SSDT 95F828A0 ZwImpersonateAnonymousToken
SSDT 95F82980 ZwImpersonateThread
SSDT 94FB8D30 ZwLoadDriver
SSDT 95FA5188 ZwMapViewOfSection
SSDT 95FAFF48 ZwOpenEvent
SSDT 95FA5780 ZwOpenProcess
SSDT 95FA5520 ZwOpenProcessToken
SSDT 95FAFD88 ZwOpenSection
SSDT 95FA56B0 ZwOpenThread
SSDT 95FAF1E0 ZwProtectVirtualMemory
SSDT 95F82C20 ZwResumeThread
SSDT 95F82EC0 ZwSetContextThread
SSDT 95F82F80 ZwSetInformationProcess
SSDT 9BF91488 ZwSetSystemInformation
SSDT 95FAFE68 ZwSuspendProcess
SSDT 95F82D00 ZwSuspendThread
SSDT 9BF91410 ZwTerminateProcess
SSDT 95F82DE0 ZwTerminateThread
SSDT 95FA50C8 ZwUnmapViewOfSection
SSDT 95FA5338 ZwWriteVirtualMemory
SSDT 96BF96C8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 824B27E0 8 Bytes [60, 2A, F8, 95, 40, 2B, F8, ...] {PUSHA ; SUB BH, AL; XCHG EBP, EAX; INC EAX; SUB EDI, EAX; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 131 824B27F4 4 Bytes [50, 54, FA, 95] {PUSH EAX; PUSH ESP; CLI ; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 824B2800 4 Bytes [A8, 8D, FB, 94] {TEST AL, 0x8d; STI ; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 191 824B2854 4 Bytes [78, 89, F8, 95] {JS 0xffffffffffffff8b; CLC ; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1F5 824B28B8 4 Bytes [08, F0, FA, 95] {OR AL, DH; CLI ; XCHG EBP, EAX}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4340] kernel32.dll!CreateThread 7707CB2E 5 Bytes JMP 67C975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!CreateDialogParamW 76EE72A2 5 Bytes JMP 67E29398 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!GetAsyncKeyState 76EE863C 5 Bytes JMP 67C7DECD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!SetWindowsHookExW 76EE87AD 5 Bytes JMP 67CD25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!CallNextHookEx 76EE8E3B 5 Bytes JMP 67CF7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!UnhookWindowsHookEx 76EE98DB 5 Bytes JMP 67D1ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!EnableWindow 76EECD8B 5 Bytes JMP 67CD9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!DefWindowProcA 76EEDB88 7 Bytes JMP 67C9980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!CreateWindowExA 76EEDC2A 5 Bytes JMP 67CA3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!CreateWindowExW 76EF1305 5 Bytes JMP 67D003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!GetKeyState 76EF8CB1 5 Bytes JMP 67C7DDA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!DefWindowProcW 76F003B4 7 Bytes JMP 67CF8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!IsDialogMessageW 76F00745 5 Bytes JMP 67E29AF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!CreateDialogParamA 76F017AA 5 Bytes JMP 67E29360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!IsDialogMessage 76F01847 5 Bytes JMP 67E29ACA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!CreateDialogIndirectParamA 76F026F1 5 Bytes JMP 67E293D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!CreateDialogIndirectParamW 76F09A62 5 Bytes JMP 67E29408 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!SetKeyboardState 76F10987 5 Bytes JMP 67E2A3E5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!DialogBoxParamW 76F110B0 5 Bytes JMP 67C31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!DialogBoxIndirectParamW 76F12EF5 5 Bytes JMP 67E2902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!SendInput 76F12F75 5 Bytes JMP 67E2A38D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!EndDialog 76F1326E 5 Bytes JMP 67E29D9E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!SetCursorPos 76F26FB2 5 Bytes JMP 67E2A466 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!DialogBoxParamA 76F28152 5 Bytes JMP 67E28FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!DialogBoxIndirectParamA 76F2847D 5 Bytes JMP 67E29093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!MessageBoxIndirectA 76F3D4D9 5 Bytes JMP 67E28F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!MessageBoxIndirectW 76F3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!MessageBoxIndirectW 76F3D5D3 5 Bytes JMP 67E28ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!MessageBoxExA 76F3D639 5 Bytes JMP 67E28E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!MessageBoxExW 76F3D65D 5 Bytes JMP 67E28E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] USER32.dll!keybd_event 76F3D972 5 Bytes JMP 67E2A34A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] SHELL32.dll!SHRestricted + D95 760F89A8 4 Bytes [CF, 01, 46, 66] {IRET ; ADD [ESI+0x66], EAX}
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] SHELL32.dll!SHRestricted + D9D 760F89B0 8 Bytes [E0, 61, 45, 66, 79, F7, 45, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4340] ole32.dll!OleLoadFromStream 76BC1E80 5 Bytes JMP 67E297FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!EnableWindow 76EECD8B 5 Bytes JMP 67CD9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxParamW 76F110B0 5 Bytes JMP 67C31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxIndirectParamW 76F12EF5 5 Bytes JMP 67E2902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxParamA 76F28152 5 Bytes JMP 67E28FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxIndirectParamA 76F2847D 5 Bytes JMP 67E29093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxIndirectA 76F3D4D9 5 Bytes JMP 67E28F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxIndirectW 76F3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxIndirectW 76F3D5D3 5 Bytes JMP 67E28ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxExA 76F3D639 5 Bytes JMP 67E28E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxExW 76F3D65D 5 Bytes JMP 67E28E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] kernel32.dll!CreateThread 7707CB2E 5 Bytes JMP 67C975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!CreateDialogParamW 76EE72A2 5 Bytes JMP 67E29398 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!GetAsyncKeyState 76EE863C 5 Bytes JMP 67C7DECD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!SetWindowsHookExW 76EE87AD 5 Bytes JMP 67CD25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!CallNextHookEx 76EE8E3B 5 Bytes JMP 67CF7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!UnhookWindowsHookEx 76EE98DB 5 Bytes JMP 67D1ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!EnableWindow 76EECD8B 5 Bytes JMP 67CD9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!DefWindowProcA 76EEDB88 7 Bytes JMP 67C9980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!CreateWindowExA 76EEDC2A 5 Bytes JMP 67CA3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!CreateWindowExW 76EF1305 5 Bytes JMP 67D003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!GetKeyState 76EF8CB1 5 Bytes JMP 67C7DDA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!DefWindowProcW 76F003B4 7 Bytes JMP 67CF8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!IsDialogMessageW 76F00745 5 Bytes JMP 67E29AF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!CreateDialogParamA 76F017AA 5 Bytes JMP 67E29360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!IsDialogMessage 76F01847 5 Bytes JMP 67E29ACA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!CreateDialogIndirectParamA 76F026F1 5 Bytes JMP 67E293D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!CreateDialogIndirectParamW 76F09A62 5 Bytes JMP 67E29408 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!SetKeyboardState 76F10987 5 Bytes JMP 67E2A3E5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!DialogBoxParamW 76F110B0 5 Bytes JMP 67C31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!DialogBoxIndirectParamW 76F12EF5 5 Bytes JMP 67E2902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!SendInput 76F12F75 5 Bytes JMP 67E2A38D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!EndDialog 76F1326E 5 Bytes JMP 67E29D9E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!SetCursorPos 76F26FB2 5 Bytes JMP 67E2A466 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!DialogBoxParamA 76F28152 5 Bytes JMP 67E28FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!DialogBoxIndirectParamA 76F2847D 5 Bytes JMP 67E29093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!MessageBoxIndirectA 76F3D4D9 5 Bytes JMP 67E28F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!MessageBoxIndirectW 76F3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!MessageBoxIndirectW 76F3D5D3 5 Bytes JMP 67E28ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!MessageBoxExA 76F3D639 5 Bytes JMP 67E28E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!MessageBoxExW 76F3D65D 5 Bytes JMP 67E28E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] USER32.dll!keybd_event 76F3D972 5 Bytes JMP 67E2A34A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] SHELL32.dll!SHRestricted + D95 760F89A8 4 Bytes [CF, 01, 46, 66] {IRET ; ADD [ESI+0x66], EAX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] SHELL32.dll!SHRestricted + D9D 760F89B0 8 Bytes [E0, 61, 45, 66, 79, F7, 45, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5272] ole32.dll!OleLoadFromStream 76BC1E80 5 Bytes JMP 67E297FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] kernel32.dll!CreateThread 7707CB2E 5 Bytes JMP 67C975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CreateDialogParamW 76EE72A2 5 Bytes JMP 67E29398 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!GetAsyncKeyState 76EE863C 5 Bytes JMP 67C7DECD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!SetWindowsHookExW 76EE87AD 5 Bytes JMP 67CD25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CallNextHookEx 76EE8E3B 5 Bytes JMP 67CF7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!UnhookWindowsHookEx 76EE98DB 5 Bytes JMP 67D1ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!EnableWindow 76EECD8B 5 Bytes JMP 67CD9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DefWindowProcA 76EEDB88 7 Bytes JMP 67C9980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CreateWindowExA 76EEDC2A 5 Bytes JMP 67CA3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CreateWindowExW 76EF1305 5 Bytes JMP 67D003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!GetKeyState 76EF8CB1 5 Bytes JMP 67C7DDA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DefWindowProcW 76F003B4 7 Bytes JMP 67CF8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!IsDialogMessageW 76F00745 5 Bytes JMP 67E29AF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CreateDialogParamA 76F017AA 5 Bytes JMP 67E29360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!IsDialogMessage 76F01847 5 Bytes JMP 67E29ACA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CreateDialogIndirectParamA 76F026F1 5 Bytes JMP 67E293D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!CreateDialogIndirectParamW 76F09A62 5 Bytes JMP 67E29408 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!SetKeyboardState 76F10987 5 Bytes JMP 67E2A3E5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxParamW 76F110B0 5 Bytes JMP 67C31893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxIndirectParamW 76F12EF5 5 Bytes JMP 67E2902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!SendInput 76F12F75 5 Bytes JMP 67E2A38D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!EndDialog 76F1326E 5 Bytes JMP 67E29D9E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!SetCursorPos 76F26FB2 5 Bytes JMP 67E2A466 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxParamA 76F28152 5 Bytes JMP 67E28FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!DialogBoxIndirectParamA 76F2847D 5 Bytes JMP 67E29093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxIndirectA 76F3D4D9 5 Bytes JMP 67E28F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxIndirectW 76F3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxIndirectW 76F3D5D3 5 Bytes JMP 67E28ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxExA 76F3D639 5 Bytes JMP 67E28E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!MessageBoxExW 76F3D65D 5 Bytes JMP 67E28E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] USER32.dll!keybd_event 76F3D972 5 Bytes JMP 67E2A34A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] SHELL32.dll!SHRestricted + D95 760F89A8 4 Bytes [CF, 01, 46, 66] {IRET ; ADD [ESI+0x66], EAX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] SHELL32.dll!SHRestricted + D9D 760F89B0 8 Bytes [E0, 61, 45, 66, 79, F7, 45, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5444] ole32.dll!OleLoadFromStream 76BC1E80 5 Bytes JMP 67E297FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@0012d1226cd8 0xC1 0x70 0x92 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@001fdfb42470 0xAD 0x6F 0x55 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@20f3a3df6d45 0x81 0x6E 0x65 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5537
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@0012d1226cd8 0xC1 0x70 0x92 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@001fdfb42470 0xAD 0x6F 0x55 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@20f3a3df6d45 0x81 0x6E 0x65 0x40 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xDC 0x00 0x79 0xCA ...

---- EOF - GMER 1.0.15 ----

Edited by Munchkin2, 18 October 2012 - 06:27 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:44 PM

Posted 21 October 2012 - 08:52 AM

Hello and welcome to BleepingComputer! :)



I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature).
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from http://download.bleepingcomputer.com/sUBs/dds.com'>here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 21 October 2012 - 10:46 PM

Hi Elle

thanks so much for helping me. I have tried again to generate the DDS.com files but it gets to generating Attach.txt, then closes the program, i can never get a report to generate. not sure if i am missing a script blocker or not?

Will rerun the GMER report, however, last time i did it it took about 5 hours, will set it going again.

Cheers

Munchkin

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:44 PM

Posted 22 October 2012 - 01:41 PM

Hi there,



We will wait for the GMER log. :)



Can you get the Attach.txt log?





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 22 October 2012 - 02:34 PM

Here is the GMER log.

The only changes made since requesting help is i updated Norton 360 from version 6 to version 20, the latest.

I still cannot generate the dds files, either of them. Have tried them separately but it just keeps shutting the program down.

What do you want me to try next?

Cheers



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-23 08:28:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\Users\M&M~1\AppData\Local\Temp\fxldypow.sys


---- System - GMER 1.0.15 ----

SSDT 95798278 ZwAlertResumeThread
SSDT 95798358 ZwAlertThread
SSDT 95798C90 ZwAllocateVirtualMemory
SSDT 8F1E3860 ZwAlpcConnectPort
SSDT 95DE4878 ZwAssignProcessToJobObject
SSDT 95DE4E20 ZwCreateMutant
SSDT 95DE4598 ZwCreateSymbolicLinkObject
SSDT 95DF5480 ZwCreateThread
SSDT 95DE4958 ZwDebugActiveProcess
SSDT 95798E20 ZwDuplicateObject
SSDT 95798A88 ZwFreeVirtualMemory
SSDT 95DE4F10 ZwImpersonateAnonymousToken
SSDT 95DE4FD0 ZwImpersonateThread
SSDT 8F1E37C8 ZwLoadDriver
SSDT 95798988 ZwMapViewOfSection
SSDT 95DE4D40 ZwOpenEvent
SSDT 95798FC0 ZwOpenProcess
SSDT 95798D60 ZwOpenProcessToken
SSDT 95DE4B80 ZwOpenSection
SSDT 95798EF0 ZwOpenThread
SSDT 95DE4788 ZwProtectVirtualMemory
SSDT 95798438 ZwResumeThread
SSDT 957986D8 ZwSetContextThread
SSDT 957987B8 ZwSetInformationProcess
SSDT 95DE4A38 ZwSetSystemInformation
SSDT 95DE4C60 ZwSuspendProcess
SSDT 95798518 ZwSuspendThread
SSDT 95DF5560 ZwTerminateProcess
SSDT 957985F8 ZwTerminateThread
SSDT 957988A8 ZwUnmapViewOfSection
SSDT 95798B78 ZwWriteVirtualMemory
SSDT 95DE4688 ZwCreateThreadEx

Code 8282532C TmInitSystem

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 824F27E0 8 Bytes [78, 82, 79, 95, 58, 83, 79, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 824F27F4 4 Bytes [90, 8C, 79, 95]
.text ntkrnlpa.exe!KeSetEvent + 13D 824F2800 4 Bytes [60, 38, 1E, 8F]
.text ntkrnlpa.exe!KeSetEvent + 191 824F2854 4 Bytes [78, 48, DE, 95]
.text ntkrnlpa.exe!KeSetEvent + 1F5 824F28B8 4 Bytes [20, 4E, DE, 95] {AND [ESI-0x22], CL; XCHG EBP, EAX}
.text ...
.text ntdll.dll!NtTerminateThread 77B25374 5 Bytes [E9, D3, AC, 4F, 88] {JMP 0xffffffff884facd8}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00260930
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00260768
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00260210
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 002605A0
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0026012C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0026084C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 002603D8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00260048
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00260684
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 002604BC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 002602F4
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[308] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [E7, 89, EB, F9] {OUT 0x89, EAX; JMP 0xfffffffffffffffd}
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00160768
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00160210
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 001605A0
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0016012C
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0016084C
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 001603D8
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00160048
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00160684
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 001604BC
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 001602F4
.text C:\EJay\AudioStation 2004\astnscsi.exe[656] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [D7, 89, EB, F9] {XLATB ; MOV EBX, EBP; STC }
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00160930
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00160768
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00160210
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 001605A0
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0016012C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0016084C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 001603D8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00160048
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00160684
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 001604BC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 001602F4
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[896] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [D7, 89, EB, F9] {XLATB ; MOV EBX, EBP; STC }
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00B40768
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00B40210
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 00B405A0
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 00B4012C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 00B4084C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 00B403D8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00B40048
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00B40684
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 00B404BC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 00B402F4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [75, 8A, EB, F9] {JNZ 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1952] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00B40930
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00180930
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00180768
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00180210
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 001805A0
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0018012C
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0018084C
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 001803D8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00180048
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00180684
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 001804BC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 001802F4
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [D9, 89, EB, F9]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00160768
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00160210
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 001605A0
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0016012C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0016084C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 001603D8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00160048
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00160684
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 001604BC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 001602F4
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [D7, 89, EB, F9] {XLATB ; MOV EBX, EBP; STC }
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2720] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00160930
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0007004C
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00090AF4
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00090768
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00090210
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 000905A0
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0009012C
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0009084C
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 000903D8
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00090048
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00090684
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 000904BC
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 000902F4
.text C:\Program Files\Citrix\ICA Client\concentr.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [CA, 89, EB, F9] {RETF 0xeb89; STC }
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 001F004C
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00210AF4
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00210768
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00210210
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 002105A0
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0021012C
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0021084C
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 002103D8
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00210048
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00210684
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 002104BC
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 002102F4
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [E2, 89, EB, F9] {LOOP 0xffffffffffffff8b; JMP 0xfffffffffffffffd}
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00160768
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00160210
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 001605A0
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0016012C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0016084C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 001603D8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00160048
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00160684
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 001604BC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 001602F4
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [D7, 89, EB, F9] {XLATB ; MOV EBX, EBP; STC }
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2880] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00160930
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00070AF4
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00070768
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00070210
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 000705A0
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0007012C
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0007084C
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 000703D8
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00070048
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00070684
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 000704BC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 000702F4
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [C8, 89, EB, F9] {ENTER 0xeb89, 0xf9}
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00170768
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00170210
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 001705A0
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0017012C
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0017084C
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 001703D8
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00170048
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00170684
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 001704BC
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 001702F4
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [D8, 89, EB, F9]
.text C:\Users\MEL&MU~1\AppData\Local\Temp\Rar$EX00.477\gmer.exe[4924] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00170930
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ntdll.dll!NtTerminateThread 77B25374 5 Bytes JMP 0002004C
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] USER32.dll!RecordShutdownReason + 36A 7671B7BE 7 Bytes JMP 00130930
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!OpenSCManagerA + 125 76382EB8 7 Bytes JMP 00130768
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!CloseServiceHandle + AA 7638834F 7 Bytes JMP 00130210
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!AreAllAccessesGranted + 3FD 763A9EAF 7 Bytes JMP 001305A0
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!CreateServiceW + FF 763A9FB3 7 Bytes JMP 0013012C
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!ControlService + C1 763AA079 7 Bytes JMP 0013084C
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!I_ScGetCurrentGroupStateW + 8F 763E6629 7 Bytes JMP 001303D8
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!ControlServiceExA + 10E 763E673C 7 Bytes JMP 00130048
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!SetServiceObjectSecurity + FB 763E6DD4 7 Bytes JMP 00130684
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!ChangeServiceConfigA + 1A3 763E6F7C 7 Bytes JMP 001304BC
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!ChangeServiceConfig2W + BB 763E729C 2 Bytes JMP 001302F4
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe[5860] ADVAPI32.dll!ChangeServiceConfig2W + BE 763E729F 4 Bytes [D4, 89, EB, F9] {AAM 0x89; JMP 0xfffffffffffffffd}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:492] 9C83F26E
Thread System [4:500] 9C8EB658
Thread System [4:504] 9C953226

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@0012d1226cd8 0xC1 0x70 0x92 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@001fdfb42470 0xAD 0x6F 0x55 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@20f3a3df6d45 0x81 0x6E 0x65 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@0012d1226cd8 0xC1 0x70 0x92 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@001fdfb42470 0xAD 0x6F 0x55 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1dce9b3@20f3a3df6d45 0x81 0x6E 0x65 0x40 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xFB 0x08 0xB9 0x3B ...

---- EOF - GMER 1.0.15 ----

#6 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 23 October 2012 - 09:29 PM

Hello

Just checking in again to find out what i need to do next please.

Cheers

#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:44 PM

Posted 24 October 2012 - 05:16 AM

Hi there,



Firstly, have you tried running DDS in Safe Mode?

This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Tell us if you were successful or not and if you did, please post the logs.






Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 24 October 2012 - 04:43 PM

Hi there

No no luck there either, it does the same thing, just says generating, and then shuts the program down.

Is there another software i can try that gives the same result?

#9 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 24 October 2012 - 10:48 PM

Hi there

have pasted below a hjt report not sure if this will be of any help>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:57 p.m., on 25/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.nz/ig/dell?hl=en&client=dell-row&channel=nz&ibd=6080618
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MLFHS Toolbar - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: MLFHS - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.1.1.2\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: MLFHS Toolbar - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.1.1.2\coIEPlg.dll
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAA0ADcANQA4ADAANAA3ADMALQBUADEANAAtAEIAQQArADEALQBLAFYAMwArADcALQBYAEwAKwAxAC0ARgBQADkAKwAyAC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADEAMABBACsAMQAtAFgATwA5ACsAMQAtAEQARABUACsAMQA0ADMANQAwAC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGADkAMABNADEAMgBEAFQAKwAxAC0AVABCACsAMQAtAFUAOQA1ACsAMQAtAEYAOQAwAFQAQgArADIALQBGADkAMABNADEAMgBUAEMAKwAxAC0ARgA5ADAATQAxADIAVABBACsAMQAtAFQATAArADEALQBGADkAMABNADEAMgBSACsAMQAtAFYASQBQADEAMgArADEA"&"prod=90"&"ver=9.0.894
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://webservices.co.nz/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: AVGRSSTX.DLL
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe

--
End of file - 9300 bytes

Edited by Munchkin2, 25 October 2012 - 02:35 PM.


#10 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 25 October 2012 - 02:34 PM

I realised i ran the last one using clean startup, have rerun after normal startup. Log attached. Please can you look at this for me, as the computer is still not running right, and this process is a very slow one.

Thanks for you help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:47 a.m., on 26/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Memeo\AutoBackupPro\MemeoLauncher2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.nz/ig/dell?hl=en&client=dell-row&channel=nz&ibd=6080618
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MLFHS Toolbar - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: MLFHS - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.1.1.2\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: MLFHS Toolbar - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.1.1.2\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Memeo Backup Premium] C:\Program Files\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAA0ADcANQA4ADAANAA3ADMALQBUADEANAAtAEIAQQArADEALQBLAFYAMwArADcALQBYAEwAKwAxAC0ARgBQADkAKwAyAC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADEAMABBACsAMQAtAFgATwA5ACsAMQAtAEQARABUACsAMQA0ADMANQAwAC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGADkAMABNADEAMgBEAFQAKwAxAC0AVABCACsAMQAtAFUAOQA1ACsAMQAtAEYAOQAwAFQAQgArADIALQBGADkAMABNADEAMgBUAEMAKwAxAC0ARgA5ADAATQAxADIAVABBACsAMQAtAFQATAArADEALQBGADkAMABNADEAMgBSACsAMQAtAFYASQBQADEAMgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [TAV_Net] C:\Program Files\Translated.net\TAVUtility.exe
O4 - HKCU\..\Run: [Tav] C:\Program Files\Translated.net\TAVUtility.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mel & Murray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://webservices.co.nz/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: AVGRSSTX.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: astnscsi - Voyetra Turtle Beach, Inc. - C:\EJay\AudioStation 2004\astnscsi.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9869c2ff4a480) (gupdate1c9869c2ff4a480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\EJay\AUDIOS~1\x10nets.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16591 bytes

Edited by Munchkin2, 25 October 2012 - 05:02 PM.


#11 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:44 PM

Posted 26 October 2012 - 03:29 AM

Hi there,



Thank you for providing these logs. We will analyze them and come back with a reply ASAP.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:44 PM

Posted 27 October 2012 - 08:05 AM

Hi there,



We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


=========================================================================



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 27 October 2012 - 03:15 PM

Thanks Elle
here is the first one, OTL.txt

OTL logfile created on: 28/10/2012 8:49:46 a.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M & M\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.76% Memory free
4.21 Gb Paging File | 2.25 Gb Available in Paging File | 53.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 95.66 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.62 Gb Free Space | 56.21% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 5.79 Gb Free Space | 79.83% Space Free | Partition Type: FAT32

Computer Name: M | User Name: M & M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/10/28 08:46:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M & M\Desktop\OTL.exe
PRC - [2012/10/09 17:21:11 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/04 20:15:16 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/30 08:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
PRC - [2011/05/13 13:01:46 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/03/24 16:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/04/11 19:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 15:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 15:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/21 15:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/12/21 15:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/13 00:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/13 00:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 19:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 19:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 19:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 19:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/03/21 18:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 18:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 22:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 22:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2003/09/30 15:52:10 | 000,208,468 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\EJay\AudioStation 2004\astnscsi.exe
PRC - [2002/07/03 11:07:54 | 000,020,480 | ---- | M] (X10) -- C:\EJay\AudioStation 2004\x10nets.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/31 04:34:04 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\559eb472944e19bca4d034eda4bdfcb7\System.Configuration.Install.ni.dll
MOD - [2012/08/31 04:33:19 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/08/31 04:33:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/08/31 04:33:15 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/08/31 04:32:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/08/31 04:32:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/08/31 04:31:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/08/31 04:30:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/08/31 04:21:42 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/08/31 04:21:29 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/05/31 03:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.1.1.2\wincfi39.dll
MOD - [2012/05/18 16:16:21 | 000,429,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Memeo.ShellExtension\4.0.0.114__63b82a8957e80a37\Memeo.ShellExtension.dll
MOD - [2012/05/18 16:16:20 | 000,839,680 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/30 17:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 17:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2006/11/03 22:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2012/10/11 15:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe -- (N360)
SRV - [2012/10/09 18:20:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/04 20:15:16 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/13 13:01:46 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/08/02 20:32:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/03/05 14:07:44 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/21 15:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 15:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 15:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/11/13 00:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/13 00:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 18:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2003/09/30 15:52:10 | 000,208,468 | ---- | M] (Voyetra Turtle Beach, Inc.) [Auto | Running] -- C:\EJay\AudioStation 2004\astnscsi.exe -- (astnscsi)
SRV - [2002/07/03 11:07:54 | 000,020,480 | ---- | M] (X10) [On_Demand | Running] -- C:\EJay\AudioStation 2004\x10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/21 20:25:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/20 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121026.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/20 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121026.018\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/19 15:31:04 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121027.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/10/06 07:23:26 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121005.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/10/04 14:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys -- (SymEFA)
DRV - [2012/10/04 14:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys -- (SymDS)
DRV - [2012/10/04 14:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/07 14:48:08 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\ironx86.sys -- (SymIRON)
DRV - [2012/09/04 20:15:22 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/09/01 11:12:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/09/01 11:12:28 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/11 14:26:42 | 000,585,888 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.sys -- (SRTSP)
DRV - [2012/08/09 14:50:43 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012/07/23 14:34:24 | 000,350,368 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1401010.002\symtdiv.sys -- (SYMTDIv)
DRV - [2012/05/25 18:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.sys -- (SRTSPX)
DRV - [2011/11/15 14:01:32 | 000,085,064 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_710_19757.SYS -- (NEOFLTR_710_19757)
DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/03/06 20:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/04 18:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 18:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/31 18:32:16 | 001,290,240 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerBDA716x.sys -- (AVerBDA6x)
DRV - [2008/01/21 15:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/11/13 00:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/11/02 16:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/10 18:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/09/07 19:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 05:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 05:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 05:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/21 21:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/08/13 22:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/25 22:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 22:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 22:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt)
DRV - [2007/06/25 22:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic)
DRV - [2007/06/25 22:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5)
DRV - [2007/06/25 22:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 22:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus)
DRV - [2007/01/22 20:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/02 20:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/05 13:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2003/02/13 07:21:44 | 000,269,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw_mdm.sys -- (ipw_mdm)
DRV - [2003/02/13 07:21:36 | 000,015,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw_mdfl.sys -- (ipw_mdfl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DANZ
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..\URLSearchHook: {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GZAZ_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..\SearchScopes\{6CD55087-D104-4F8B-A2C4-377B0286E403}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={0F484FDF-7F8A-4B76-90E9-3E2AFC8E533C}&mid=317b5ef5589028faab78eaa003c85c89-b39f3e8a9b1feab308ead6e8ce75264a5a5e62b0&lang=us&ds=AVG&pr=fr&d=2011-12-13 21:52:33&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\M & M\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\M & M\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\M & M\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 20:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2012/10/26 08:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn\ [2012/10/21 20:30:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={0F484FDF-7F8A-4B76-90E9-3E2AFC8E533C}&mid=317b5ef5589028faab78eaa003c85c89-b39f3e8a9b1feab308ead6e8ce75264a5a5e62b0&lang=us&ds=AVG&pr=fr&d=2011-12-13 21:52:33&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M & M\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\M & M\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\M & M\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\M & M\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Users\M & M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: AVG Secure Search = C:\Users\M & M\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\

O1 HOSTS File: ([2006/09/19 10:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (MLFHS Toolbar) - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (MLFHS Toolbar) - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..\Toolbar\WebBrowser: (MLFHS Toolbar) - {4E1EE5E1-DF02-4977-A3B5-9A3C765A414A} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found
O4 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000..\Run: [Tav] C:\Program Files\Translated.net\TAVUtility.exe File not found
O4 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000..\Run: [TAV_Net] C:\Program Files\Translated.net\TAVUtility.exe File not found
O4 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3736940830-3011007640-3933792223-1000\..Trusted Domains: mriver.co.nz ([webservices] https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webservices.co.nz/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 202.74.207.253 202.74.207.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB1C278-5A19-47AA-A9D6-5B85BD105910}: DhcpNameServer = 202.74.207.253 202.74.207.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{542B884A-F794-4F51-8382-F82CCD68E1C4}: DhcpNameServer = 192.168.2.1 202.74.207.253 202.74.207.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/20 17:01:41 | 000,000,000 | ---D | M] - C:\Autocad2008 -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 10:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 360 Days ==========

[2012/10/28 08:47:04 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\M & M\Desktop\aswMBR.exe
[2012/10/28 08:46:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\M & M\Desktop\OTL.exe
[2012/10/26 14:03:01 | 000,927,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys
[2012/10/26 14:03:01 | 000,350,368 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symtdiv.sys
[2012/10/26 14:03:01 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symnets.sys
[2012/10/26 14:03:01 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symelam.sys
[2012/10/26 14:03:00 | 000,586,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.sys
[2012/10/26 14:03:00 | 000,368,288 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys
[2012/10/26 14:03:00 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\ironx86.sys
[2012/10/26 14:03:00 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys
[2012/10/26 14:03:00 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.sys
[2012/10/26 14:02:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\1402000.013
[2012/10/26 11:35:16 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Malwarebytes
[2012/10/26 11:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/26 11:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/26 11:34:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/26 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/26 11:30:24 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\M & M\Desktop\mbam-setup.exe
[2012/10/26 11:27:12 | 021,385,768 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\M & M\Desktop\SUPERAntiSpyware.exe
[2012/10/26 08:41:59 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/26 08:41:59 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/10/26 08:41:59 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/26 08:41:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/26 08:41:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/26 08:30:57 | 000,000,000 | ---D | C] -- C:\Users\M & M\Bluetooth Software
[2012/10/25 16:33:56 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds1.scr
[2012/10/25 15:45:12 | 000,036,512 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2012/10/25 15:32:31 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds1.com
[2012/10/25 14:44:47 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds.scr
[2012/10/22 16:29:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/22 16:28:58 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/22 16:28:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/21 20:24:36 | 000,926,880 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\SymEFA.sys
[2012/10/21 20:24:36 | 000,585,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.sys
[2012/10/21 20:24:36 | 000,368,288 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\SymDS.sys
[2012/10/21 20:24:36 | 000,350,368 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\symtdiv.sys
[2012/10/21 20:24:36 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\symnets.sys
[2012/10/21 20:24:36 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\Ironx86.sys
[2012/10/21 20:24:36 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\ccSetx86.sys
[2012/10/21 20:24:36 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\srtspx.sys
[2012/10/21 20:24:36 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\SymELAM.sys
[2012/10/21 20:24:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\1401010.002
[2012/10/21 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/10/20 13:12:00 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds.com
[2012/10/20 10:57:42 | 000,000,000 | ---D | C] -- C:\Users\M & M\Desktop\Norton Disk
[2012/10/19 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Local\Deployment
[2012/10/19 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Local\Apps
[2012/10/14 21:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/10/14 21:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(42)
[2012/09/28 23:01:05 | 000,085,064 | ---- | C] (Juniper Networks) -- C:\Windows\System32\drivers\NEOFLTR_710_19757.SYS
[2012/09/28 23:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2012/09/28 22:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/28 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2012/09/22 15:16:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 15:16:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 15:16:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 15:16:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 15:16:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 15:16:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 15:16:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 15:16:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/20 17:00:25 | 000,000,000 | ---D | C] -- C:\Autocad2008
[2012/09/14 04:08:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/14 04:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/14 04:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/04 20:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\NZSG
[2012/09/04 20:15:22 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/01 10:27:21 | 000,000,000 | ---D | C] -- C:\Users\M & M\Documents\Symantec
[2012/09/01 10:23:10 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/09/01 10:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/09/01 10:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/09/01 10:20:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2012/09/01 10:20:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/09/01 10:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/09/01 10:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/09/01 10:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/09/01 10:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/08/29 22:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012/08/29 22:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/28 20:57:00 | 000,000,000 | ---D | C] -- C:\Users\M & M\Documents\WinBMD_Files
[2012/08/28 20:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinBMD_7
[2012/08/28 20:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinBMD7
[2012/08/22 14:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/08/22 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Local\Conduit
[2012/08/22 14:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\MLFHS
[2012/08/16 17:26:27 | 000,000,000 | ---D | C] -- C:\617012800becaeda2a7d
[2012/08/16 17:21:37 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/26 22:10:20 | 000,000,000 | ---D | C] -- C:\Users\M & M\Documents\Phone Backup
[2012/07/11 15:23:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/06/26 17:24:40 | 000,000,000 | ---D | C] -- C:\Users\M & M\Documents\Section (Ruakaka)
[2012/06/21 16:12:24 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 16:12:24 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 16:11:32 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 16:11:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 16:11:32 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 16:10:41 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 16:10:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 04:47:11 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Local\AVG Secure Search
[2012/06/06 09:49:52 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2012/05/31 15:30:57 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/25 21:15:41 | 000,000,000 | ---D | C] -- C:\Users\M & M\Documents\Personal
[2012/05/19 11:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/05/19 11:33:48 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Leadertech
[2012/05/18 16:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012/05/18 16:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012/05/18 16:16:05 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Memeo
[2012/05/18 16:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2012/05/18 16:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/05/09 13:05:35 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 13:05:35 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 13:05:35 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 13:05:34 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 13:05:34 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/04/30 17:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB
[2012/04/30 17:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012/04/30 16:09:42 | 000,000,000 | ---D | C] -- C:\Users\M & M\Desktop\PMBEnvCheck
[2012/04/30 15:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation(66)
[2012/04/29 15:54:56 | 000,000,000 | ---D | C] -- C:\recuva
[2012/03/15 03:05:08 | 000,000,000 | ---D | C] -- C:\1c534f63380d7178ce2fe5329d
[2012/03/14 20:44:05 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/01/13 19:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVerMedia HC82 Express-Card Hybrid Analog
[2012/01/13 18:01:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/13 18:01:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/13 18:01:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/13 18:01:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/13 18:01:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/12 14:44:21 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Local\ElevatedDiagnostics
[2011/12/14 22:51:31 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 22:45:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 21:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/13 21:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/13 21:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/11/15 01:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009/10/16 11:16:41 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmmdm.sys
[2009/10/16 11:16:41 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmserd.sys
[2009/10/16 11:16:41 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmbus.sys
[2009/10/16 11:16:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\M & M\usbsermptxp.sys
[2009/10/16 11:16:41 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\M & M\usbsermpt.sys
[2009/10/16 11:16:41 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmmdfl.sys
[2009/10/16 11:16:41 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmcmnt.sys
[2009/10/16 11:16:41 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmwhnt.sys
[2009/10/16 11:16:41 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmcr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\M & M\Documents\*.tmp files -> C:\Users\M & M\Documents\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012/10/28 08:47:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\M & M\Desktop\aswMBR.exe
[2012/10/28 08:46:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M & M\Desktop\OTL.exe
[2012/10/28 08:43:32 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 08:43:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3736940830-3011007640-3933792223-1000Core.job
[2012/10/28 08:43:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 08:43:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 08:43:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3736940830-3011007640-3933792223-1000UA.job
[2012/10/28 08:42:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/28 08:42:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/27 11:53:49 | 000,006,648 | ---- | M] () -- C:\Users\M & M\AppData\Local\d3d9caps.dat
[2012/10/27 07:02:56 | 000,715,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/27 07:02:56 | 000,162,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/26 14:00:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/26 11:35:03 | 000,000,932 | ---- | M] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:35:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:31:27 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\M & M\Desktop\mbam-setup.exe
[2012/10/26 11:29:59 | 021,385,768 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\M & M\Desktop\SUPERAntiSpyware.exe
[2012/10/26 11:25:54 | 000,872,029 | ---- | M] () -- C:\Users\M & M\Desktop\HxDSetupEN.zip
[2012/10/26 08:41:36 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/26 08:41:36 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/10/26 08:41:36 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/26 08:41:36 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/26 08:41:36 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/26 08:28:14 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/26 08:27:00 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/25 20:21:02 | 000,002,114 | ---- | M] () -- C:\Users\M & M\Desktop\Google Chrome.lnk
[2012/10/25 20:21:02 | 000,002,076 | ---- | M] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/25 16:33:57 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds1.scr
[2012/10/25 15:45:14 | 002,403,689 | ---- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\Cat.DB
[2012/10/25 15:32:31 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds1.com
[2012/10/25 14:44:47 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds.scr
[2012/10/25 14:39:12 | 000,052,656 | ---- | M] () -- C:\Users\M & M\Desktop\unassoc_1_4.zip
[2012/10/25 10:24:42 | 000,000,594 | ---- | M] () -- C:\Users\M & M\Desktop\scrfix_vista.zip
[2012/10/21 20:30:10 | 000,000,871 | ---- | M] () -- C:\Users\M & M\Desktop\Norton Installation Files.lnk
[2012/10/21 20:25:10 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/10/21 20:25:10 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/10/21 20:25:10 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/10/21 18:14:55 | 000,866,592 | ---- | M] () -- C:\Users\M & M\Desktop\Norton_Removal_Tool.exe
[2012/10/20 21:02:44 | 000,219,648 | ---- | M] () -- C:\Users\M & M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/20 20:43:56 | 000,000,000 | ---- | M] () -- C:\Users\M & M\defogger_reenable
[2012/10/20 13:38:12 | 387,332,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/20 13:12:08 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds.com
[2012/10/20 13:11:20 | 000,050,477 | ---- | M] () -- C:\Users\M & M\Desktop\Defogger.exe
[2012/10/20 01:10:00 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\isolate.ini
[2012/10/18 17:32:52 | 000,294,216 | ---- | M] () -- C:\Users\M & M\Desktop\gmer.zip
[2012/10/15 16:10:48 | 000,000,015 | ---- | M] () -- C:\Users\M & M\Desktop\settings.dat
[2012/10/11 15:25:22 | 000,007,597 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.cat
[2012/10/11 15:25:22 | 000,007,593 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.cat
[2012/10/11 15:25:22 | 000,001,387 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.inf
[2012/10/09 18:20:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 18:20:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/09 14:52:50 | 000,007,593 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symds.cat
[2012/10/09 14:52:47 | 000,007,599 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symefa.cat
[2012/10/09 14:00:02 | 000,586,400 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.sys
[2012/10/09 14:00:02 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.inf
[2012/10/04 14:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys
[2012/10/04 14:40:35 | 000,009,103 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symvtcer.dat
[2012/10/04 14:40:35 | 000,003,433 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symefa.inf
[2012/10/04 14:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys
[2012/10/04 14:40:20 | 000,002,851 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symds.inf
[2012/10/04 14:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys
[2012/10/04 14:19:14 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.cat
[2012/10/04 14:19:14 | 000,000,827 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.inf
[2012/10/03 03:15:18 | 000,002,296 | ---- | M] () -- C:\{D3AE5FAD-185E-4F76-B06A-7D06284F0392}
[2012/10/01 18:06:51 | 000,670,560 | ---- | M] () -- C:\Users\M & M\Documents\House Metric 3D.dwg
[2012/10/01 18:03:45 | 000,670,560 | ---- | M] () -- C:\Users\M & M\Documents\House Metric 3D.bak
[2012/10/01 17:03:39 | 000,153,792 | ---- | M] () -- C:\Users\M & M\Documents\House Metric.dwg
[2012/10/01 16:54:43 | 000,152,544 | ---- | M] () -- C:\Users\M & M\Documents\House Metric.bak
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/23 12:20:16 | 000,151,584 | ---- | M] () -- C:\Users\M & M\Documents\House Plan.dwg
[2012/09/22 21:16:49 | 000,102,688 | ---- | M] () -- C:\Users\M & M\Documents\House Plan.bak
[2012/09/22 15:08:35 | 000,099,616 | ---- | M] () -- C:\Users\M & M\Documents\Drawing2.dwg
[2012/09/21 21:21:02 | 000,072,288 | ---- | M] () -- C:\Users\M & M\Documents\Drawing3.dwg
[2012/09/17 09:43:16 | 000,019,800 | ---- | M] () -- C:\{C160345D-EC8D-4D9C-A369-B2124A9AC6FA}
[2012/09/14 04:08:03 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/14 02:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/10 18:28:42 | 000,458,752 | ---- | M] () -- C:\Users\M & M\Documents\Database1.accdb
[2012/09/07 15:05:14 | 000,350,368 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symtdiv.sys
[2012/09/07 15:05:14 | 000,338,592 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symnets.sys
[2012/09/07 15:05:07 | 000,007,601 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symnet.cat
[2012/09/07 15:05:07 | 000,001,468 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symnetv.inf
[2012/09/07 15:05:07 | 000,001,440 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symnet.inf
[2012/09/07 14:48:08 | 000,175,264 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\ironx86.sys
[2012/09/07 14:48:08 | 000,007,593 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\iron.cat
[2012/09/07 14:48:08 | 000,000,737 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\iron.inf
[2012/09/06 17:36:04 | 000,003,256 | ---- | M] () -- C:\{4D90631E-B9E9-4DC6-988E-09B653E7AE9F}
[2012/09/04 20:19:13 | 000,001,922 | ---- | M] () -- C:\Users\M & M\Desktop\NZSG Index Version 4.lnk
[2012/09/04 20:15:22 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/30 20:24:20 | 000,001,795 | ---- | M] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Start WinBMD 7.lnk
[2012/08/30 18:37:57 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\isolate.ini
[2012/08/30 00:27:41 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/30 00:27:41 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/08/29 22:49:29 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012/08/29 21:42:02 | 000,000,627 | ---- | M] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\BMDVerify.exe - Shortcut.lnk
[2012/08/28 20:52:53 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Start WinBMD 7.lnk
[2012/08/24 19:59:17 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/24 19:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/24 19:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/24 19:48:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/24 19:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/24 19:45:46 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/08/24 19:43:58 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/24 19:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 18:09:49 | 000,499,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/13 13:59:53 | 000,001,387 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\srtspx.inf
[2012/08/13 13:59:53 | 000,001,387 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.inf
[2012/08/11 14:26:42 | 000,585,888 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.sys
[2012/08/11 14:26:42 | 000,007,597 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\srtspx.cat
[2012/08/11 14:26:42 | 000,007,593 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.cat
[2012/08/10 20:23:09 | 001,506,828 | ---- | M] () -- C:\Users\M & M\Documents\Colloidal Silver Generators Info.pdf
[2012/08/09 14:50:43 | 000,036,512 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2012/08/09 14:50:43 | 000,007,601 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymNet.cat
[2012/08/09 14:50:39 | 000,007,599 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymEFA.cat
[2012/08/08 18:18:19 | 000,926,880 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\SymEFA.sys
[2012/08/08 18:18:19 | 000,008,942 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymVTcer.dat
[2012/08/08 18:18:19 | 000,003,434 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymEFA.inf
[2012/08/08 17:59:02 | 000,007,593 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\iron.cat
[2012/08/08 07:42:43 | 000,134,304 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\ccSetx86.sys
[2012/08/08 07:41:42 | 000,007,611 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\ccsetx86.cat
[2012/08/07 14:54:02 | 000,007,593 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymDS.cat
[2012/08/03 05:57:09 | 000,000,828 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\ccSetx86.inf
[2012/07/28 16:25:32 | 000,368,288 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\SymDS.sys
[2012/07/28 16:25:32 | 000,002,851 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymDS.inf
[2012/07/28 16:05:21 | 000,175,264 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\Ironx86.sys
[2012/07/28 16:05:21 | 000,000,737 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\Iron.inf
[2012/07/23 14:34:24 | 000,350,368 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\symtdiv.sys
[2012/07/23 14:34:24 | 000,338,592 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\symnets.sys
[2012/07/23 14:34:17 | 000,001,468 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymNetV.inf
[2012/07/23 14:34:17 | 000,001,440 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymNet.inf
[2012/07/16 17:45:57 | 000,417,001 | ---- | M] () -- C:\Users\M & M\Documents\Hallmarks_1880_1995.pdf
[2012/07/05 03:02:46 | 002,047,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/29 18:12:21 | 000,489,557 | ---- | M] () -- C:\Users\M & M\Documents\MoneyByTheMouthful.pdf
[2012/06/21 15:45:12 | 000,021,400 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symelam.sys
[2012/06/21 15:45:12 | 000,021,400 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\SymELAM.sys
[2012/06/21 15:45:12 | 000,009,670 | R--- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symelam.cat
[2012/06/21 15:45:12 | 000,009,670 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\SymELAM.cat
[2012/06/21 15:45:12 | 000,000,996 | R--- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symelam.inf
[2012/06/21 15:45:12 | 000,000,996 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\symELAM.inf
[2012/06/20 12:16:20 | 003,261,020 | ---- | M] () -- C:\Users\M & M\Documents\Samsung E-Manual.pdf
[2012/06/19 22:35:30 | 000,088,003 | ---- | M] () -- C:\Users\M & M\Documents\ir526.pdf
[2012/06/06 09:49:52 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2012/06/03 11:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/03 11:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/03 11:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/03 11:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/03 11:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 16:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 16:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/02 13:03:42 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/05/31 12:25:14 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/05/25 20:07:20 | 000,005,523 | ---- | M] () -- C:\Users\M & M\Documents\Untitled.wmv
[2012/05/25 19:03:45 | 000,007,877 | R--- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symnetv.cat
[2012/05/25 19:03:45 | 000,007,877 | R--- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\symnetv.cat
[2012/05/25 18:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.sys
[2012/05/25 18:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1401010.002\srtspx.sys
[2012/05/11 11:23:01 | 001,014,324 | ---- | M] () -- C:\Users\M & M\Documents\plesk-9.5-domain-administrators-guide.pdf
[2012/05/01 17:28:03 | 000,000,938 | ---- | M] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/30 17:53:36 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\PMB Help.lnk
[2012/04/30 17:53:36 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2012/04/30 17:53:36 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\PMB.lnk
[2012/03/02 03:46:01 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/02 03:46:01 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/01 21:38:50 | 000,000,624 | ---- | M] () -- C:\Users\M & M\Documents\Page1.htm
[2012/03/01 03:08:47 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/01 02:44:50 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/01 02:41:40 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/11 10:59:16 | 000,031,033 | ---- | M] () -- C:\Users\M & M\Documents\IRD Receipt - working for families tax credit.pdf
[2012/01/10 04:54:08 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/11/26 04:59:48 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/11/19 06:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2011/11/15 14:01:32 | 000,085,064 | ---- | M] (Juniper Networks) -- C:\Windows\System32\drivers\NEOFLTR_710_19757.SYS
[2011/11/15 01:28:01 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\M & M\Documents\*.tmp files -> C:\Users\M & M\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/26 14:03:01 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symelam.cat
[2012/10/26 14:03:01 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symnetv.cat
[2012/10/26 14:03:01 | 000,007,601 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symnet.cat
[2012/10/26 14:03:01 | 000,007,599 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symefa.cat
[2012/10/26 14:03:01 | 000,003,433 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symefa.inf
[2012/10/26 14:03:01 | 000,001,468 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symnetv.inf
[2012/10/26 14:03:01 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symnet.inf
[2012/10/26 14:03:01 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symelam.inf
[2012/10/26 14:03:00 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.cat
[2012/10/26 14:03:00 | 000,007,597 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.cat
[2012/10/26 14:03:00 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symds.cat
[2012/10/26 14:03:00 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.cat
[2012/10/26 14:03:00 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\iron.cat
[2012/10/26 14:03:00 | 000,002,851 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symds.inf
[2012/10/26 14:03:00 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.inf
[2012/10/26 14:03:00 | 000,001,387 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.inf
[2012/10/26 14:03:00 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.inf
[2012/10/26 14:03:00 | 000,000,737 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\iron.inf
[2012/10/26 14:02:28 | 000,009,103 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\symvtcer.dat
[2012/10/26 14:02:28 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\1402000.013\isolate.ini
[2012/10/26 11:35:03 | 000,000,932 | ---- | C] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:35:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:25:51 | 000,872,029 | ---- | C] () -- C:\Users\M & M\Desktop\HxDSetupEN.zip
[2012/10/26 08:26:13 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2012/10/26 08:26:13 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012/10/26 08:26:13 | 000,001,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/10/26 08:26:13 | 000,001,748 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/10/26 08:26:13 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/10/26 08:26:13 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/10/25 14:58:14 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/25 14:39:06 | 000,052,656 | ---- | C] () -- C:\Users\M & M\Desktop\unassoc_1_4.zip
[2012/10/25 10:24:39 | 000,000,594 | ---- | C] () -- C:\Users\M & M\Desktop\scrfix_vista.zip
[2012/10/21 20:27:06 | 002,403,689 | ---- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\Cat.DB
[2012/10/21 20:24:21 | 000,008,942 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymVTcer.dat
[2012/10/21 20:24:21 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymEFA.inf
[2012/10/21 20:24:21 | 000,002,851 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymDS.inf
[2012/10/21 20:24:21 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymNetV.inf
[2012/10/21 20:24:21 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymNet.inf
[2012/10/21 20:24:21 | 000,001,387 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\srtspx.inf
[2012/10/21 20:24:21 | 000,001,387 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.inf
[2012/10/21 20:24:21 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\symELAM.inf
[2012/10/21 20:24:21 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\ccSetx86.inf
[2012/10/21 20:24:21 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\Iron.inf
[2012/10/21 20:24:20 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymELAM.cat
[2012/10/21 20:24:20 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\symnetv.cat
[2012/10/21 20:24:20 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\ccsetx86.cat
[2012/10/21 20:24:20 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymNet.cat
[2012/10/21 20:24:20 | 000,007,599 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymEFA.cat
[2012/10/21 20:24:20 | 000,007,597 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\srtspx.cat
[2012/10/21 20:24:20 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\SymDS.cat
[2012/10/21 20:24:20 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.cat
[2012/10/21 20:24:20 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\iron.cat
[2012/10/21 20:24:20 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\1401010.002\isolate.ini
[2012/10/21 19:44:44 | 000,000,871 | ---- | C] () -- C:\Users\M & M\Desktop\Norton Installation Files.lnk
[2012/10/21 18:14:50 | 000,866,592 | ---- | C] () -- C:\Users\M & M\Desktop\Norton_Removal_Tool.exe
[2012/10/20 20:43:56 | 000,000,000 | ---- | C] () -- C:\Users\M & M\defogger_reenable
[2012/10/20 13:38:12 | 387,332,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/20 13:11:19 | 000,050,477 | ---- | C] () -- C:\Users\M & M\Desktop\Defogger.exe
[2012/10/18 17:32:46 | 000,294,216 | ---- | C] () -- C:\Users\M & M\Desktop\gmer.zip
[2012/10/03 03:15:18 | 000,002,296 | ---- | C] () -- C:\{D3AE5FAD-185E-4F76-B06A-7D06284F0392}
[2012/10/01 17:46:39 | 000,670,560 | ---- | C] () -- C:\Users\M & M\Documents\House Metric 3D.bak
[2012/09/30 09:38:13 | 000,670,560 | ---- | C] () -- C:\Users\M & M\Documents\House Metric 3D.dwg
[2012/09/23 12:47:50 | 000,153,792 | ---- | C] () -- C:\Users\M & M\Documents\House Metric.dwg
[2012/09/23 12:47:50 | 000,152,544 | ---- | C] () -- C:\Users\M & M\Documents\House Metric.bak
[2012/09/21 22:40:44 | 000,102,688 | ---- | C] () -- C:\Users\M & M\Documents\House Plan.bak
[2012/09/21 21:35:12 | 000,151,584 | ---- | C] () -- C:\Users\M & M\Documents\House Plan.dwg
[2012/09/21 17:09:24 | 000,072,288 | ---- | C] () -- C:\Users\M & M\Documents\Drawing3.dwg
[2012/09/20 22:23:40 | 000,099,616 | ---- | C] () -- C:\Users\M & M\Documents\Drawing2.dwg
[2012/09/17 09:43:16 | 000,019,800 | ---- | C] () -- C:\{C160345D-EC8D-4D9C-A369-B2124A9AC6FA}
[2012/09/14 04:08:03 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/10 17:42:57 | 000,458,752 | ---- | C] () -- C:\Users\M & M\Documents\Database1.accdb
[2012/09/06 17:34:57 | 000,003,256 | ---- | C] () -- C:\{4D90631E-B9E9-4DC6-988E-09B653E7AE9F}
[2012/09/04 20:19:13 | 000,001,922 | ---- | C] () -- C:\Users\M & M\Desktop\NZSG Index Version 4.lnk
[2012/09/01 10:23:10 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/09/01 10:23:10 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/08/30 20:24:20 | 000,001,795 | ---- | C] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Start WinBMD 7.lnk
[2012/08/29 22:49:29 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012/08/29 21:42:02 | 000,000,627 | ---- | C] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\BMDVerify.exe - Shortcut.lnk
[2012/08/28 20:52:53 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Start WinBMD 7.lnk
[2012/08/10 20:23:08 | 001,506,828 | ---- | C] () -- C:\Users\M & M\Documents\Colloidal Silver Generators Info.pdf
[2012/07/16 17:45:56 | 000,417,001 | ---- | C] () -- C:\Users\M & M\Documents\Hallmarks_1880_1995.pdf
[2012/06/29 18:12:20 | 000,489,557 | ---- | C] () -- C:\Users\M & M\Documents\MoneyByTheMouthful.pdf
[2012/06/20 12:16:20 | 003,261,020 | ---- | C] () -- C:\Users\M & M\Documents\Samsung E-Manual.pdf
[2012/06/19 22:35:30 | 000,088,003 | ---- | C] () -- C:\Users\M & M\Documents\ir526.pdf
[2012/05/31 15:31:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/25 20:07:07 | 000,005,523 | ---- | C] () -- C:\Users\M & M\Documents\Untitled.wmv
[2012/05/11 11:22:59 | 001,014,324 | ---- | C] () -- C:\Users\M & M\Documents\plesk-9.5-domain-administrators-guide.pdf
[2012/04/30 17:53:36 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\PMB Help.lnk
[2012/04/30 17:53:36 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2012/04/30 17:53:36 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2012/04/30 17:53:35 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012/02/24 14:19:53 | 000,000,624 | ---- | C] () -- C:\Users\M & M\Documents\Page1.htm
[2012/02/11 10:59:16 | 000,031,033 | ---- | C] () -- C:\Users\M & M\Documents\IRD Receipt - working for families tax credit.pdf
[2011/11/15 01:28:01 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/02 13:06:40 | 000,081,920 | ---- | C] () -- C:\Users\M & M\index.dat
[2009/10/16 11:21:16 | 000,018,512 | ---- | C] () -- C:\Users\M & M\1255645276-(null) - Copy
[2009/10/16 11:21:16 | 000,016,532 | ---- | C] () -- C:\Users\M & M\1255645276-(null) - Copy (3)
[2009/10/16 11:21:16 | 000,007,201 | ---- | C] () -- C:\Users\M & M\1255645276-(null)
[2009/10/16 11:21:16 | 000,005,880 | ---- | C] () -- C:\Users\M & M\1255645276-(null) - Copy (2)
[2009/10/16 11:16:41 | 000,009,913 | ---- | C] () -- C:\Users\M & M\MCCI_MDM.INF
[2009/10/16 11:16:41 | 000,009,232 | ---- | C] () -- C:\Users\M & M\USB_MOT_BRIT.INF
[2009/10/16 11:16:41 | 000,007,201 | ---- | C] () -- C:\Users\M & M\USBMOT2000.INF
[2009/10/16 11:16:41 | 000,006,989 | ---- | C] () -- C:\Users\M & M\MCCI_BUS.INF
[2009/10/16 11:16:41 | 000,006,141 | ---- | C] () -- C:\Users\M & M\USBMOT2000XP.INF
[2009/10/16 11:16:41 | 000,005,960 | ---- | C] () -- C:\Users\M & M\USB_MOT_A1000.INF
[2009/10/16 11:16:41 | 000,005,880 | ---- | C] () -- C:\Users\M & M\USB_CMCS_2000.INF
[2009/10/16 11:16:41 | 000,004,477 | ---- | C] () -- C:\Users\M & M\MCCI_SDM.INF
[2009/10/16 11:16:40 | 000,099,168 | ---- | C] () -- C:\Users\M & M\1255645000-(null) - Copy
[2009/10/16 11:16:40 | 000,053,247 | ---- | C] () -- C:\Users\M & M\1255645000-(null)
[2009/10/16 11:16:40 | 000,012,075 | ---- | C] () -- C:\Users\M & M\1255645000-(null) - Copy (2)
[2009/03/22 22:28:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/06 08:35:42 | 000,000,552 | ---- | C] () -- C:\Users\M & M\AppData\Local\d3d8caps.dat
[2008/12/01 16:32:29 | 000,006,648 | ---- | C] () -- C:\Users\M & M\AppData\Local\d3d9caps.dat
[2008/11/02 20:40:33 | 000,000,000 | ---- | C] () -- C:\Users\M & M\AppData\Local\rx_image.Cache
[2008/06/26 21:32:22 | 000,219,648 | ---- | C] () -- C:\Users\M & M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 15:15:01 | 000,000,436 | ---- | C] () -- C:\Users\M & M\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/03 01:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 19:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 19:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Work:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\WinBMD_Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Visual Studio 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Untitled.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Sony PMB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\SnagIt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Section (Ruakaka):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Phone Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Personal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Outlook Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\My MMS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Memory Card:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Insurance:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Garmin Nuvi 765 Copy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Flat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Baby Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Autocad:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\voice:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\PMBEnvCheck:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\Norton Disk:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\Mels:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\GARMIN-nz:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\GARMIN-bak:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\autocad:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\AUDIO:Roxio EMC Stream

< End of report >

Edited by Munchkin2, 27 October 2012 - 03:36 PM.


#14 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 27 October 2012 - 03:20 PM

Extra.txt

OTL Extras logfile created on: 28/10/2012 8:49:46 a.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M & M\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.76% Memory free
4.21 Gb Paging File | 2.25 Gb Available in Paging File | 53.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 95.66 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.62 Gb Free Space | 56.21% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 5.79 Gb Free Space | 79.83% Space Free | Partition Type: FAT32

Computer Name: M | User Name: M & M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3736940830-3011007640-3933792223-1000\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0E02A-9260-45A0-8C3E-CD0F0086E9C3}" = lport=445 | protocol=6 | dir=in | app=system |
"{044E82EB-BA51-4F05-B36C-D5DAD4611A55}" = lport=139 | protocol=6 | dir=in | app=system |
"{12AE4947-85FC-42F4-A3B9-792C368B918B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{191B992E-403A-4887-9F0C-F10676B3066A}" = rport=137 | protocol=17 | dir=out | app=system |
"{1B3E1502-9F5E-436B-80C4-5E58D5BF2DFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1EC626C5-5FF2-4DF0-9DCD-791ED9BE487E}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BB5C284-6639-4AD7-BAC5-9A23E4435D8B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7441B82C-77B1-4888-BA48-C33E1881CC9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{8AEC8146-A280-4FD7-8708-05BECA5594CB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A04A08D2-F36D-477E-87F2-6CDD6C17826E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A1C4C04E-508E-44D3-9CA4-0C86F8E7313F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A548F129-BB14-43CE-A09D-99822EDAA098}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E21A252C-7563-44F6-B9FC-A11B2C2E47FB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EB5F0211-136E-447F-A7CF-EABF879EDDAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{FCC2F10F-4CD3-4643-A289-BE36EE1E3952}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F8ABD-B084-4106-A0A8-846CD8908EF1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1CAAB339-43FF-4199-A72F-42E1C7597689}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1FB635E2-BD42-40A8-9386-FB0705AE390B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2552960C-1D14-4F3D-8ACA-CDBD35910C1E}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{46083E06-7B5A-4802-BF7A-70CBAED523E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4F8F3D6D-A844-440D-B7DE-44FB4E4B2A8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67072890-5DFA-45D2-B07E-7587F8162037}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{691BCD53-4700-450D-940B-E10B34EA7B64}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6CC00D7F-A9CB-40C0-A0C7-489A98A12225}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7F3B8DA7-1B80-4002-96C0-E5F9C836BBCE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A04A1B1A-795F-488F-A671-0E5601CA011D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{CC9AF00B-1CF3-4F22-8DF6-7BA6372DB420}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D75051B9-AE57-4721-9E37-411CB8552ACB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{F90C3988-1338-4F46-9BAF-A0AC3AB9B80C}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"TCP Query User{E6AA1FB6-E92E-47D9-91BB-9DD1E9B4C26F}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F0F341A6-EC7C-41C3-B7A9-EFF6641FCCEC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8FAA5AD9-A486-440D-B601-90A58AC4AA4F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CF6DF236-F5DF-4231-94B8-F48424B489A0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = ArcSoft PhotoStudio 5.5
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3F7D7ED5-979A-4F96-AE25-DDA54B3E2D2B}" = Microsoft SQL Server 2008 Setup Support Files
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A629D0-B562-47B9-B078-CBE3DB6FAF30}" = AudioStation 2004
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98723200-009F-4757-821D-221D228C0E70}" = WinBMD 7
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DE4F697-93E8-4C91-870C-0B2EE4FDE524}" = NZSG Index Version 4
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0DB63F5-0936-41D2-B400-89707218FAAC}" = Memeo LifeAgent Explorer Extension
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{72A629D0-B562-47B9-B078-CBE3DB6FAF30}" = AudioStation 2004
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"MLFHS Toolbar" = MLFHS Toolbar
"N360" = Norton 360
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PreMem70" = Adobe Premiere Elements 7.0
"PreMem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel® PROSet/Wireless Software
"Recuva" = Recuva
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3736940830-3011007640-3933792223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/07/2012 12:28:43 a.m. | Computer Name = M | Source = ESENT | ID = 489
Description = Windows (6132) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 9/07/2012 12:28:43 a.m. | Computer Name = M | Source = ESENT | ID = 455
Description = Windows (6132) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 9/07/2012 12:28:43 a.m. | Computer Name = M | Source = Windows Search Service | ID = 9000
Description =

Error - 9/07/2012 12:28:43 a.m. | Computer Name = M | Source = Windows Search Service | ID = 1006
Description =

Error - 9/07/2012 12:38:47 a.m. | Computer Name = M | Source = ESENT | ID = 489
Description = Windows (5368) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 9/07/2012 12:38:47 a.m. | Computer Name = M | Source = ESENT | ID = 455
Description = Windows (5368) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 9/07/2012 12:38:57 a.m. | Computer Name = M | Source = ESENT | ID = 489
Description = Windows (5368) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"
for read only access failed with system error 5 (0x00000005): "Access is denied.
". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 9/07/2012 12:38:57 a.m. | Computer Name = M | Source = ESENT | ID = 455
Description = Windows (5368) Windows: Error -1032 (0xfffffbf8) occurred while opening
logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 9/07/2012 12:38:57 a.m. | Computer Name = M | Source = Windows Search Service | ID = 9000
Description =

Error - 9/07/2012 12:38:57 a.m. | Computer Name = M | Source = Windows Search Service | ID = 1006
Description =

[ Media Center Events ]
Error - 25/06/2008 4:14:46 a.m. | Computer Name = MandMurray-PC | Source = ehRecvr | ID = 3
Description =

Error - 10/08/2008 5:11:54 p.m. | Computer Name = MandMurray-PC | Source = ehRecvr | ID = 3
Description =

Error - 7/01/2012 11:52:58 p.m. | Computer Name = M | Source = ehRecvr | ID = 3
Description =

Error - 7/01/2012 11:53:45 p.m. | Computer Name = M | Source = ehRecvr | ID = 4
Description =

Error - 8/01/2012 3:28:14 a.m. | Computer Name = M | Source = ehRecvr | ID = 3
Description =

Error - 10/01/2012 3:54:23 a.m. | Computer Name = M | Source = ehRecvr | ID = 4
Description =

Error - 10/01/2012 3:54:24 a.m. | Computer Name = M | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 24/10/2012 9:49:43 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7001
Description =

Error - 24/10/2012 9:49:43 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7001
Description =

Error - 24/10/2012 9:49:50 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7001
Description =

Error - 24/10/2012 9:49:51 p.m. | Computer Name = M | Source = DCOM | ID = 10005
Description =

Error - 24/10/2012 9:49:52 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7001
Description =

Error - 24/10/2012 9:59:20 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7000
Description =

Error - 24/10/2012 10:07:45 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7000
Description =

Error - 25/10/2012 3:29:40 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7000
Description =

Error - 26/10/2012 1:57:56 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7011
Description =

Error - 26/10/2012 5:13:44 p.m. | Computer Name = M | Source = Service Control Manager | ID = 7011
Description =


< End of report >

#15 Munchkin2

Munchkin2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 27 October 2012 - 03:35 PM

This is the OLT.txt run at file age of 30 days, just incase there is a big difference.

OTL logfile created on: 28/10/2012 9:22:54 a.m. - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M & M\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.34% Memory free
4.21 Gb Paging File | 2.16 Gb Available in Paging File | 51.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 94.70 Gb Free Space | 42.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.62 Gb Free Space | 56.21% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 5.79 Gb Free Space | 79.83% Space Free | Partition Type: FAT32

Computer Name: M | User Name: M & M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/28 08:46:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M & M\Desktop\OTL.exe
PRC - [2012/10/09 17:21:11 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/04 20:15:16 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/30 08:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
PRC - [2011/05/13 13:01:46 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/03/24 16:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/04/11 19:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 15:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 15:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/12/21 15:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/13 00:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/13 00:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 19:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 19:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 19:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 19:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/03/21 18:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 18:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 22:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 22:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2003/09/30 15:52:10 | 000,208,468 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\EJay\AudioStation 2004\astnscsi.exe
PRC - [2002/07/03 11:07:54 | 000,020,480 | ---- | M] (X10) -- C:\EJay\AudioStation 2004\x10nets.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/31 04:34:04 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\559eb472944e19bca4d034eda4bdfcb7\System.Configuration.Install.ni.dll
MOD - [2012/08/31 04:33:19 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/08/31 04:33:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/08/31 04:33:15 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/08/31 04:32:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/08/31 04:32:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/08/31 04:31:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/08/31 04:30:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/08/31 04:21:42 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/08/31 04:21:29 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/05/31 03:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.1.1.2\wincfi39.dll
MOD - [2012/05/18 16:16:21 | 000,429,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Memeo.ShellExtension\4.0.0.114__63b82a8957e80a37\Memeo.ShellExtension.dll
MOD - [2012/05/18 16:16:20 | 000,839,680 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/30 17:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 17:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2006/11/03 22:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2012/10/11 15:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe -- (N360)
SRV - [2012/10/09 18:20:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/04 20:15:16 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/13 13:01:46 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/08/02 20:32:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/03/05 14:07:44 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/21 15:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 15:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 15:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/11/13 00:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/13 00:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 18:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2003/09/30 15:52:10 | 000,208,468 | ---- | M] (Voyetra Turtle Beach, Inc.) [Auto | Running] -- C:\EJay\AudioStation 2004\astnscsi.exe -- (astnscsi)
SRV - [2002/07/03 11:07:54 | 000,020,480 | ---- | M] (X10) [On_Demand | Running] -- C:\EJay\AudioStation 2004\x10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\M&MU~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/10/21 20:25:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/20 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121026.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/20 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121026.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/19 15:31:04 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121027.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/10/06 07:23:26 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121005.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/10/04 14:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys -- (SymEFA)
DRV - [2012/10/04 14:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys -- (SymDS)
DRV - [2012/10/04 14:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/07 14:48:08 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\ironx86.sys -- (SymIRON)
DRV - [2012/09/04 20:15:22 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/09/01 11:12:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/09/01 11:12:28 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/11 14:26:42 | 000,585,888 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1401010.002\srtsp.sys -- (SRTSP)
DRV - [2012/08/09 14:50:43 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012/07/23 14:34:24 | 000,350,368 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1401010.002\symtdiv.sys -- (SYMTDIv)
DRV - [2012/05/25 18:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.sys -- (SRTSPX)
DRV - [2011/11/15 14:01:32 | 000,085,064 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_710_19757.SYS -- (NEOFLTR_710_19757)
DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/03/06 20:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/04 18:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 18:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/31 18:32:16 | 001,290,240 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerBDA716x.sys -- (AVerBDA6x)
DRV - [2008/01/21 15:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/11/13 00:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/11/02 16:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/10 18:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/09/07 19:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 05:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 05:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 05:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/21 21:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/08/13 22:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/25 22:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 22:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 22:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt)
DRV - [2007/06/25 22:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic)
DRV - [2007/06/25 22:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5)
DRV - [2007/06/25 22:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 22:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus)
DRV - [2007/01/22 20:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/02 20:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/05 13:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2003/02/13 07:21:44 | 000,269,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw_mdm.sys -- (ipw_mdm)
DRV - [2003/02/13 07:21:36 | 000,015,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw_mdfl.sys -- (ipw_mdfl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DANZ
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GZAZ_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6CD55087-D104-4F8B-A2C4-377B0286E403}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={0F484FDF-7F8A-4B76-90E9-3E2AFC8E533C}&mid=317b5ef5589028faab78eaa003c85c89-b39f3e8a9b1feab308ead6e8ce75264a5a5e62b0&lang=us&ds=AVG&pr=fr&d=2011-12-13 21:52:33&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\M & M\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\M & M\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\M & M\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 20:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2012/10/26 08:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn\ [2012/10/21 20:30:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.co.nz/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={0F484FDF-7F8A-4B76-90E9-3E2AFC8E533C}&mid=317b5ef5589028faab78eaa003c85c89-b39f3e8a9b1feab308ead6e8ce75264a5a5e62b0&lang=us&ds=AVG&pr=fr&d=2011-12-13 21:52:33&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M & M\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\M & M\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\M & M\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\M & M\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Users\M & M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: AVG Secure Search = C:\Users\M & M\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\

O1 HOSTS File: ([2006/09/19 10:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (MLFHS Toolbar) - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (MLFHS Toolbar) - {4e1ee5e1-df02-4977-a3b5-9a3c765a414a} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MLFHS Toolbar) - {4E1EE5E1-DF02-4977-A3B5-9A3C765A414A} - C:\Program Files\MLFHS\prxtbMLFH.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Tav] C:\Program Files\Translated.net\TAVUtility.exe File not found
O4 - HKCU..\Run: [TAV_Net] C:\Program Files\Translated.net\TAVUtility.exe File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mriver.co.nz ([webservices] https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webservices.co.nz/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 202.74.207.253 202.74.207.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB1C278-5A19-47AA-A9D6-5B85BD105910}: DhcpNameServer = 202.74.207.253 202.74.207.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{542B884A-F794-4F51-8382-F82CCD68E1C4}: DhcpNameServer = 192.168.2.1 202.74.207.253 202.74.207.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/20 17:01:41 | 000,000,000 | ---D | M] - C:\Autocad2008 -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 10:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/28 08:47:04 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\M & M\Desktop\aswMBR.exe
[2012/10/28 08:46:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\M & M\Desktop\OTL.exe
[2012/10/26 11:35:16 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Malwarebytes
[2012/10/26 11:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/26 11:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/26 11:34:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/26 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/26 11:30:24 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\M & M\Desktop\mbam-setup.exe
[2012/10/26 11:27:12 | 021,385,768 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\M & M\Desktop\SUPERAntiSpyware.exe
[2012/10/26 08:41:59 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/26 08:41:59 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/10/26 08:41:59 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/26 08:41:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/26 08:41:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/26 08:30:57 | 000,000,000 | ---D | C] -- C:\Users\M & M\Bluetooth Software
[2012/10/25 16:33:56 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds1.scr
[2012/10/25 15:45:12 | 000,036,512 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2012/10/25 15:32:31 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds1.com
[2012/10/25 14:44:47 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds.scr
[2012/10/22 16:29:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/22 16:28:58 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/22 16:28:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/21 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/10/20 13:12:00 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\M & M\Desktop\dds.com
[2012/10/20 10:57:42 | 000,000,000 | ---D | C] -- C:\Users\M & M\Desktop\Norton Disk
[2012/10/19 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Local\Deployment
[2012/10/19 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Local\Apps
[2012/10/14 21:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/10/14 21:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(42)
[2012/09/28 23:01:05 | 000,085,064 | ---- | C] (Juniper Networks) -- C:\Windows\System32\drivers\NEOFLTR_710_19757.SYS
[2012/09/28 23:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2012/09/28 22:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/28 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\M & M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2009/10/16 11:16:41 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmmdm.sys
[2009/10/16 11:16:41 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmserd.sys
[2009/10/16 11:16:41 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmbus.sys
[2009/10/16 11:16:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\M & M\usbsermptxp.sys
[2009/10/16 11:16:41 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\M & M\usbsermpt.sys
[2009/10/16 11:16:41 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmmdfl.sys
[2009/10/16 11:16:41 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmcmnt.sys
[2009/10/16 11:16:41 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmwhnt.sys
[2009/10/16 11:16:41 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\M & M\mqdmcr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\M & M\Documents\*.tmp files -> C:\Users\M & M\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/28 09:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/28 09:10:11 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3736940830-3011007640-3933792223-1000UA.job
[2012/10/28 09:01:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 08:47:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\M & M\Desktop\aswMBR.exe
[2012/10/28 08:46:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M & M\Desktop\OTL.exe
[2012/10/28 08:43:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3736940830-3011007640-3933792223-1000Core.job
[2012/10/28 08:43:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 08:43:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 08:42:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/27 11:53:49 | 000,006,648 | ---- | M] () -- C:\Users\M & M\AppData\Local\d3d9caps.dat
[2012/10/27 07:02:56 | 000,715,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/27 07:02:56 | 000,162,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/26 14:00:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/26 11:35:03 | 000,000,932 | ---- | M] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:35:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:31:27 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\M & M\Desktop\mbam-setup.exe
[2012/10/26 11:29:59 | 021,385,768 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\M & M\Desktop\SUPERAntiSpyware.exe
[2012/10/26 11:25:54 | 000,872,029 | ---- | M] () -- C:\Users\M & M\Desktop\HxDSetupEN.zip
[2012/10/26 08:41:36 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/10/26 08:41:36 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/10/26 08:41:36 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/26 08:41:36 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/26 08:41:36 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/26 08:28:14 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/26 08:27:00 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/25 20:21:02 | 000,002,114 | ---- | M] () -- C:\Users\M & M\Desktop\Google Chrome.lnk
[2012/10/25 20:21:02 | 000,002,076 | ---- | M] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/25 16:33:57 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds1.scr
[2012/10/25 15:45:14 | 002,403,689 | ---- | M] () -- C:\Windows\System32\drivers\N360\1401010.002\Cat.DB
[2012/10/25 15:32:31 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds1.com
[2012/10/25 14:44:47 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds.scr
[2012/10/25 14:39:12 | 000,052,656 | ---- | M] () -- C:\Users\M & M\Desktop\unassoc_1_4.zip
[2012/10/25 10:24:42 | 000,000,594 | ---- | M] () -- C:\Users\M & M\Desktop\scrfix_vista.zip
[2012/10/21 20:30:10 | 000,000,871 | ---- | M] () -- C:\Users\M & M\Desktop\Norton Installation Files.lnk
[2012/10/21 20:25:10 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/10/21 20:25:10 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/10/21 20:25:10 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/10/21 18:14:55 | 000,866,592 | ---- | M] () -- C:\Users\M & M\Desktop\Norton_Removal_Tool.exe
[2012/10/20 21:02:44 | 000,219,648 | ---- | M] () -- C:\Users\M & M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/20 20:43:56 | 000,000,000 | ---- | M] () -- C:\Users\M & M\defogger_reenable
[2012/10/20 13:38:12 | 387,332,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/20 13:12:08 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\M & M\Desktop\dds.com
[2012/10/20 13:11:20 | 000,050,477 | ---- | M] () -- C:\Users\M & M\Desktop\Defogger.exe
[2012/10/20 01:10:00 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\isolate.ini
[2012/10/18 17:32:52 | 000,294,216 | ---- | M] () -- C:\Users\M & M\Desktop\gmer.zip
[2012/10/15 16:10:48 | 000,000,015 | ---- | M] () -- C:\Users\M & M\Desktop\settings.dat
[2012/10/11 15:25:22 | 000,007,597 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.cat
[2012/10/11 15:25:22 | 000,007,593 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.cat
[2012/10/11 15:25:22 | 000,001,387 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.inf
[2012/10/09 18:20:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 18:20:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/09 14:52:50 | 000,007,593 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symds.cat
[2012/10/09 14:52:47 | 000,007,599 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symefa.cat
[2012/10/09 14:00:02 | 000,586,400 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.sys
[2012/10/09 14:00:02 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.inf
[2012/10/04 14:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys
[2012/10/04 14:40:35 | 000,009,103 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symvtcer.dat
[2012/10/04 14:40:35 | 000,003,433 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symefa.inf
[2012/10/04 14:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys
[2012/10/04 14:40:20 | 000,002,851 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\symds.inf
[2012/10/04 14:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys
[2012/10/04 14:19:14 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.cat
[2012/10/04 14:19:14 | 000,000,827 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.inf
[2012/10/03 03:15:18 | 000,002,296 | ---- | M] () -- C:\{D3AE5FAD-185E-4F76-B06A-7D06284F0392}
[2012/10/01 18:06:51 | 000,670,560 | ---- | M] () -- C:\Users\M & M\Documents\House Metric 3D.dwg
[2012/10/01 18:03:45 | 000,670,560 | ---- | M] () -- C:\Users\M & M\Documents\House Metric 3D.bak
[2012/10/01 17:03:39 | 000,153,792 | ---- | M] () -- C:\Users\M & M\Documents\House Metric.dwg
[2012/10/01 16:54:43 | 000,152,544 | ---- | M] () -- C:\Users\M & M\Documents\House Metric.bak
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\M & M\Documents\*.tmp files -> C:\Users\M & M\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/26 11:35:03 | 000,000,932 | ---- | C] () -- C:\Users\M & M\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:35:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 11:25:51 | 000,872,029 | ---- | C] () -- C:\Users\M & M\Desktop\HxDSetupEN.zip
[2012/10/26 08:26:13 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2012/10/26 08:26:13 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012/10/26 08:26:13 | 000,001,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/10/26 08:26:13 | 000,001,748 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/10/26 08:26:13 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/10/26 08:26:13 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/10/25 14:58:14 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/25 14:39:06 | 000,052,656 | ---- | C] () -- C:\Users\M & M\Desktop\unassoc_1_4.zip
[2012/10/25 10:24:39 | 000,000,594 | ---- | C] () -- C:\Users\M & M\Desktop\scrfix_vista.zip
[2012/10/21 19:44:44 | 000,000,871 | ---- | C] () -- C:\Users\M & M\Desktop\Norton Installation Files.lnk
[2012/10/21 18:14:50 | 000,866,592 | ---- | C] () -- C:\Users\M & M\Desktop\Norton_Removal_Tool.exe
[2012/10/20 20:43:56 | 000,000,000 | ---- | C] () -- C:\Users\M & M\defogger_reenable
[2012/10/20 13:38:12 | 387,332,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/20 13:11:19 | 000,050,477 | ---- | C] () -- C:\Users\M & M\Desktop\Defogger.exe
[2012/10/18 17:32:46 | 000,294,216 | ---- | C] () -- C:\Users\M & M\Desktop\gmer.zip
[2012/10/03 03:15:18 | 000,002,296 | ---- | C] () -- C:\{D3AE5FAD-185E-4F76-B06A-7D06284F0392}
[2012/10/01 17:46:39 | 000,670,560 | ---- | C] () -- C:\Users\M & M\Documents\House Metric 3D.bak
[2012/09/30 09:38:13 | 000,670,560 | ---- | C] () -- C:\Users\M & M\Documents\House Metric 3D.dwg
[2010/02/02 13:06:40 | 000,081,920 | ---- | C] () -- C:\Users\M & M\index.dat
[2009/10/16 11:21:16 | 000,018,512 | ---- | C] () -- C:\Users\M & M\1255645276-(null) - Copy
[2009/10/16 11:21:16 | 000,016,532 | ---- | C] () -- C:\Users\M & M\1255645276-(null) - Copy (3)
[2009/10/16 11:21:16 | 000,007,201 | ---- | C] () -- C:\Users\M & M\1255645276-(null)
[2009/10/16 11:21:16 | 000,005,880 | ---- | C] () -- C:\Users\M & M\1255645276-(null) - Copy (2)
[2009/10/16 11:16:41 | 000,009,913 | ---- | C] () -- C:\Users\M & M\MCCI_MDM.INF
[2009/10/16 11:16:41 | 000,009,232 | ---- | C] () -- C:\Users\M & M\USB_MOT_BRIT.INF
[2009/10/16 11:16:41 | 000,007,201 | ---- | C] () -- C:\Users\M & M\USBMOT2000.INF
[2009/10/16 11:16:41 | 000,006,989 | ---- | C] () -- C:\Users\M & M\MCCI_BUS.INF
[2009/10/16 11:16:41 | 000,006,141 | ---- | C] () -- C:\Users\M & M\USBMOT2000XP.INF
[2009/10/16 11:16:41 | 000,005,960 | ---- | C] () -- C:\Users\M & M\USB_MOT_A1000.INF
[2009/10/16 11:16:41 | 000,005,880 | ---- | C] () -- C:\Users\M & M\USB_CMCS_2000.INF
[2009/10/16 11:16:41 | 000,004,477 | ---- | C] () -- C:\Users\M & M\MCCI_SDM.INF
[2009/10/16 11:16:40 | 000,099,168 | ---- | C] () -- C:\Users\M & M\1255645000-(null) - Copy
[2009/10/16 11:16:40 | 000,053,247 | ---- | C] () -- C:\Users\M & M\1255645000-(null)
[2009/10/16 11:16:40 | 000,012,075 | ---- | C] () -- C:\Users\M & M\1255645000-(null) - Copy (2)
[2009/03/22 22:28:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/06 08:35:42 | 000,000,552 | ---- | C] () -- C:\Users\M & M\AppData\Local\d3d8caps.dat
[2008/12/01 16:32:29 | 000,006,648 | ---- | C] () -- C:\Users\M & M\AppData\Local\d3d9caps.dat
[2008/11/02 20:40:33 | 000,000,000 | ---- | C] () -- C:\Users\M & M\AppData\Local\rx_image.Cache
[2008/06/26 21:32:22 | 000,219,648 | ---- | C] () -- C:\Users\M & M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 15:15:01 | 000,000,436 | ---- | C] () -- C:\Users\M & M\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/03 01:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 19:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 19:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Work:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\WinBMD_Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Visual Studio 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Untitled.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Sony PMB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\SnagIt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Section (Ruakaka):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Phone Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Personal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Outlook Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\My MMS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Memory Card:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Insurance:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Garmin Nuvi 765 Copy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Flat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Baby Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Autocad:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\voice:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\PMBEnvCheck:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\Norton Disk:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\Ms:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\GARMIN-nz:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\GARMIN-bak:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\autocad:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\M & M\Desktop\AUDIO:Roxio EMC Stream

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users