Jump to content

Windows only runs normally after use of system restore


Recommended Posts

Redirected here by David Lipman from the General help forum who suggests my computer may have an infection.

 

The DDs logs are attached below:-

un by peter at 13:56:23 on 2013-09-21
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp:/www.google.co.uk
uWindow Title = Microsoft Internet Explorer provided by Wanadoo

uURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search with Wanadoo - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2CE5A145-0319-429D-8A61-D5B364665CC8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{93F760F4-C83A-4126-948B-E93F2E31C50B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{93F760F4-C83A-4126-948B-E93F2E31C50B}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-06 15:46; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: 2013-08-06 15:51; gmailnoads@mywebber.com; C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-08-06 15:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? RapportKE64;RapportKE64
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? RoxMediaDB12OEM;RoxMediaDB12OEM
R? RoxWatch12;Roxio Hard Drive Watcher 12
R? RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver
R? RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2)
R? RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2)
R? TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? BCMH43XX;Broadcom 802.11 USB Network Adapter Driver
S? CompFilter64;UVCCompositeFilter
S? DockLoginService;Dock Login Service
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? KSS;Kaspersky Security Scan Service
S? LVRS64;Logitech RightSound Filter Driver
S? LVUVC64;Logitech HD Webcam C510(UVC)
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? NOBU;Dell DataSafe Online
S? OAcat;Online Armor Helper Service
S? OADevice;OADriver
S? oahlpXX;Online Armor helper driver
S? OAmon;OAmon
S? OAnet;OnlineArmor Service
S? PSI;PSI
S? PxHlpa64;PxHlpa64
S? RapportCerberus_56758;RapportCerberus_56758
S? RapportEI64;RapportEI64
S? RapportMgmtService;Rapport Management Service
S? RapportPG64;RapportPG64
S? RTL8167;Realtek 8167 NT Driver
S? RtNdPt60;Realtek NDIS Protocol Driver
S? SCMNdisP;General NDIS Protocol Driver
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? SftService;SoftThinks Agent Service
S? SSPORT;SSPORT
S? SvcOnlineArmor;Online Armor
S? UMVPFSrv;UMVPFSrv
S? WSWNA3100;WSWNA3100
.
=============== Created Last 30 ================
.
2013-09-21 12:47:56    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74311514-7E28-4BCC-9F95-315277573A74}\mpengine.dll
2013-09-20 12:51:18    --------    d-----w-    C:\Program Files (x86)\PC Utilities Software Limited
2013-09-20 12:51:17    --------    d-----w-    C:\SWSETUP
2013-09-20 12:49:47    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2013-09-20 11:07:04    --------    d-----w-    C:\Program Files (x86)\Advanced Fix 2013
2013-09-20 11:00:50    --------    d-----w-    C:\ProgramData\SecTaskMan
2013-09-20 11:00:38    --------    d-----w-    C:\Program Files (x86)\Security Task Manager
2013-09-20 10:53:24    --------    d-----w-    C:\Users\peter\AppData\Roaming\Systweak
2013-09-20 10:43:11    --------    d-----w-    C:\Program Files (x86)\DLLSuite
2013-09-15 11:37:16    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-11 09:32:51    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-09-11 09:31:41    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-09-07 10:41:21    965008    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F58915C-EE0E-47E6-B10C-BF47B89B6737}\gapaengine.dll
2013-09-03 13:53:52    187248    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-08-26 10:53:00    --------    d-----w-    C:\Users\peter\AppData\Local\{5E7A8679-998E-4360-A833-E7A5D4D7D17F}
.
==================== Find3M  ====================
.
2013-09-10 22:56:56    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 22:56:56    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-10 22:18:28    295696    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-08-10 05:22:18    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-10 05:20:59    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-04 13:19:00    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 13:18:55    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-04 13:18:55    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2011-03-10 16:10:45    303104    ----a-w-    C:\Program Files (x86)\Common Files\FDEUnInstaller.exe
.
============= FINISH: 14:02:46.34 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 09/03/2011 15:33:48
System Uptime: 21/09/2013 13:47:22 (1 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium® Dual-Core  CPU      E5800  @ 3.20GHz | CPU 1 | 3203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 391.302 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP503: 18/09/2013 10:53:22 - Windows Update
RP504: 19/09/2013 11:58:10 - Windows Update
RP505: 20/09/2013 11:29:10 - Windows Update
RP506: 20/09/2013 11:56:19 - RegClean Pro Fri, Sep 20, 13  11:56
RP507: 20/09/2013 15:29:11 - Windows Update
RP508: 20/09/2013 18:05:40 - Windows Update
RP509: 20/09/2013 23:16:40 - Windows Update
RP510: 20/09/2013 23:39:18 - Installed Microsoft Fix it 50123
RP511: 20/09/2013 23:41:20 - Windows Update
RP512: 21/09/2013 09:42:37 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Digital Editions 2.0
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 12.0
Amazon Kindle
American McGee's Alice
Bing Rewards Client Installer
CameraHelperMsi
CCleaner
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Diagnostic Utility
DirectX 9 Runtime
erLT
HiJackThis
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java 7 Update 25
JavaFX 2.1.1
Junk Mail filter update
Kaspersky Security Scan
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
My Dell
NETGEAR WNA3100 wireless USB 2.0 adapter
Online Armor 5.5
Panda Cloud Cleaner
PhotoShowExpress
Plants vs. Zombies
Rapport
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samsung ML-1510_700 Series
Screencast-O-Matic
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skype Click to Call
SkyPlayer for Windows Media Center
Sonic CinePlayer Decoder Pack
SpywareBlaster 5.0
swMSM
Trusteer Endpoint Protection
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Visual Studio 2008 x64 Redistributables
Windows Driver Package - Realtek (RTL8167) Net  (11/05/2009 7.009.1105.2009)
Windows Driver Package - Realtek (RTL8169) Net  (09/02/2009 6.227.0902.2009)
Windows Driver Package - Realtek Semiconductor Corp. (RTLE8023x64) Net  (11/25/2009 5.742.1125.2009)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
21/09/2013 13:49:09, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
21/09/2013 13:45:19, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
21/09/2013 13:43:49, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
21/09/2013 13:43:48, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21/09/2013 13:43:48, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/09/2013 13:43:46, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/09/2013 13:43:46, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/09/2013 13:43:45, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/09/2013 13:43:39, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/09/2013 13:43:25, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy OADevice oahlpXX OAmon Psched rdbss spldr tdx VWiFiFlt Wanarpv6 WfpLwf
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
21/09/2013 13:43:25, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
21/09/2013 10:05:59, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
20/09/2013 23:58:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2825947).
20/09/2013 23:55:33, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2817682).
20/09/2013 23:52:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2817474).
20/09/2013 23:49:33, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB2825621).
20/09/2013 23:45:41, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Excel 2003 (KB2810048).
20/09/2013 23:37:53, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {C39EE728-D419-4BD4-A3EF-EDA059DBD935} as /. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
20/09/2013 23:31:58, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
20/09/2013 17:27:49, Error: Service Control Manager [7022]  - The Rapport Management Service service hung on starting.
20/09/2013 15:51:33, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user peter-PC\Guest SID (S-1-5-21-3044956616-4222713586-387862504-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
20/09/2013 14:57:08, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
20/09/2013 11:19:53, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
19/09/2013 11:35:30, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.159.153.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9901.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
16/09/2013 13:30:04, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.157.1969.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9800.0      Error code: 0x8024001e      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
16/09/2013 13:15:28, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.157.1969.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9800.0      Error code: 0x8024402c      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
15/09/2013 23:13:42, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
.
==== End Of File ===========================

 

.

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

Kevin

Link to post
Share on other sites

Farbar reports attched as requested-  thanks for coming back so quickly

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2013
Ran by peter at 2013-09-21 15:12:17
Running from C:\Users\peter\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

7-Zip 9.20 (x32)
Adobe Digital Editions 2.0 (x32 Version: 2.0.1)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Amazon Kindle (HKCU)
American McGee's Alice (x32)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
CameraHelperMsi (x32 Version: 13.30.1395.0)
CCleaner (Version: 4.05)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Dock (Version: 2.0)
Dell Dock (x32 Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Diagnostic Utility (x32 Version: 1.00.0000)
DirectX 9 Runtime (x32 Version: 1.00.0000)
erLT (x32 Version: 1.20.138.34)
HiJackThis (x32 Version: 1.0.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java 7 Update 25 (x32 Version: 7.0.250)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Security Scan (x32 Version: 12.0.1.117)
Logitech Vid HD (x32 Version: 7.2 (7248))
Logitech Webcam Software (x32 Version: 2.0)
LWS Facebook (x32 Version: 13.30.1346.0)
LWS Gallery (x32 Version: 13.30.1379.0)
LWS Help_main (x32 Version: 13.30.1396.0)
LWS Launcher (x32 Version: 13.30.1379.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.30.1395.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.30.1379.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.30.1346.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
My Dell (Version: 3.3.6261.27)
NETGEAR WNA3100 wireless USB 2.0 adapter (x32 Version: 1.01.206)
Online Armor 5.5 (x32 Version: 5.5)
Panda Cloud Cleaner (x32 Version: 1.0.45)
PhotoShowExpress (x32 Version: 2.0.063)
Plants vs. Zombies (x32)
Rapport (Version: 3.5.1205.20)
Rapport (x32 Version: 3.5.1302.61)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5963)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Samsung ML-1510_700 Series (x32)
Screencast-O-Matic (HKCU)
Secunia PSI (2.0.0.3001) (x32)
Skype Click to Call (x32 Version: 5.10.9560)
SkyPlayer for Windows Media Center (x32 Version: 4.4.2.0)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
swMSM (x32 Version: 12.0.0.1)
Trusteer Endpoint Protection (x32 Version: 3.5.1302.61)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Windows Driver Package - Realtek (RTL8167) Net  (11/05/2009 7.009.1105.2009) (Version: 11/05/2009 7.009.1105.2009)
Windows Driver Package - Realtek (RTL8169) Net  (09/02/2009 6.227.0902.2009) (Version: 09/02/2009 6.227.0902.2009)
Windows Driver Package - Realtek Semiconductor Corp. (RTLE8023x64) Net  (11/25/2009 5.742.1125.2009) (Version: 11/25/2009 5.742.1125.2009)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

19-09-2013 10:58:10 Windows Update
20-09-2013 10:29:10 Windows Update
20-09-2013 10:56:19 RegClean Pro Fri, Sep 20, 13  11:56
20-09-2013 14:29:11 Windows Update
20-09-2013 17:05:40 Windows Update
20-09-2013 22:16:40 Windows Update
20-09-2013 22:39:18 Installed Microsoft Fix it 50123
20-09-2013 22:41:20 Windows Update
21-09-2013 08:42:37 Windows Update
21-09-2013 13:10:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {364BDE1D-1BF4-4A86-9251-E74AB800414A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {43C76315-3FC5-45C0-A612-4E37BFEAC956} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {4989B769-C354-4602-A010-810971FCFB7F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {5A8AA634-C51C-47ED-B707-D17FBF23211C} - System32\Tasks\User_Feed_Synchronization-{79F80D53-EFD8-4E4E-A388-F172E03D0CB2} => C:\Windows\system32\msfeedssync.exe [2013-03-16] (Microsoft Corporation)
Task: {6599884F-B3B7-42A7-88E4-CE772CF66081} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {6821FBB7-67B0-4DAA-9931-7D268FA5FB06} - System32\Tasks\{A243DEE4-9B5B-4F9A-898A-173DA23C400E} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {78E79042-CA9E-4A8A-BEF1-62C477C6DA7D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {81E36217-F520-4132-8A05-11D7D2EF613F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {824F0F60-8C21-40E7-8C50-39489216E6B1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {8C6D3157-E103-4272-B23D-89227FF87408} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {A0E7DB90-B648-4540-B41E-B8CCB818A9A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {A26F7887-938F-4F56-A29D-D7B059E83D0A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {A520CE43-D65D-46D7-99BC-B36ACF5A1EC9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3044956616-4222713586-387862504-1000
Task: {B55E7CCE-C1C9-47A5-8E5B-E57231AC36B0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {CC51195A-2E09-430F-9120-56D28BF8CCCE} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
Task: {FB8D460B-A3A9-4545-ABF9-75921D37553E} - System32\Tasks\{4685B0B8-CDF5-4CAC-B6E5-721DB8973283} => C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe [2010-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-10-03 22:24 - 2012-10-03 22:24 - 00636336 _____ (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oawatch64.dll
2010-11-10 22:54 - 2010-11-10 22:54 - 00177136 _____ (TODO: <Company name>) C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
2012-03-18 17:09 - 2012-10-03 22:22 - 00433944 _____ (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAevent64.dll
2011-02-11 18:45 - 2011-02-11 18:45 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-06-19 08:10 - 2013-09-16 13:09 - 00295664 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00548864 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\MSVCP80.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00626688 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\MSVCR80.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00096256 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\ATL80.DLL
2012-06-19 08:10 - 2013-09-16 13:09 - 00316144 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00626688 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\MSVCR80.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00548864 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\MSVCP80.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00096256 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\ATL80.DLL
2012-05-20 12:07 - 2013-09-16 13:09 - 00971504 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll
2012-06-19 08:10 - 2013-09-16 13:09 - 00951024 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00548864 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00626688 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll
2012-05-20 12:07 - 2013-09-16 13:09 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-03-25 11:44 - 2013-09-16 13:09 - 00246512 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB.dll
2013-03-25 11:44 - 2011-02-17 22:33 - 00548864 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCP80.dll
2013-03-25 11:44 - 2011-02-17 22:33 - 00626688 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\MSVCR80.dll
2012-06-19 08:10 - 2013-09-16 13:09 - 00230128 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00548864 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\MSVCP80.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00626688 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\MSVCR80.dll
2012-06-19 08:10 - 2011-02-17 22:33 - 00096256 _____ (Microsoft Corporation) C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\ATL80.DLL
2012-10-03 22:24 - 2012-10-03 22:24 - 01174496 _____ (Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oawatch.dll
2009-04-10 00:04 - 2009-04-10 00:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 22:53 - 2009-04-22 22:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00124320 _____ (FFMPEG.org) C:\Program Files (x86)\Logitech\Vid HD\avutil-49.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 03740560 _____ (FFMPEG.org) C:\Program Files (x86)\Logitech\Vid HD\avcodec-52.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00366768 _____ (FFMPEG.org) C:\Program Files (x86)\Logitech\Vid HD\avformat-52.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 01029464 _____ (dicas digital image coding GmbH) C:\Program Files (x86)\Logitech\Vid HD\H264VidEncodeAPI.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00079192 _____ (dicas digital image coding GmbH) C:\Program Files (x86)\Logitech\Vid HD\StreamIO2.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00103768 _____ (dicas digital image coding GmbH) C:\Program Files (x86)\Logitech\Vid HD\H264NvidiaVidDecodeAPI.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00427352 _____ (dicas digital image coding GmbH) C:\Program Files (x86)\Logitech\Vid HD\H264VidDecodeAPI.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00268048 _____ (LuraTech Imaging GmbH) C:\Program Files (x86)\Logitech\Vid HD\lwf_jp2.dll
2011-01-13 02:57 - 2011-01-13 02:57 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2011-08-19 10:26 - 2011-08-19 10:26 - 00183320 _____ () C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll
2012-04-25 19:52 - 2012-04-25 19:52 - 02126224 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-04-25 19:52 - 2012-04-25 19:52 - 07422352 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-04-25 19:52 - 2012-04-25 19:52 - 02453904 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-04-25 19:52 - 2012-04-25 19:52 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-04-25 19:52 - 2012-04-25 19:52 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-04-25 19:52 - 2012-04-25 19:52 - 00795024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-08-18 14:53 - 2013-08-18 14:53 - 00452608 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
2010-11-22 13:27 - 2010-11-22 13:27 - 00190960 _____ (Roxio, Inc.) c:\program files (x86)\common files\roxio shared\dllshared\rsl.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-08-22 15:47 - 2011-08-22 15:47 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-08-17 15:31 - 2013-08-17 15:31 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ======

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2013 09:42:24 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (09/20/2013 11:58:29 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2825947): OUTLFLTR' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSIf9ce1.LOG.

Error: (09/20/2013 11:58:06 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error: (09/20/2013 11:55:28 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 - Update 'Security Update for Word 2003 (KB2817682): WINWORD' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSIce16f.LOG.

Error: (09/20/2013 11:55:01 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error: (09/20/2013 11:52:29 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 - Update 'Security Update for Office 2003 (KB2817474): MSO' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSIa1f0b.LOG.

Error: (09/20/2013 11:52:02 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error: (09/20/2013 11:49:28 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 - Update 'Security Update for Office 2003 (KB2825621): FRONTPG' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI694e5.LOG.

Error: (09/20/2013 11:48:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error: (09/20/2013 11:45:35 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 - Update 'Security Update for Excel 2003 (KB2810048): EXCEL' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI2dc50.LOG.


System errors:
=============
Error: (09/21/2013 01:49:09 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (09/21/2013 01:45:19 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/21/2013 01:43:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/21/2013 01:43:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/21/2013 01:43:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/21/2013 01:43:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/21/2013 01:43:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/21/2013 01:43:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/21/2013 01:43:48 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/21/2013 01:43:48 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (09/21/2013 09:42:24 AM) (Source: Windows Backup)(User: )
Description: I:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (09/20/2013 11:58:29 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Standard Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2825947): OUTLFLTR1603C:\Windows\TEMP\MSIf9ce1.LOG(NULL)(NULL)

Error: (09/20/2013 11:58:06 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/20/2013 11:55:28 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Standard Edition 2003Security Update for Word 2003 (KB2817682): WINWORD1603C:\Windows\TEMP\MSIce16f.LOG(NULL)(NULL)

Error: (09/20/2013 11:55:01 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/20/2013 11:52:29 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Standard Edition 2003Security Update for Office 2003 (KB2817474): MSO1603C:\Windows\TEMP\MSIa1f0b.LOG(NULL)(NULL)

Error: (09/20/2013 11:52:02 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/20/2013 11:49:28 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Standard Edition 2003Security Update for Office 2003 (KB2825621): FRONTPG1603C:\Windows\TEMP\MSI694e5.LOG(NULL)(NULL)

Error: (09/20/2013 11:48:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value command to the registry key \Excel.CSV\shell\Print\command.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Program Files (x86)\Microsoft Office\OFFICE11\1033\PSS10R.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/20/2013 11:45:35 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Standard Edition 2003Security Update for Excel 2003 (KB2810048): EXCEL1603C:\Windows\TEMP\MSI2dc50.LOG(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 4060.98 MB
Available physical RAM: 2075.82 MB
Total Pagefile: 8120.15 MB
Available Pagefile: 5108.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.85 GB) (Free:392.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C8000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log =====================

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by peter (administrator) on PETER-PC on 21-09-2013 15:10:48
Running from C:\Users\peter\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAhlp.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files (x86)\Online Armor\oaui.exe [2415104 2012-10-03] (Emsisoft GmbH)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-20] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKCU\...\Run: [KSS] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.google.co.uk
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} -  No File
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {6905E720-BBAB-4CF1-9E54-4F3F345D14C6} URL = http://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.chatzum.com/?q={SearchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 -  No Name - {8B68564D-53FD-4293-B80C-993A9F3988EE} -  No File
Toolbar: HKLM-x32 -  No Name - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} -  No File
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @funwebproducts.com/Plugin - C:\Program Files (x86)\FunWebProducts\Installr\4.bin\NPFunWeb.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: gmailnoads - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\Extensions\gmailnoads@mywebber.com.xpi
FF Extension: No Name - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==================== Services (Whitelisted) =================

R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [216072 2012-10-03] (Emsisoft GmbH)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4463864 2012-10-03] (Emsisoft GmbH)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] ()

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [61632 2012-10-03] ()
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [61632 2012-10-03] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62016 2012-10-03] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62016 2012-10-03] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [40520 2012-10-03] (Emsisoft)
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [40520 2012-10-03] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35376 2012-10-03] (Emsisoft)
S3 PcdrNdisuio; C:\Windows\SysWow64\drivers\pcdrndisuio.sys [26192 2010-07-31] (Windows ® Codename Longhorn DDK provider)
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-09-16] ()
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-09-16] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)
S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [212992 2009-11-27] (Realtek Semiconductor Corporation                           )
S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [574592 2006-08-24] (ZyDAS Technology Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-21 15:10 - 2013-09-21 15:10 - 00000000 ____D C:\FRST
2013-09-21 15:09 - 2013-09-21 15:09 - 01956670 _____ (Farbar) C:\Users\peter\Downloads\FRST64.exe
2013-09-21 14:14 - 2013-09-21 14:14 - 00017610 _____ C:\Users\peter\Documents\DDS.txt
2013-09-21 14:14 - 2013-09-21 14:14 - 00017224 _____ C:\Users\peter\Documents\Attach dds file.txt
2013-09-21 14:03 - 2013-09-21 14:03 - 00017224 _____ C:\Users\peter\Desktop\attach.txt
2013-09-21 14:03 - 2013-09-21 14:02 - 00017610 _____ C:\Users\peter\Desktop\dds.txt
2013-09-21 13:53 - 2013-09-21 13:53 - 00688992 ____R (Swearware) C:\Users\peter\Downloads\dds.scr
2013-09-20 15:22 - 2013-09-20 15:22 - 00083456 _____ (SystemInfoLOG v0912) C:\Users\peter\Downloads\SystemInfoLOG130912.exe
2013-09-20 13:51 - 2013-09-21 13:38 - 00000000 ____D C:\Program Files (x86)\PC Utilities Software Limited
2013-09-20 13:51 - 2013-09-20 13:51 - 00000000 ____D C:\SWSETUP
2013-09-20 13:49 - 2013-09-20 14:56 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-20 12:07 - 2013-09-20 14:54 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2013-09-20 12:00 - 2013-09-20 15:14 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-09-20 12:00 - 2013-09-20 15:14 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-09-20 11:53 - 2013-09-20 14:55 - 00000000 ____D C:\Users\peter\AppData\Roaming\Systweak
2013-09-20 11:43 - 2013-09-20 11:43 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-09-16 13:19 - 2013-09-21 13:48 - 00001512 _____ C:\Windows\setupact.log
2013-09-16 13:19 - 2013-09-16 13:19 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 14:57 - 2013-09-12 14:58 - 19845120 _____ C:\Users\peter\Downloads\AdbeRdrUpd1018.msp
2013-09-11 14:21 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 14:21 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 14:21 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 14:21 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 14:21 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 14:21 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 14:21 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 14:21 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 14:21 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 14:21 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 14:21 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 14:21 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 14:21 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 14:21 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 10:32 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:32 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 10:32 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 10:32 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 10:32 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 10:32 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 10:32 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:32 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 10:32 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:32 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 10:32 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 10:32 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 10:32 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 10:32 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 10:32 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:32 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 10:32 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 10:32 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 10:32 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 10:32 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 10:32 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:32 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:31 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:31 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:31 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 10:31 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 10:31 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-04 11:08 - 2013-09-04 11:09 - 04454952 _____ (Piriform Ltd) C:\Users\peter\Downloads\ccsetup405.exe
2013-08-26 11:53 - 2013-08-26 11:53 - 00000000 ____D C:\Users\peter\AppData\Local\{5E7A8679-998E-4360-A833-E7A5D4D7D17F}
2013-08-26 11:52 - 2013-08-26 11:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-24 14:21 - 2013-08-24 14:21 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-24 14:19 - 2013-08-24 14:23 - 00000000 ____D C:\Users\peter\Documents\castle2
2013-08-22 10:06 - 2013-08-22 10:08 - 00000000 ____D C:\Users\peter\AppData\Roaming\coupons

==================== One Month Modified Files and Folders =======

2013-09-21 15:10 - 2013-09-21 15:10 - 00000000 ____D C:\FRST
2013-09-21 15:09 - 2013-09-21 15:09 - 01956670 _____ (Farbar) C:\Users\peter\Downloads\FRST64.exe
2013-09-21 14:56 - 2013-07-27 19:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 14:50 - 2009-07-14 06:10 - 01743546 _____ C:\Windows\WindowsUpdate.log
2013-09-21 14:14 - 2013-09-21 14:14 - 00017610 _____ C:\Users\peter\Documents\DDS.txt
2013-09-21 14:14 - 2013-09-21 14:14 - 00017224 _____ C:\Users\peter\Documents\Attach dds file.txt
2013-09-21 14:03 - 2013-09-21 14:03 - 00017224 _____ C:\Users\peter\Desktop\attach.txt
2013-09-21 14:02 - 2013-09-21 14:03 - 00017610 _____ C:\Users\peter\Desktop\dds.txt
2013-09-21 13:57 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-21 13:57 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-21 13:53 - 2013-09-21 13:53 - 00688992 ____R (Swearware) C:\Users\peter\Downloads\dds.scr
2013-09-21 13:49 - 2011-03-09 16:36 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-21 13:49 - 2011-03-09 16:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-21 13:49 - 2011-03-04 12:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-21 13:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-21 13:48 - 2013-09-16 13:19 - 00001512 _____ C:\Windows\setupact.log
2013-09-21 13:47 - 2011-04-18 23:19 - 00000000 ____D C:\Users\Guest
2013-09-21 13:47 - 2011-03-12 14:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-21 13:47 - 2011-03-09 16:33 - 00000000 ____D C:\Users\peter
2013-09-21 13:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-21 13:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-09-21 13:38 - 2013-09-20 13:51 - 00000000 ____D C:\Program Files (x86)\PC Utilities Software Limited
2013-09-21 09:30 - 2011-04-18 23:20 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-21 09:30 - 2011-04-18 23:19 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 09:30 - 2011-03-04 11:56 - 00000000 ____D C:\Intel
2013-09-21 09:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-21 09:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-09-21 09:26 - 2012-05-19 16:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-20 15:22 - 2013-09-20 15:22 - 00083456 _____ (SystemInfoLOG v0912) C:\Users\peter\Downloads\SystemInfoLOG130912.exe
2013-09-20 15:21 - 2011-03-13 10:54 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{79F80D53-EFD8-4E4E-A388-F172E03D0CB2}
2013-09-20 15:14 - 2013-09-20 12:00 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-09-20 15:14 - 2013-09-20 12:00 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-09-20 14:56 - 2013-09-20 13:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-20 14:55 - 2013-09-20 11:53 - 00000000 ____D C:\Users\peter\AppData\Roaming\Systweak
2013-09-20 14:54 - 2013-09-20 12:07 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2013-09-20 13:51 - 2013-09-20 13:51 - 00000000 ____D C:\SWSETUP
2013-09-20 11:43 - 2013-09-20 11:43 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-09-16 13:37 - 2012-03-18 17:09 - 00000000 ____D C:\Program Files (x86)\Online Armor
2013-09-16 13:19 - 2013-09-16 13:19 - 00000000 _____ C:\Windows\setuperr.log
2013-09-16 13:16 - 2011-03-04 20:21 - 00000000 ____D C:\Windows\Panther
2013-09-15 16:02 - 2011-03-04 12:14 - 00000000 ____D C:\ProgramData\Sonic
2013-09-13 13:48 - 2013-01-11 15:01 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 14:58 - 2013-09-12 14:57 - 19845120 _____ C:\Users\peter\Downloads\AdbeRdrUpd1018.msp
2013-09-11 16:40 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 16:35 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2013-09-11 16:26 - 2011-03-09 16:36 - 00000000 ___RD C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 16:26 - 2011-03-09 16:33 - 00000000 ___RD C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 16:24 - 2009-07-14 05:45 - 00341184 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 13:15 - 2013-07-12 21:24 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 13:13 - 2011-03-10 16:16 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 23:56 - 2013-07-27 19:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-10 23:56 - 2013-07-27 19:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-10 23:56 - 2013-07-27 19:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-10 23:18 - 2011-03-12 19:08 - 00295696 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-09-04 11:09 - 2013-09-04 11:08 - 04454952 _____ (Piriform Ltd) C:\Users\peter\Downloads\ccsetup405.exe
2013-09-04 11:09 - 2013-05-12 11:29 - 00000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-04 11:09 - 2013-05-12 11:29 - 00000000 ____D C:\Program Files\CCleaner
2013-09-01 13:04 - 2011-05-28 23:14 - 00019301 _____ C:\Windows\system32\lvcoinst.log
2013-09-01 13:03 - 2013-05-22 11:51 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-08-30 11:24 - 2011-03-12 14:16 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-08-26 11:53 - 2013-08-26 11:53 - 00000000 ____D C:\Users\peter\AppData\Local\{5E7A8679-998E-4360-A833-E7A5D4D7D17F}
2013-08-26 11:52 - 2013-08-26 11:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-24 14:23 - 2013-08-24 14:19 - 00000000 ____D C:\Users\peter\Documents\castle2
2013-08-24 14:21 - 2013-08-24 14:21 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-22 10:08 - 2013-08-22 10:06 - 00000000 ____D C:\Users\peter\AppData\Roaming\coupons

Files to move or delete:
====================
C:\Users\peter\jagex_runescape_preferences.dat
C:\Users\peter\jagex_runescape_preferences2.dat


Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\4zx4jyl7.dll
C:\Users\Guest\AppData\Local\Temp\5kvwtour.dll
C:\Users\Guest\AppData\Local\Temp\5x35yd-o.dll
C:\Users\Guest\AppData\Local\Temp\t417_avd.dll
C:\Users\Guest\AppData\Local\Temp\w9nxpspc.dll
C:\Users\Guest\AppData\Local\Temp\ysb7zy36.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 10:01

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes, check for updates and run Quick scan. Remove anything found and post the log....

 

Let me see the logs from above...

 

Kevin

Link to post
Share on other sites

Kevin

 

soryy about delayed reply-have run into problems Adw cleaner shuts down computer after undertaking the clean up - the result has been I have had to via windows restore to get back to you-also the log file from adw cleaner was not produced when i first had to start in safe mode so it all ahd to be repeated.

I think I have now got everything as you asked -but unfortunately still  have the same problem as at the outset.

Correction -now cannot run Malware -comes up withrun time error 5 -Invalid procedure call or arguement.

 

Trying to download a new copy but the programme seems to want to restart my computer again. In view of problems this causes am sending what I have now -will attempt to get a copy of the malware report when i can overcome the run time error/restarting the computer.

Logs follow:-

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2013
Ran by peter at 2013-09-21 16:45:06 Run:1
Running from C:\Users\peter\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.chatzum.com/?q={SearchTerms}
C:\Users\peter\jagex_runescape_preferences.dat
C:\Users\peter\jagex_runescape_preferences2.dat
C:\Users\Guest\AppData\Local\Temp\4zx4jyl7.dll
C:\Users\Guest\AppData\Local\Temp\5kvwtour.dll
C:\Users\Guest\AppData\Local\Temp\5x35yd-o.dll
C:\Users\Guest\AppData\Local\Temp\t417_avd.dll
C:\Users\Guest\AppData\Local\Temp\w9nxpspc.dll
C:\Users\Guest\AppData\Local\Temp\ysb7zy36.dll
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
End

*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key deleted successfully.
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found.
C:\Users\peter\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\peter\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\4zx4jyl7.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\5kvwtour.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\5x35yd-o.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\t417_avd.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\w9nxpspc.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\ysb7zy36.dll => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

 AdwCleaner v3.004 - Report created 21/09/2013 at 16:54:42
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : peter - PETER-PC
# Running from : C:\Users\peter\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\peter\AppData\Local\Babylon
Folder Deleted : C:\Users\peter\AppData\Local\PackageAware
Folder Deleted : C:\Users\peter\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\peter\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\peter\AppData\Roaming\iWin
Folder Deleted : C:\Users\peter\AppData\Roaming\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_open-freely_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_open-freely_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "%7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7,gmailnoads%40mywebber.com:3.9.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");

*************************

AdwCleaner[R0].txt - [4813 octets] - [21/09/2013 16:50:11]
AdwCleaner[s0].txt - [4577 octets] - [21/09/2013 16:54:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4637 octets] ##########
# AdwCleaner v3.004 - Report created 21/09/2013 at 17:15:37
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : peter - PETER-PC
# Running from : C:\Users\peter\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_open-freely_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_open-freely_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "%7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7,gmailnoads%40mywebber.com:3.9.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");

*************************

AdwCleaner[R0].txt - [9440 octets] - [21/09/2013 16:50:11]
AdwCleaner[s0].txt - [8958 octets] - [21/09/2013 16:54:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9018 octets] ##########
 

Link to post
Share on other sites

Judging by what was originally found with FRST and the run time errors It would seem there will still be an infection of sorts on your system, the malicious files running from Users temp folder is a strong clue... Although we have removed those files there is more to find....

 

If the system is running see if you can d/l and run the following:

 

download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe    <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

 

  •  

     

  • Make sure to get the correct version for your system.

     

     

  • Quit all running programs

     

     

  • Please disconnect any USB or external drives from the computer before you run this scan!

     

     

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe

     

     

  • Wait until Prescan has finished...

     

     

  • The following EULA will appear, please select accept

     

     

    RKLicence.png

     

     

  • Ensure MBR scan, Check faked and AntiRootkit are checked

     

     

  • Select Scan

     

     

    RK1A.png

     

     

  • When the scan completes select Report, copy and paste that to your reply.

     

     

    RK2A.png

     

     

  • The log should be found in RKreport[?].txt on your Desktop

     

     

  • Exit/Close RogueKiller

     

     

 

Link to post
Share on other sites

Kevin

 

sorry! - rogue killer report enclosed.

 

RogueKiller V8.6.12 [sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : peter [Admin rights]
Mode : Scan -- Date : 09/21/2013 20:08:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3500418AS +++++
--- User ---
[MBR] 326d804b5f7a819079b0d556e74a75e2
[bSP] 33129a6709b0ca68e094b78b87d664e8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 14142 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29171712 | Size: 462695 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09212013_200802.txt >>

 

Malware report now attached

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 913092108

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.10.9200.16686

21/09/2013 19:51:58
mbam-log-2013-09-21 (19-51-58).txt

Scan type: Quick scan
Objects scanned: 221294
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\peter\downloads\systeminfolog130912.exe (Trojan.MSIL.Agent) -> Quarantined and deleted successfully.

Obviously going barmy in my old age!!

 

Peter


 

Link to post
Share on other sites

Yep I`m in that gang, brain farts and wot not.... RK log is not showing any major problems...

 

OK run the following :-

 

dr_web_cureit_zpse80d87bf.jpg

 

  •  

     

  • Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB

     

     

  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.

     

     

  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.

     

     

  • Shutdown your Antivirus to avoid any conflicts while scanning.

     

     

  • Once the scans have completed please re-enable your antivirus.

     

     

  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules

     

     

  • If needed you can also temporarily disable it from starting with Windows

     

     

  • Temporarily turn off any other security add-ons or applications you may also have.

     

     

  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.

     

     

  • If it does not have a Digital Signature then do not run it.

     

     

  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.

     

     

  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.

     

     

  • Click on the Yes button to start the installer.

     

     

  • Click OK to scan your computer in the Enhanced Protection Mode

     

     

  • Click on the check box to agree to participate in their software improvement program.

     

     

  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.

     

     

  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.

     

     

  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.

     

     

  • Then click on the Start scanning button.

     

     

  • If a threat is found you can click on the Action column in the program.

     

     

  • Your options will be Cure or Ignore

     

     

  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.

     

     

  • Then click on the Neutralize button.

     

     

  • Once completed click on the green Open Report link. It will open the report in NOTEPAD.

     

     

  • Save the report to your desktop. The report will be called Cureit.log

     

     

  • Close Dr.Web Cureit!

     

     

  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.

     

     

  • After reboot, attach the log Cureit.log you saved previously in your next reply.

     

     

  • Re-Enable your antivirus and other security programs when all done.

     

     

 

 

 

Link to post
Share on other sites

Kevin

 

Ran DrWEb cureit-missed the report button!!-but deleted the single entry shown-popcaploader-a games function Im fairly sure - but it is still deleted.

 

Rebooted computer and it behaved properly -you are a star!.

 

By the way - did I miss something when I ran Rogue KIller - there were 4 registry entries shown -which were not deleted or touched in any way - is that correct?

 

Once again many thanks for your help throughout this.

 

 

Peter

Link to post
Share on other sites

RK log entries are OK nothing to worry about, Go the following link for instructions to perform a clean boot:

 

http://support.microsoft.com/kb/929135

 

Expand the plus sign next to the relevant system and follow the instructions, maybe print them off and read a couple of times if you are unfamiliar with the procedure. Let me know how your system responds in a clean boot state..

 

Kevin

Link to post
Share on other sites

Kevin

 

Thought I would sleep on it before trying the clean reboot - especially after reading the instructions-actually once you get into them they are quite straightforward arent they.

 

Results-first try got as far as the services screen and to ticking OK before restarting. Everything froze up and only thing that would move was the mouse pointer-unable to shut down other than by unplugging computer.

Woulod not start normally - had to go via safe mode and system restore.

Second try- all went as expected until I got to restarting the computer- it would not shut down - windows said that system exe was playing the log off sound-I  was interupted and had to leave it -30 minutes later still playing the log off sound.

Unplugged computer and then restarted via safe mode route- once screen got as far as the password prompt - I used the shut down facility to restart normally. Hey presto - windows opened normally and went all the way through cleanly.

 

So I reconfigured the start options via msconfig.exe as per the windows guide and computer has now restarted  properly 3 times so far. I say properly in that it gets open without any major problem but seems a little slow to get there :--screen shows normal windows start - password screen shows -enter password-accepted-screen shows -wait - for longer than it used to-then goes to blue screen with egg timer running- eggtimer goes -blue screen only- again for longer than expected- then goes to normal wallpaper and programmes load. The extra time here is possibly a minute or two whereas in the past it was quite quick to get to the wallpaper screen.

 

I have to say much much improved - dare I say better than that?

 

Will await your judgement

 

Peter

Link to post
Share on other sites

Download OTLI.gifOTL from any of the following links and save to your Desktop:

 

http://oldtimer.geekstogo.com/OTL.exe

http://itxassociates.com/OT-Tools/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.scr

 


  •    
  • Double click on the icon otlDesktopIcon.png to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
       
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
       
  • Select Scan all users
       
  • Under the Extra Registry section, check Use SafeList
       
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
       
  • Under the Custom Scan box paste this in:
     
    netsvcs%systemroot%\*. /mp /s%systemroot%\*. /rp /smsconfig%SYSTEMDRIVE%\*.exe%LOCALAPPDATA%\*.exe/md5startconsrv.dllexplorer.exewinlogon.exeUserinit.exesvchost.exe/md5stopCREATERESTOREPOINT
     
       
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.
       
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
       
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Link to post
Share on other sites

Kevin

reports apparently too long for one post so heres the first

 

OTL Extras logfile created on: 9/22/2013 1:28:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.97 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.02% Memory free
7.93 Gb Paging File | 5.53 Gb Available in Paging File | 69.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.85 Gb Total Space | 391.24 Gb Free Space | 86.59% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3044956616-4222713586-387862504-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3CF685-ACF6-4637-8905-81892EFEDE3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31EEC0B8-641F-47EC-945F-0A1A8B54EEA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{448EA608-C06E-4DE9-B1EB-351A2FE5C857}" = rport=138 | protocol=17 | dir=out | app=system |
"{57CAA9EF-D580-41F0-BAEC-B78FB1F4BD6A}" = rport=139 | protocol=6 | dir=out | app=system |
"{61662E49-E7CC-4517-B912-802B118C380E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E5B228D-E3BB-45A7-9C62-1C2577783474}" = rport=137 | protocol=17 | dir=out | app=system |
"{70B41153-E744-43B8-8E81-6E739655F045}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7328747F-8163-4AD9-8C45-6600617BB3CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75F28AC1-EF1C-45E1-8A0B-A8CD9068BEB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{881BB4E7-551F-4547-A384-9645BEF0FE28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90A1DE12-4D16-4A15-AB1E-2565FE7243DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96180A4F-918E-4B46-9BE7-B4202A85BC97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AFBC586-D6AA-428F-AA58-7948791A6F14}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A0B0BEDE-B653-4C9E-8225-98E06E8FCE89}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2F69EBD-6E64-49A2-967D-668B45B0C883}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AF6FDBA0-C902-47F7-B23C-63D3BBFFA86A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B97D5155-D82F-4092-9F8C-C8D470917AD2}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3CE43BD-CD8D-4325-9A4B-4EF424B5ED5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4799BDD-9CCC-4A34-85FF-B30D9B0EC1FA}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5E1E9E6-2027-493B-93B0-44F3AAE0DC7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC347F91-BAF6-4CE4-BDC3-34DE6194D058}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECAB3D11-2024-4D59-8CD9-6D03CB68AD10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F391E745-91D0-4CE5-8B38-DB852F679378}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F453039C-8FB3-45AF-8C80-204574CBC2A8}" = lport=137 | protocol=17 | dir=in | app=system |
"{FF0A2EF7-F9DB-4C3F-A3CD-428510518822}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F90325-EBD5-4AFB-9815-431D6ECDB509}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{0A0018DB-AF42-4FED-8FC1-8E523A0316B6}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{0F3C9056-714E-4C26-BE1B-1251696BB2B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{157DDFFA-7D18-47C3-B846-C8AF8B862A79}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{1BFF454D-10A9-48A6-B0FF-C748C47813EE}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{27D7AE11-D646-4AA8-B28F-5A7754CB20A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30E09457-EA24-4091-8607-A4FD186F68C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38BEB3B8-3E0C-4482-A9A2-2E9D9DA5D85B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44B17437-06C3-4981-96A7-DDE41ACF65F4}" = protocol=6 | dir=in | app=c:\users\peter\appdata\roaming\utorrent\utorrent.exe |
"{4C4B8FB4-1B95-4904-8B0F-B8EF61B67525}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CE4E7E0-10B5-4079-B742-D2B7ED5E6263}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55DB78E0-9816-4335-BFFC-E06C82218FAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{586BA6B5-F3F6-4387-BA70-8F3089ACFFC5}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{5941E719-48D7-43C0-A1CB-2BEB0694799B}" = protocol=6 | dir=out | app=system |
"{598926AF-164B-4E34-8133-8B04EF3116AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59D057BD-4521-4430-BFF9-4F2B8B847715}" = protocol=17 | dir=in | app=c:\users\peter\appdata\roaming\utorrent\utorrent.exe |
"{5CA1D7D8-4212-4D08-9E29-B287E77C04A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F561B19-3214-43C5-928D-5C50404F4553}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{64884454-5386-4ED9-A8B5-1209BAB0B31F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{812DA1D0-DA1F-4EDC-BF09-290A7B5C5937}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8514F307-BEC1-43C2-8178-F4DEE235E986}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DAA8A65-F95C-4442-AFA1-B1D1C9EF88D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F0F040C-102A-4809-B1AA-FCE83BFB2B2B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CAAC503-81FB-4819-B89B-CABEC758DB52}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B0F8BA11-756C-490B-9AEF-98476293ED7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD62FBFC-375A-42D5-AF41-2D15230D7FE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4E62381-95BE-44D5-87B6-8C9F5232E324}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5B338E7-3DBB-45D4-B71F-EC51749A757D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D842BFB2-1619-4483-B146-2FFB7E0A21BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F0895820-938F-417E-B3AE-B837456559E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{79E76B78-472B-40E1-9B77-61A20A867329}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{F8672288-C4CF-4E2F-BC8C-021709539C19}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0832A37FBEDDDCEBE59E6EE45424D02F9A821BD0" = Windows Driver Package - Realtek (RTL8169) Net  (09/02/2009 6.227.0902.2009)
"574C023BAAE2CDC70C4BB7CC9371E3D842F7EEE4" = Windows Driver Package - Realtek (RTL8167) Net  (11/05/2009 7.009.1105.2009)
"6F052E4795F390FE6A484435D7D64C2C2D1BA826" = Windows Driver Package - Realtek Semiconductor Corp. (RTLE8023x64) Net  (11/25/2009 5.742.1125.2009)
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0099B484-C24C-4D5F-8167-B0F6DF196E72}" = Adobe Shockwave Player 12.0
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Dell Dock" = Dell Dock
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnlineArmor_is1" = Online Armor 5.5
"Plants vs. Zombies" = Plants vs. Zombies
"Rapport_msi" = Trusteer Endpoint Protection
"Samsung ML-1510_700 Series" = Samsung ML-1510_700 Series
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpywareBlaster_is1" = SpywareBlaster 5.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3044956616-4222713586-387862504-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Screencast-O-Matic" = Screencast-O-Matic
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/20/2013 6:44:02 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 11406
Description =
 
Error - 9/20/2013 6:45:35 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 9/20/2013 6:48:38 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 11406
Description =
 
Error - 9/20/2013 6:49:28 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 9/20/2013 6:52:02 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 11406
Description =
 
Error - 9/20/2013 6:52:29 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 9/20/2013 6:55:01 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 11406
Description =
 
Error - 9/20/2013 6:55:28 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 9/20/2013 6:58:06 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 11406
Description =
 
Error - 9/20/2013 6:58:29 PM | Computer Name = peter-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 9/21/2013 4:42:24 AM | Computer Name = peter-PC | Source = Windows Backup | ID = 4103
Description =
 
[ Dell Events ]
Error - 7/14/2011 9:10:18 AM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 7/21/2011 10:56:03 AM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 7/21/2011 10:56:03 AM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 7/28/2011 11:21:56 AM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 7/28/2011 11:21:56 AM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 9/1/2011 5:55:25 PM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 9/1/2011 5:55:25 PM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 9/19/2011 5:44:38 PM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 9/19/2011 5:44:38 PM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 11/7/2011 7:12:38 PM | Computer Name = peter-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ Media Center Events ]
Error - 7/30/2011 10:42:14 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 15:42:13 - Error connecting to the internet.  15:42:13 -     Unable
to contact server..  
 
Error - 8/3/2011 8:07:26 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 13:07:26 - Error connecting to the internet.  13:07:26 -     Unable
to contact server..  
 
Error - 8/3/2011 8:07:34 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 13:07:31 - Error connecting to the internet.  13:07:31 -     Unable
to contact server..  
 
Error - 3/18/2012 3:58:30 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 07:58:26 - Error connecting to the internet.  07:58:26 -     Unable
to contact server..  
 
Error - 6/8/2012 5:43:40 PM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 22:43:40 - Error connecting to the internet.  22:43:40 -     Unable
to contact server..  
 
Error - 6/8/2012 5:43:50 PM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 22:43:45 - Error connecting to the internet.  22:43:45 -     Unable
to contact server..  
 
Error - 7/1/2012 8:10:59 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 13:10:59 - Error connecting to the internet.  13:10:59 -     Unable
to contact server..  
 
Error - 7/1/2012 8:11:24 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 13:11:05 - Error connecting to the internet.  13:11:05 -     Unable
to contact server..  
 
Error - 7/1/2012 9:11:31 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 14:11:31 - Error connecting to the internet.  14:11:31 -     Unable
to contact server..  
 
Error - 7/1/2012 9:11:39 AM | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 14:11:36 - Error connecting to the internet.  14:11:36 -     Unable
to contact server..  
 
[ System Events ]
Error - 9/22/2013 6:23:15 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/22/2013 6:23:16 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/22/2013 6:23:16 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/22/2013 6:23:16 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/22/2013 6:23:16 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/22/2013 6:23:16 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/22/2013 6:23:16 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 9/22/2013 6:23:52 AM | Computer Name = peter-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/22/2013 6:26:38 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%20
 
Error - 9/22/2013 6:28:03 AM | Computer Name = peter-PC | Source = Service Control Manager | ID = 7034
Description = The Rapport Management Service service terminated unexpectedly.  It
 has done this 1 time(s).
 
 
< End of report >

Link to post
Share on other sites

Kevin

Heres the second

 

OTL logfile created on: 9/22/2013 1:28:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.97 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.02% Memory free
7.93 Gb Paging File | 5.53 Gb Available in Paging File | 69.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.85 Gb Total Space | 391.24 Gb Free Space | 86.59% Space Free | Partition Type: NTFS
 
Computer Name: PETER-PC | User Name: peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/22 13:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\peter\Downloads\OTL.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/03 22:24:08 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2012/10/03 22:23:44 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAsrv.exe
PRC - [2012/10/03 22:22:44 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2012/10/03 22:22:29 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/09/06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/01/10 15:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/12 12:11:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/01/11 19:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/16 13:09:52 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/09/11 10:41:30 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/11 10:41:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 14:54:25 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/08/18 14:53:13 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/18 13:46:42 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/08/18 13:46:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/18 13:46:21 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/18 13:46:18 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/08/18 13:46:08 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/18 13:46:01 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/18 13:45:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/18 13:45:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 09:16:57 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/12 09:15:23 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/19 10:26:16 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/13 02:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/13 02:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/11 19:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/09/10 23:56:57 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/08/17 15:31:53 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/03 22:23:44 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/03 22:22:29 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/12 12:11:24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/10 23:18:28 | 000,295,696 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/10/03 22:24:39 | 000,035,376 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 07:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/19 10:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/27 07:19:56 | 000,212,992 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/20 19:27:34 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 13:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/03/02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2008/10/24 19:55:28 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/24 19:55:28 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2007/12/03 19:20:54 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006/08/24 06:43:54 | 000,574,592 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)
DRV - [2013/09/16 13:09:51 | 000,218,672 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys -- (RapportIaso)
DRV - [2013/09/16 13:09:48 | 000,589,872 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys -- (RapportCerberus_56758)
DRV - [2013/09/10 23:18:30 | 000,265,872 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/09/10 23:18:28 | 000,384,432 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/10/03 22:24:39 | 000,040,520 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/03 22:24:38 | 000,061,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2012/10/03 22:22:44 | 000,062,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:/www.google.co.uk
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\..\SearchScopes\{6905E720-BBAB-4CF1-9E54-4F3F345D14C6}: "URL" = http://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-3044956616-4222713586-387862504-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\4.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/21 09:30:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/21 09:30:12 | 000,000,000 | ---D | M]
 
[2011/03/10 16:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peter\AppData\Roaming\Mozilla\Extensions
[2013/09/20 14:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions
[2013/08/06 15:51:22 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\gmailnoads@mywebber.com.xpi
[2013/08/06 15:46:04 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/08/06 15:57:00 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 15:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 15:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 15:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 15:31:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3044956616-4222713586-387862504-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3


O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE5A145-0319-429D-8A61-D5B364665CC8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93F760F4-C83A-4126-948B-E93F2E31C50B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/21 20:58:30 | 000,000,000 | ---D | C] -- C:\Users\peter\Doctor Web
[2013/09/21 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\peter\Desktop\RK_Quarantine
[2013/09/21 16:47:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/21 15:10:29 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/20 13:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utilities Software Limited
[2013/09/20 13:51:17 | 000,000,000 | ---D | C] -- C:\SWSETUP
[2013/09/20 12:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Fix 2013
[2013/09/20 12:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/09/20 12:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/09/20 11:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DLLSuite
[2013/09/16 13:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2013/09/11 14:21:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 14:21:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 14:21:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 14:21:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 14:21:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 14:21:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 14:21:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 14:21:54 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 14:21:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 14:21:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 14:21:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 14:21:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 14:21:50 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 14:21:50 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 14:21:49 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 10:32:51 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 10:32:37 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 10:32:37 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 10:32:37 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 10:32:37 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 10:32:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 10:32:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 10:32:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 10:32:34 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 10:32:32 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 10:32:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 10:32:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 10:32:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 10:32:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 10:32:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 10:32:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 10:32:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 10:32:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 10:32:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 10:32:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 10:32:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 10:32:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 10:32:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 10:32:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 10:32:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 10:32:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 10:32:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 10:32:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 10:32:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 10:32:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 10:32:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 10:32:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 10:32:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 10:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 10:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 10:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 10:32:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 10:32:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 10:32:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 10:32:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 10:32:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 10:32:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 10:32:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 10:32:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 10:32:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 10:32:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 10:32:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 10:32:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 10:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 10:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 10:32:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 10:32:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 10:32:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 10:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 10:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 10:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 10:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 10:32:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 10:32:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 10:32:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 10:32:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 10:32:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 10:32:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 10:32:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 10:32:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 10:32:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 10:32:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 10:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 10:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 10:32:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 10:32:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 10:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 10:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 10:32:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 10:32:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 10:32:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 10:32:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 10:32:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 10:31:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/08/26 11:53:00 | 000,000,000 | ---D | C] -- C:\Users\peter\AppData\Local\{5E7A8679-998E-4360-A833-E7A5D4D7D17F}
[2013/08/24 14:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/08/24 14:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/08/24 14:19:05 | 000,000,000 | ---D | C] -- C:\Users\peter\Documents\castle2
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/22 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/22 11:33:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 11:33:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 11:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/22 11:25:32 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 00:01:47 | 000,295,600 | ---- | M] () -- C:\Users\peter\Documents\2 fig in boot ini.PNG
[2013/09/21 23:56:31 | 000,271,692 | ---- | M] () -- C:\Users\peter\Documents\sys config fig4.PNG
[2013/09/21 23:51:42 | 000,270,434 | ---- | M] () -- C:\Users\peter\Documents\Unsys config 3.png
[2013/09/13 13:48:18 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/09/11 16:24:46 | 000,341,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/10 23:56:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/10 23:56:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/10 23:18:28 | 000,295,696 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2013/09/04 11:09:37 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/26 11:52:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013/09/22 10:06:36 | 000,001,940 | ---- | C] () -- C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2013/09/22 00:02:02 | 000,295,600 | ---- | C] () -- C:\Users\peter\Documents\2 fig in boot ini.PNG
[2013/09/21 23:57:16 | 000,271,692 | ---- | C] () -- C:\Users\peter\Documents\sys config fig4.PNG
[2013/09/21 23:52:15 | 000,270,434 | ---- | C] () -- C:\Users\peter\Documents\Unsys config 3.png
[2013/08/26 11:52:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/20 23:37:18 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/19 16:10:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/18 17:09:31 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/03/18 17:09:31 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/15 07:35:08 | 000,007,605 | ---- | C] () -- C:\Users\peter\AppData\Local\Resmon.ResmonCfg
[2011/03/29 17:33:26 | 000,000,000 | ---- | C] () -- C:\Users\peter\AppData\Local\rx_image32.Cache
[2011/03/10 00:09:15 | 000,303,104 | ---- | C] () -- C:\Program Files (x86)\Common Files\FDEUnInstaller.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/04/28 15:30:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/04/28 15:30:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/04/18 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OnlineArmor
[2011/04/18 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Trusteer
[2013/07/10 16:27:40 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Unity
[2011/03/12 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\AVG10
[2013/08/22 10:08:23 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\coupons
[2012/09/20 00:00:29 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\FreeTorrentViewer
[2012/05/27 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Keynote Systems
[2011/05/28 23:23:38 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Leadertech
[2012/03/18 17:10:51 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\OnlineArmor
[2011/03/14 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\PCDr
[2011/03/13 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\PlayFirst
[2012/05/19 15:58:00 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\SoftGrid Client
[2011/05/01 17:20:06 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\TP
[2011/03/12 19:07:33 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Trusteer
[2013/08/06 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\uTorrent
[2011/03/10 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\*. /rp /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/03/04 20:37:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/03/04 20:37:44 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/03/04 20:37:28 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/03/04 20:37:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/03/04 20:37:44 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/03/04 20:37:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/03/04 20:37:44 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/03/04 20:37:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/03/04 20:37:44 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/03/04 20:37:28 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/03/04 20:37:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/03/04 20:37:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/03/04 20:37:44 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/03/04 20:37:44 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
========== Files - Unicode (All) ==========
[2013/03/28 01:11:10 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?¿) -- C:\Windows\SysNative\ꯀ¿
[2013/03/28 01:11:10 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?¿) -- C:\Windows\SysNative\ꯀ¿

< End of report >

Link to post
Share on other sites

OTL logs show nothing of significance, OK we try another scanner. Make sure PC is back to Normal boot mode, use the following steps if required:

 

  • Open msconfig...
  • On the General tab, click Normal Startup - load all device drivers and services, and then click OK.
  • When you are prompted, click Restart.

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

Kevin

Combofix report attched - sorry for delay -had problems running this -and then locating the report- the result being that I have had to start from scratch again - in effect this is the second report.

 

ComboFix 13-09-22.01 - peter 22/09/2013  22:50:59.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4061.2497 [GMT 1:00]
Running from: c:\users\peter\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-22 to 2013-09-22  )))))))))))))))))))))))))))))))
.
.
2013-09-22 21:56 . 2013-09-22 21:56    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-09-22 21:56 . 2013-09-22 21:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-22 21:41 . 2013-09-22 21:41    --------    d-----w-    C:\OS
2013-09-22 19:21 . 2013-09-05 05:32    9694160    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98DE51F8-47BE-4989-9E0C-495E2A9195E1}\mpengine.dll
2013-09-22 19:06 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-21 19:58 . 2013-09-21 20:14    --------    d-----w-    c:\users\peter\Doctor Web
2013-09-21 15:47 . 2013-09-21 16:15    --------    d-----w-    C:\AdwCleaner
2013-09-21 14:10 . 2013-09-21 14:10    --------    d-----w-    C:\FRST
2013-09-20 12:51 . 2013-09-21 12:38    --------    d-----w-    c:\program files (x86)\PC Utilities Software Limited
2013-09-20 12:51 . 2013-09-20 12:51    --------    d-----w-    C:\SWSETUP
2013-09-20 11:07 . 2013-09-20 13:54    --------    d-----w-    c:\program files (x86)\Advanced Fix 2013
2013-09-20 11:00 . 2013-09-20 14:14    --------    d-----w-    c:\programdata\SecTaskMan
2013-09-20 11:00 . 2013-09-20 14:14    --------    d-----w-    c:\program files (x86)\Security Task Manager
2013-09-20 10:43 . 2013-09-20 10:43    --------    d-----w-    c:\program files (x86)\DLLSuite
2013-09-11 09:32 . 2013-08-05 02:25    155584    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-09-11 09:31 . 2013-08-08 01:20    3155456    ----a-w-    c:\windows\system32\win32k.sys
2013-09-11 09:31 . 2013-07-26 02:24    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-09-11 09:31 . 2013-07-26 02:24    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-09-07 10:41 . 2013-09-07 10:40    965008    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F58915C-EE0E-47E6-B10C-BF47B89B6737}\gapaengine.dll
2013-09-03 13:53 . 2013-09-03 13:53    187248    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-08-24 13:21 . 2013-08-24 13:21    --------    d-----w-    c:\program files (x86)\7-Zip
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 12:13 . 2011-03-10 15:16    79143768    ----a-w-    c:\windows\system32\MRT.exe
2013-09-10 22:56 . 2013-07-27 18:41    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 22:56 . 2013-07-27 18:41    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-10 22:18 . 2011-03-12 18:08    295696    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-08-24 08:21 . 2012-07-04 08:11    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 01:48 . 2013-09-11 09:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-17 14:27    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-17 14:27    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-17 14:28    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-17 14:28    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-17 14:29    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-17 14:27    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-17 14:29    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-17 14:29    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-17 14:29    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-17 14:27    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-17 14:29    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-17 14:29    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-17 14:29    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-17 14:29    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-17 14:26    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-07-04 13:19 . 2013-07-04 13:19    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 13:18 . 2012-07-02 12:52    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-04 13:18 . 2011-03-04 10:55    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2011-03-10 16:10 . 2011-03-09 23:09    303104    ----a-w-    c:\program files (x86)\Common Files\FDEUnInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-20 559616]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
c:\users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-3-12 4562944]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtenic64.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys;c:\windows\SYSNATIVE\DRIVERS\oanet.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-27 22:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2012-10-03 2415104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp:/www.google.co.uk
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\
FF - ExtSQL: 2013-08-06 15:46; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: 2013-08-06 15:51; gmailnoads@mywebber.com; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-08-06 15:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\ipp84za1.default-1375799371344\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-22  22:59:28
ComboFix-quarantined-files.txt  2013-09-22 21:59
.
Pre-Run: 419,203,317,760 bytes free
Post-Run: 418,806,280,192 bytes free
.
- - End Of File - - 6148A4CA420979E299AFABBFAC455172
A36C5E4F47E84449FF07ED3517B43A31

 

 

Peter

Link to post
Share on other sites

Hello again,

 

That log is from the 3rd run of Combofix, although there is no record of previous run logs indicated. Can you let me see this file:

 

C:\Qoobox\ComboFix-quarantined-files.txt

 

Another point is the security setup, although the header only indicates Online Armor FW and MSE. As you probably are aware more than one AV running on your system can cause major problems, sometimes even remnants from a previous application may cause issues. There is references to Kaspersky and Trusteer. Do you know what security you have?

 

Run the following please and post that log:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see that log, also the CF quaratined-files.txt, Can you also confirm that your system is returned from Clean Boot to Normal Boot mode...

 

Kevin

Link to post
Share on other sites

Kevin

System is now returned to normalboot mode - was not done before -sorry.

 

Qoobox report attached -as is security check.

 

I am running Online armour /Microsoft security  essentials -Rapport anti phishing{my Bank suggested this one was a requirement of internet banking}.

 

I use Kasperky as an occasional additional scanning tool - but do not run any permanent software- have now unloaded this as it seemd to cause conflicts.

Alos have spyware Blaster- and use Malware Bytes for scanning purposes.

 

2013-09-22 21:57:59 . 2013-09-22 21:57:59               92 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2013-09-22 21:57:57 . 2013-09-22 21:57:57              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-09-22 21:57:45 . 2013-09-22 21:57:45              128 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}.reg.dat
2013-09-22 21:57:44 . 2013-09-22 21:57:44              104 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2013-09-22 19:25:09 . 2013-09-22 19:25:09            1,210 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2013-09-22 19:25:09 . 2013-09-22 19:25:09            1,032 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2013-09-22 19:24:55 . 2013-09-22 21:54:53           14,668 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-09-22 19:17:44 . 2013-09-22 21:49:47              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-09-01 12:04:28 . 2013-08-16 22:54:30           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll.vir
2013-09-01 12:04:28 . 2013-08-16 22:36:49           45,816 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll.vir
2013-09-01 12:04:27 . 2013-08-23 22:16:08           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll.vir
2013-09-01 12:04:27 . 2013-08-13 16:12:26           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll.vir
2013-09-01 12:04:26 . 2013-08-12 15:22:14           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll.vir
2013-09-01 12:04:26 . 2013-08-09 16:16:13           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll.vir
2013-09-01 12:04:26 . 2013-08-09 16:03:43           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll.vir
2013-09-01 12:04:25 . 2013-08-09 15:29:27           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll.vir
2013-09-01 12:04:24 . 2013-08-08 22:23:18           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll.vir
2013-09-01 12:04:24 . 2013-08-05 15:41:28           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6261\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll.vir
2011-03-12 09:22:37 . 2009-10-20 10:19:30           53,299 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\pthreadVC.dll.vir
2011-03-12 09:22:37 . 2009-10-20 10:19:54          281,104 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir
2011-03-12 09:22:37 . 2009-10-21 02:20:06           96,784 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\Packet.dll.vir

 

 

 Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Secunia PSI (2.0.0.3001)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Panda Cloud Cleaner   
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Tall Emu Online Armor OAcat.exe
 Tall Emu Online Armor oasrv.exe
 Tall Emu Online Armor oaui.exe
 Tall Emu Online Armor OAhlp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Thanks for the logs Peter, MalwareBytes and SpywareBlaster are ok and should have no effect on your FW or MSE. From Security checks we need to update Adobe, outdated versions can be exploited and cause problems. We can update that now:

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for McAfee security scanner if offered, or any toolbars etc.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

I`d like you to run OTL one more time so I can check to see if there are any remnant drivers that need removal. I give the d/l links again, if you still have OTL on your Desktop just use that. Set the scanner as per instruction, there will only be one log this time :-

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 

 

  •  

     

  • When the window appears, underneath Output at the top, make sure Standard output is selected.

     

     

  • Select Scan all users

     

     

  • Change Drivers to All

     

     

  • Under the Extra Registry section, check Use SafeList

     

     

  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

     

     

  • Click Run Scan and let the program run uninterrupted.

     

     

  • When the scan is complete, two text files will be created on your Desktop.

     

     

  • OTL.Txt <- this one will be opened

     

     

  • Extras.txt <- this one will be minimized

     

     

 

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Thank you,

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.