Solved Laptop running very slow

PAUL SHILLAM · 2012/09/29

ComboFix 12-09-27.03 - shillam 29/09/2012 9:36.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2037.733 [GMT 1:00]
Running from: c:\users\shillam\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL3CD5.tmp
c:\programdata\SPL84E5.tmp
c:\users\shillam\GoToAssistDownloadHelper.exe
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 09:00 . 2012-09-29 09:04 -------- d-----w- c:\users\shillam\AppData\Local\temp
2012-09-29 09:00 . 2012-09-29 09:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-09-29 09:00 . 2012-09-29 09:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-29 09:00 . 2012-09-29 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 11:10 . 2012-09-28 11:10 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-09-28 11:10 . 2012-09-28 11:18 -------- d-----w- c:\programdata\iolo
2012-09-28 11:10 . 2012-09-28 11:10 -------- d-----w- c:\program files\iolo
2012-09-28 07:31 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64B2388E-6C33-47BC-8AFB-5EF0948A440B}\mpengine.dll
2012-09-22 15:38 . 2012-09-23 11:21 -------- d-----w- c:\users\shillam\AppData\Roaming\Systweak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 14:25 . 2012-05-02 07:14 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 14:25 . 2011-11-27 08:35 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 19:52 . 2012-07-29 19:52 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-07-04 14:02 . 2012-08-15 08:01 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 68856]
"HP Officejet 4620 series (NET) "= "c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 1820520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-05-24 138008]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-05-24 133912]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-22 45056]
What's my computer doing.lnk - c:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2012-4-22 274168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-05-02 08:05 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^shillam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\shillam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 12:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-05-15 08:39 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-11-16 11:38 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 03:10 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjamon]
2007-03-05 20:40 20480 ----a-w- c:\program files\Lexmark 1400 Series\lxdjamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-29 05:54 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 16:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-13 00:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-07 18:23 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 12:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-22 12:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:25]
.
2012-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 08:19]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 13:56]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 13:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&pid=dell&synd=dell&client=dell-usuk&channel=uk&ibd=2071122&channel=uk&client=dell-usuk&ibd=2071122
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzutAtN2Y1L1QzutDtDtC0D0Dzy0EzztD0A0BtD0DtA0AtBtN0D0TzutBtDtCtBtDyCtByB&cr=1851167175
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKCU-Run-Driver Manager - c:\program files\Driver Manager\Driver Manager\DriverManager.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MobileBroadband - c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-29 10:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,ff,75,fb,06,7b,6b,40,81,4f,d3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,ff,75,fb,06,7b,6b,40,81,4f,d3,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2012-09-29 10:08:37
ComboFix-quarantined-files.txt 2012-09-29 09:08
.
Pre-Run: 74,179,264,512 bytes free
Post-Run: 73,663,447,040 bytes free
.
- - End Of File - - 49B315A95FB662A0B975B368E3E5DC08

broni · 2012/09/29

Looks good.

How is computer doing?

=========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

PAUL SHILLAM · 2012/09/30

ItOTL logfile created on: 30/09/2012 09:17:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shillam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.82% Memory free
4.21 Gb Paging File | 2.69 Gb Available in Paging File | 63.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 68.36 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.43 Gb Free Space | 34.31% Space Free | Partition Type: NTFS

Computer Name: SUES-LAPTOP | User Name: shillam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/30 09:16:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shillam\Desktop\OTL.exe
PRC - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/29 20:52:20 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 17:13:58 | 000,274,168 | ---- | M] () -- C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
PRC - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/12/18 17:52:34 | 001,820,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/20 11:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/07 19:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/08/29 22:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/27 08:26:30 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdjcoms.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/03 17:13:58 | 000,274,168 | ---- | M] () -- C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
MOD - [2012/06/14 15:45:51 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:33:07 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 09:32:03 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 09:30:38 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/30 08:41:34 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/09 12:41:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/09 12:35:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/09 12:33:11 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/09 12:33:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 12:31:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/09 12:31:51 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 12:31:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2007/05/24 13:41:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [1999/01/31 11:52:02 | 000,192,512 | ---- | M] () -- C:\Program Files\What's my computer doing\QHTM.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012/09/21 15:25:16 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 11:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/05/02 09:05:46 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/01 14:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 11:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 11:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/07 19:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 22:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/04/27 08:26:30 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdjcoms.exe -- (lxdj_device)
SRV - [2007/04/27 08:26:09 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shillam\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/09 08:09:17 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/07/29 20:52:38 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/07/29 20:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/07/29 20:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/06/27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/01/09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/03/24 08:53:02 | 000,085,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/24 08:53:02 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/24 08:53:02 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/03/24 08:53:02 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/03/24 08:53:02 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/03/24 08:53:00 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/11/07 06:15:00 | 000,041,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/07 19:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/29 06:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/28 12:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 12:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 12:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=gr...DtA0AtBtN0D0TzutBtDtCtBtDyCtByB&cr=1851167175
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {36410784-EE92-55A2-BEE6-3D51AECA3619}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36410784-EE92-55A2-BEE6-3D51AECA3619}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzutAtN2Y1L1QzutDtDtC0D0Dzy0EzztD0A0BtD0DtA0AtBtN0D0TzutBtDtCtBtDyCtByB&cr=1851167175

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/home?affID=17425&tt=140612_dpl
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\shillam\Desktop
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=...71122&channel=uk&client=dell-usuk&ibd=2071122
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&affID=17425&tt=140612_dpl
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{36410784-EE92-55A2-BEE6-3D51AECA3619}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=HjM5IuhmCax6o_40SD8gaQJ0agw?q={searchTerms}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{8EE20609-FAF4-420A-8D57-37A0A3DDB8D8}: "URL" = http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E13EF503-E381-49D9-8339-0D10085F3799}&mid=dc6b70eff65d47d0b455d1549f0ce343-94d1b7796fd88efbe91b3d1a0103b6a62e7ba1bf&lang=en&ds=ft011&pr=sa&d=2012-06-27 11:56:48&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80275&lng=en
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/23 14:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/30 07:39:10 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: {show_on_all_tabs:true},browser:{check_default_browser:false,show_home_button:true,window_placement:{bottom:754,left:10,maximized:false,right:1060,top:10,work_area_bottom:764,work_area_left:0,work_area_right:1130,work_area_top:0}},default_search_provider:{id:9,name:Web Search,search_url:http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzutAtN2Y1L1QzutDtDtC0D0Dzy0EzztD0A0BtD0DtA0AtBtN0D0TzutBtDtCtBtDyCtByB&cr=1851167175,suggest_url:{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}},distribution:{create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_search_engine:true,make_chrome_default:false,show_welcome_page:true,skip_first_run_ui:true,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[http://www.pctools.com/,[http://nikkomsgchannel/,2.60370040,...cure.pctools.com/,2.60370040]]],startup_list:[1,http://fonts.googleapis.com/,http://gs.instantservice.com/,http://rs.instantservice.com/,http://ts.istrack.com/,http://www.google-analytics.com/,http://www.pctools.com/,http://www.symantec.com/,https://apis.google.com/,https://seal.buysafe.com/,https://ssl.gstatic.com/]},download:{directory_upgrade:true,extensions_to_open:},extensions:{autoupdate:{next_check:12954589048463000},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},settings:{fheoggkfdfchfphceeifdbepaooicaho:{app_launcher_index:0,incognito:false,install_time:12949688608627996,location:3,manifest:{background_page:Background.html,browsehomepage: http://www.google.com
CHR - Extension: No name found = C:\Users\shillam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\

O1 HOSTS File: ([2012/09/29 10:04:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627134102.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE2B734-CE77-4B1F-83F0-1662C4429131}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE608C5-7E8C-453E-BCC0-0C7111AF8BE4}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\shillam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shillam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 09:15:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shillam\Desktop\OTL.exe
[2012/09/30 07:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/29 10:08:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/29 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\shillam\AppData\Local\temp
[2012/09/29 09:33:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/29 09:33:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/29 09:33:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/29 09:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/29 09:23:33 | 004,757,745 | R--- | C] (Swearware) -- C:\Users\shillam\Desktop\ComboFix.exe
[2012/09/28 12:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/09/28 12:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2012/09/28 09:27:39 | 000,000,000 | ---D | C] -- C:\Users\shillam\Desktop\RK_Quarantine
[2012/09/28 09:12:08 | 000,000,000 | ---D | C] -- C:\Users\shillam\Desktop\tdsskiller
[2012/09/27 13:34:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\shillam\Desktop\dds.com
[2012/09/27 13:17:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\shillam\Desktop\aswMBR.exe
[2012/09/27 09:17:45 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\shillam\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/23 15:14:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/22 16:38:14 | 000,000,000 | ---D | C] -- C:\Users\shillam\AppData\Roaming\Systweak
[2012/09/11 09:06:25 | 000,000,000 | ---D | C] -- C:\Users\shillam\Documents\Hemblington Marketing the ChurchTourism
[2012/09/11 08:54:53 | 000,000,000 | ---D | C] -- C:\Users\shillam\Documents\Support for other churches
[2012/09/11 08:54:27 | 000,000,000 | ---D | C] -- C:\Users\shillam\Documents\Hemblington Support Documents
[2007/11/26 14:32:28 | 000,557,056 | ---- | C] (Citrix Online) -- C:\Users\shillam\GoToAssist_phone__319_en.exe

========== Files - Modified Within 30 Days ==========

[2012/09/30 09:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/30 09:16:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shillam\Desktop\OTL.exe
[2012/09/30 08:49:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/30 07:32:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 07:32:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 07:32:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 07:32:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/29 10:41:10 | 000,003,131 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/09/29 10:04:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/29 09:23:37 | 004,757,745 | R--- | M] (Swearware) -- C:\Users\shillam\Desktop\ComboFix.exe
[2012/09/28 12:10:59 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[2012/09/28 12:10:53 | 000,000,970 | ---- | M] () -- C:\Users\shillam\Desktop\System Checkup.lnk
[2012/09/28 11:33:53 | 000,000,512 | ---- | M] () -- C:\Users\shillam\Desktop\MBR.dat
[2012/09/28 10:57:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/09/28 09:27:33 | 001,391,616 | ---- | M] () -- C:\Users\shillam\Desktop\RogueKiller.exe
[2012/09/28 09:11:39 | 002,193,278 | ---- | M] () -- C:\Users\shillam\Desktop\tdsskiller.zip
[2012/09/27 13:34:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\shillam\Desktop\dds.com
[2012/09/27 13:18:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\shillam\Desktop\aswMBR.exe
[2012/09/27 10:04:24 | 000,302,592 | ---- | M] () -- C:\Users\shillam\Desktop\hpsc3r7k.exe
[2012/09/27 09:17:51 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\shillam\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/19 10:07:08 | 000,001,948 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\What's my computer doing.lnk
[2012/09/19 10:07:08 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\What's my computer doing.lnk
[2012/09/17 15:18:56 | 017,910,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/17 15:18:56 | 009,138,874 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/12 08:46:16 | 001,399,008 | ---- | M] () -- C:\Users\shillam\Desktop\Hemblington Statement of Significance v5.pdf
[2012/09/12 08:45:47 | 000,493,226 | ---- | M] () -- C:\Users\shillam\Desktop\Needs All Saints Hemblington 2012.pdf
[2012/09/12 08:45:08 | 000,171,054 | ---- | M] () -- C:\Users\shillam\Desktop\IMAGE (78) Drapers.PDF

========== Files Created - No Company Name ==========

[2012/09/29 09:33:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/29 09:33:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/29 09:33:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/29 09:33:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/29 09:33:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/28 12:10:59 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/09/28 12:10:53 | 000,000,970 | ---- | C] () -- C:\Users\shillam\Desktop\System Checkup.lnk
[2012/09/28 09:26:59 | 001,391,616 | ---- | C] () -- C:\Users\shillam\Desktop\RogueKiller.exe
[2012/09/28 09:11:19 | 002,193,278 | ---- | C] () -- C:\Users\shillam\Desktop\tdsskiller.zip
[2012/09/27 13:25:46 | 000,000,512 | ---- | C] () -- C:\Users\shillam\Desktop\MBR.dat
[2012/09/27 10:02:49 | 000,302,592 | ---- | C] () -- C:\Users\shillam\Desktop\hpsc3r7k.exe
[2012/09/12 08:46:16 | 001,399,008 | ---- | C] () -- C:\Users\shillam\Desktop\Hemblington Statement of Significance v5.pdf
[2012/09/12 08:45:47 | 000,493,226 | ---- | C] () -- C:\Users\shillam\Desktop\Needs All Saints Hemblington 2012.pdf
[2012/09/12 08:45:08 | 000,171,054 | ---- | C] () -- C:\Users\shillam\Desktop\IMAGE (78) Drapers.PDF
[2012/09/11 08:20:27 | 015,774,207 | ---- | C] () -- C:\Users\shillam\Documents\ipad_user_guide.pdf
[2012/07/13 10:45:55 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/27 11:44:05 | 000,302,425 | ---- | C] () -- C:\Users\shillam\AppData\Local\funmoods-speeddial.crx
[2011/03/16 10:21:41 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdjcoin.dll
[2011/03/16 10:17:49 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdjrwrd.ini
[2011/03/16 10:17:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdjinpa.dll
[2011/03/16 10:17:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdjiesc.dll
[2011/03/16 10:17:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdjhcp.dll
[2011/03/16 10:17:32 | 000,286,720 | ---- | C] () -- C:\Windows\System32\lxdjinst.dll
[2011/03/16 10:17:31 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdjserv.dll
[2011/03/16 10:17:31 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdjusb1.dll
[2011/03/16 10:17:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdjpmui.dll
[2011/03/16 10:17:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdjlmpm.dll
[2011/03/16 10:17:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdjprox.dll
[2011/03/16 10:17:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdjpplc.dll
[2011/03/16 10:17:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdjih.exe
[2011/03/16 10:17:27 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdjhbn3.dll
[2011/03/16 10:17:27 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdjgrd.dll
[2011/03/16 10:17:25 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdjcoms.exe
[2011/03/16 10:17:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomc.dll
[2011/03/16 10:17:24 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomm.dll
[2011/03/16 10:17:24 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxdjcfg.exe
[2011/03/07 15:00:48 | 000,019,945 | ---- | C] () -- C:\Users\shillam\AppData\Roaming\UserTile.png
[2010/08/27 17:06:06 | 000,000,760 | ---- | C] () -- C:\Users\shillam\AppData\Roaming\setup_ldm.iss
[2009/03/11 10:58:50 | 000,008,085 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/01/27 16:17:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/31 13:45:02 | 000,060,281 | ---- | C] () -- C:\ProgramData\lxdj
[2007/11/30 18:10:00 | 000,852,480 | -HS- | C] () -- C:\Users\shillam\ehthumbs_vista.db
[2007/11/26 13:21:54 | 000,001,356 | ---- | C] () -- C:\Users\shillam\AppData\Local\d3d9caps.dat
[2007/11/26 11:29:42 | 000,007,938 | ---- | C] () -- C:\Users\shillam\AppData\Roaming\wklnhst.dat
[2007/11/26 11:26:26 | 000,039,424 | ---- | C] () -- C:\Users\shillam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/07/05 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/07/05 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/12/16 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Autodesk
[2011/09/17 15:05:48 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\calibre
[2009/08/19 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Canon
[2010/12/29 11:53:19 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\ChessBase
[2009/01/04 15:06:35 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\GetRightToGo
[2008/07/16 16:02:42 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Lexmark Productivity Studio
[2012/01/18 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Nokia
[2010/08/13 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Nokia Ovi Suite
[2012/01/21 16:09:04 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Nokia Suite
[2010/08/13 13:54:04 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\PC Suite
[2011/03/03 18:35:17 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\PCDr
[2008/09/02 12:13:16 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Serif
[2010/09/16 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\SmartDraw
[2012/09/23 12:21:17 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Systweak
[2008/08/29 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Template
[2007/11/27 13:09:55 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\tmp
[2011/06/05 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Trusteer
[2011/08/09 16:28:48 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Vodafone
[2008/10/28 16:14:22 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Wallpapers from MSN
[2011/05/21 10:06:26 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Windows Live Writer
[2011/06/23 08:40:36 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer

========== Purity Check ==========

< End of report >
is a bit early to tell but it does seem fast and no hangs for a couple of days.
here is the first OTL log

PAUL SHILLAM · 2012/09/30

OTL Extras logfile created on: 30/09/2012 09:17:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shillam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.82% Memory free
4.21 Gb Paging File | 2.69 Gb Available in Paging File | 63.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 68.36 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.43 Gb Free Space | 34.31% Space Free | Partition Type: NTFS

Computer Name: SUES-LAPTOP | User Name: shillam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DAE3D6C-CC3F-4C11-98AE-0CD1BBFC4D44}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5BF19E9F-FBE5-4520-AD5A-C8E3CFF918E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F86E0E1-C91F-483C-A333-D7A2ED859BBF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{792A6E52-92FC-4159-B72F-3280BBC1C230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1458BDBE-8C14-4D4C-B442-57B059E803D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16A9D1F1-6EB4-4CB4-A61B-5EF7527EC956}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"{291BD281-875C-4852-BF94-2E634994BD7D}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{2ADA620F-FC54-4767-BEFC-EAD9F62DA85B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{35D433B1-E838-4F24-A5B4-F97915271C0F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3A4E7AA6-671F-4D65-8006-B18CA3FEF283}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{4711B2F7-E38B-45D0-9CFC-8E9779C36A7C}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{48DFC2E9-8286-4BDE-BDB8-E844F75CFF70}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{4CA8344F-2506-4777-A283-75F95E2881CC}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\wireless\lxdjwpss.exe |
"{50D1A845-8EE6-4BD0-A31D-1E499EF2EB11}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{5A9F7424-39E5-450A-9CC3-59F1AC48DF06}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{5EB94C87-3824-478E-9058-469E27D227EE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{665F6E13-A248-4912-92A4-0F9A7F28C385}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6DFE4D10-9544-4B65-AC9E-45FA70C01C2C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{701236EE-7881-4C22-B000-6267F921287C}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
"{71F64736-8FA8-44D8-9371-D7E3ECC94FCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{743E87FA-11E7-4EF8-AACC-D3B747C443CF}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\wireless\lxdjwpss.exe |
"{79AC4BE6-9944-4F47-8E96-A174949BF238}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7C7CD3E5-080E-4926-B381-19DF34C75659}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{7DB97498-B440-435A-BB08-B9B3520EA9DC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{7FD24F2E-0E34-46B4-BB11-B2D715D59443}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{82D21292-66F7-4B6E-AA0F-8C14EE00EE91}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{902F9707-AA2F-4B79-BFD8-EB0512B1B75E}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{9040516D-4879-40FF-AC1B-AC7C4D19325E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{94F56C4F-31FB-4702-8E4B-1F27537ED7F4}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{96246EC9-567E-46A6-A9F8-D43F5D053837}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{975BB4B1-5234-418B-80F5-6825449D2810}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"{9FFFE503-9347-486B-ACEF-B34806368D9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AEF32649-0AED-4544-98DC-2EDDC32A3354}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"{BD81F3FA-2C9E-4F62-8D29-C3A590624509}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{C13DFD76-1CCC-4CD7-B634-BD8C145B0BEC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{C1A4602F-FA18-4DE2-955A-1CC7637B81EA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{C2EF496D-8406-4DE5-93A6-2FEC8271BB1F}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{C31CD278-C300-4422-8F99-C4A8899288E1}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
"{C4D0672E-14A3-4219-9940-1C6E0E188BDD}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
"{C4D2391A-A009-4DF2-BA58-3D341AEE5739}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
"{D75E57FF-7E6D-4C62-BB0B-9A8968A2EC6E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DBBCB6BC-C53D-4489-A9AB-6764C11A8F41}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DBE2CAB3-CEAE-4D11-8259-52D414BCA539}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{DCAEC726-9999-401E-9881-01646EB70205}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{DF6590E6-83D4-495E-B95E-72A802FC8CB8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{E4956C9F-6E0F-4A36-9D6F-0E30E5DCACBA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E5990A02-8B78-4EE5-B5FD-90738A3A327C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{E67D9F43-8935-4662-AC96-1DB5A3F496D2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{E6C631E0-C002-4331-BFCE-C1F6B538ED38}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{E86E1173-5FD5-49BF-9B6C-88819399295F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{E935045E-03A5-4B3F-B089-DF52D5C89BB3}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{E9361498-9E52-4F11-8B9E-6F7103C8ED6B}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{EA58EAE5-2DAD-45C6-9687-09CC10A686D2}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{EA983610-8AF5-462E-B0C5-EFD6E16D39D1}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{F07CD485-2262-4038-822B-4DAB6A477C63}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
"{F75FCC59-07F3-4C43-B708-3B180406C7C9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{FE6C711B-3A73-47CD-816C-6301635F266A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{FE9020D1-0DE4-4AA3-AB2C-ED5537255610}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{FFBB0B70-28F0-4184-B468-A5B0840ECDD6}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"TCP Query User{1352AC39-47A0-42FD-BE1D-CB511E49F01F}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{312412FD-3FCD-4EC0-8648-7B8F68D0A3AD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{943B36F8-95B0-458B-8630-7587994562A8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{81BCE9B4-F2F8-494B-BA71-83C4FD682613}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{85D4FCC5-5794-4D37-B524-D86DA032B99F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{C657D1B9-F0A1-46EA-B5E9-64526E4AE4D3}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{366CC735-543D-42CB-9C03-D7512314DE52}" = Quicken 2004
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F702F22-A623-4B6A-41BD-420700558223}_is1" = What's my computer doing 1.xx
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{606C37AB-EB04-4270-A592-201A03C2DB36}" = HP Officejet 4620 series Help
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C44DEFF-8638-49A4-B748-CA59B43F3265}" = Fritz 12
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928E9793-43FD-458D-B87B-6376BD4E4DA5}" = HP Officejet 4620 series Basic Device Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skypeâ„¢ 5.10
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC831F3D-66AE-4C6D-B36B-F7B178218342}" = HP Officejet 4620 series Product Improvement Study
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd "LegacyDriver" (05/31/2012 7.1.2.0)
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BelkinPort" = BelkinPort Monitor
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Digital Editions" = Adobe Digital Editions
"DWG TrueView 2008" = DWG TrueView 2008
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark 1400 Series" = Lexmark 1400 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = BT NetProtect Plus
"Nokia Suite" = Nokia Suite
"Quick Search Box" = Google Quick Search Box
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Dell Touchpad
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Applications" = BT Yahoo! Applications

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:11 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/09/2012 07:05:13 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

[ Dell Events ]
Error - 24/11/2010 15:39:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 25/11/2010 05:22:13 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 25/11/2010 05:22:13 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 26/12/2010 07:42:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 26/12/2010 07:42:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:30:56 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:30:56 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:56:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:56:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 02/09/2011 04:41:42 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 16/04/2008 09:29:36 | Computer Name = Sues-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = \DEVICE\{FAE608C5-7E8C-453E-BCC0-0C7111AF8BE4} : Has determined that
the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5005
Description = \DEVICE\{FAE608C5-7E8C-453E-BCC0-0C7111AF8BE4} : Has encountered an
internal error and has failed.

Error - 09/04/2008 12:43:52 | Computer Name = Sues-Laptop | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

< End of report >

broni · 2012/09/30

OTL logs are clean

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

PAUL SHILLAM · 2012/10/01

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

PAUL SHILLAM · 2012/10/01

Farbar Service Scanner Version: 19-09-2012
Ran by shillam (administrator) on 01-10-2012 at 13:22:17
Running from "C:\Users\shillam\Desktop "
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

PAUL SHILLAM · 2012/10/01

# AdwCleaner v2.003 - Logfile created 10/01/2012 at 13:26:40
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : shillam - SUES-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\shillam\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Inbox Toolbar
File Deleted : C:\user.js
File Deleted : C:\Users\shillam\AppData\Local\funmoods-speeddial.crx
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\shillam\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\shillam\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\shillam\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\shillam\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\FocusInteractive
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzutAtN2Y1L1QzutDtDtC0D0Dzy0EzztD0A0BtD0DtA0AtBtN0D0TzutBtDtCtBtDyCtByB&cr=1851167175 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.babylon.com/home?affID=17425&tt=140612_dpl --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\shillam\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : search_url ={ "bookmark_bar ":{ "show_on_all_tabs ":true}, "browser ":{ "check_default_browser ":false, "show_home_button ":true, "window_placement ":{ "bottom ":754, "left ":10, "maximized ":false, "right ":1060, "top ":10, "work_area_bottom ":764, "work_area_left ":0, "work_area_right ":1130, "work_area_top ":0}}, "default_search_provider ":{ "id ": "9 ", "name ": "Web Search ", "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzutAtN2Y1L1QzutDtDtC0D0Dzy0EzztD0A0BtD0DtA0AtBtN0D0TzutBtDtCtBtDyCtByB&cr=1851167175 ", "suggest_url ": "{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} "}, "distribution ":{ "create_all_shortcuts ":true, "do_not_launch_chrome ":true, "import_history ":false, "import_search_engine ":true, "make_chrome_default ":false, "show_welcome_page ":true, "skip_first_run_ui ":true, "verbose_logging ":false}, "dns_prefetching ":{ "host_referral_list ":[2,[ "hxxp://www.pctools.com/ ",[ "hxxp://nikkomsgchannel/ ",2.60370040, "hxxp://om.symantec.com/ ",2.60370040, "hxxp://rs.instantservice.com/ ",2.93402060, "hxxp://secure.pctools.com/ ",2.27338020, "hxxp://themes.googleusercontent.com/ ",2.60370040, "hxxp://ts.istrack.com/ ",2.27338020, "hxxp://www.google-analytics.com/ ",2.60370040, "hxxp://www.pctools.com/ ",12.84362660, "hxxps://seal.buysafe.com/ ",3.594660999999999, "hxxps://secure.pctools.com/ ",2.60370040]]], "startup_list ":[1, "hxxp://fonts.googleapis.com/ ", "hxxp://gs.instantservice.com/ ", "hxxp://rs.instantservice.com/ ", "hxxp://ts.istrack.com/ ", "hxxp://www.google-analytics.com/ ", "hxxp://www.pctools.com/ ", "hxxp://www.symantec.com/ ", "hxxps://apis.google.com/ ", "hxxps://seal.buysafe.com/ ", "hxxps://ssl.gstatic.com/"]}, "download ":{ "directory_upgrade ":true, "extensions_to_open ":" "}, "extensions ":{ "autoupdate ":{ "next_check ": "12954589048463000 "}, "chrome_url_overrides ":{ "bookmarks ":[ "chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}, "settings ":{ "fheoggkfdfchfphceeifdbepaooicaho ":{ "app_launcher_index ":0, "incognito ":false, "install_time ": "12949688608627996 ", "location ":3, "manifest ":{ "background_page ": "Background.html ", "browse "homepage ": "hxxp://www.google.com ",

*************************

AdwCleaner[S1].txt - [16331 octets] - [01/10/2012 13:26:40]

########## EOF - C:\AdwCleaner[S1].txt - [16392 octets] ##########

PAUL SHILLAM · 2012/10/01

ESET did not find any threats.

Paul

broni · 2012/10/01

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.

PAUL SHILLAM · 2012/10/02

We think the laptop is a bit faster but not as fast as it used to be. It still hangs, yesterday and this morning after it has been switched on for 10 or 15 minutes it will hang, yesterday I was posting something on face book and it froze the clock stops and the cpu meter is frozen and then after 5 minutes it comes back to life, same thing happened this morning and we weren't doing anything on the laptop. This happens most days, after it comes back to life it will be ok for the rest of the day even if it gets switched off and on.

PAUL SHILLAM · 2012/10/02

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: shillam
->Temp folder emptied: 35804 bytes
->Temporary Internet Files folder emptied: 2561457 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14638 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: shillam
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: shillam
->Java cache emptied: 0 bytes

User: TEMP

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10022012_113609

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

PAUL SHILLAM · 2012/10/02

I spoke too soon saying it only hung following first power up in the morning because after following your final clean up instructions, I rebooted and ten minutes later whilst I was closing the internet it hung again from 12:33 to 12:37 then came back to life again.

broni · 2012/10/02

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

Log in or Sign up

Solved Laptop running very slow

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Laptop running very slow

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches