📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

google search AVAST comes up with malicious virus

1246

Comments

  • cepheus
    cepheus Posts: 20,053 Forumite
    Well I tried to start it with AVAST on but then it reminded me to turn it off, before going through the main routine, it doesn't work otherwise. I right clicked AVAST in the system tray and turned it off until next reboot.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Does it definitely only affect firefox? Is Internet Explorer not affected?

    Post the contents of attach.txt from when you initially ran DDS

    Download TFC by Old Timer & save it to your desktop

    http://oldtimer.geekstogo.com/TFC.exe

    • Save any unsaved work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • Allow any UAC prompt
    • Click the Start button in the bottom left of TFC
    • If prompted, click "Yes" to reboot.
    Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.
  • cepheus
    cepheus Posts: 20,053 Forumite
    edited 14 August 2012 at 2:28PM
    Yes it is just Firefox, Windows IE is fine

    Hope this is the one you want I may have renamed it, generated at the same time as the file posted in post 19

    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 26/05/2011 14:37:18
    System Uptime: 13/08/2012 07:00:54 (12 hours ago)
    .
    Motherboard: TOSHIBA | | PWWAA
    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU | 2533/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 70.38 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 140.455 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 233 GiB total, 14.507 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP187: 28/07/2012 06:34:51 - Windows Update
    RP188: 29/07/2012 18:41:49 - OTL Restore Point - 7/29/2012 6:41:48 PM
    RP189: 30/07/2012 18:08:49 - Installed Java(TM) 7 Update 5
    RP190: 31/07/2012 08:23:35 - Windows Update
    RP191: 04/08/2012 08:22:25 - Windows Update
    RP192: 10/08/2012 07:22:20 - Windows Update
    RP193: 11/08/2012 11:25:32 - Windows Backup
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Amazon.co.uk
    Audacity 2.0
    avast! Free Antivirus
    BBC iPlayer Desktop
    Bejeweled 2 Deluxe
    Canon My Printer
    Chuzzle Deluxe
    Cryptainer LE
    D3DX10
    Dragon NaturallySpeaking 11
    eBay
    Everything 1.2.1.371
    Farm Mania 2
    Fishdom
    Google Advertising Cookie Opt-out
    Google Update Helper
    ieSpell
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    Jewel Quest II
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10 Essentials
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    OOo-dev 3.4
    Penguins!
    Photo Service - powered by myphotobook
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Serif WebPlus X2
    Shareaza 2.5.5.0
    Skype Toolbars
    Skype™ 4.2
    Slingo Supreme
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Face Recognition
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Manuals
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA Recovery Media Creator Reminder
    TOSHIBA ReelTime
    TOSHIBA Supervisor Password
    Toshiba TEMPRO
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TRORMCLauncher
    TrueCrypt
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Utility Common Driver
    WildTangent Games
    WildTangent ORB Game Console
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13/08/2012 15:47:03, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    13/08/2012 14:25:52, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user stephen-TOSH\stephen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    11/08/2012 22:20:21, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    11/08/2012 09:26:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA Power Saver service to connect.
    11/08/2012 09:26:40, Error: Service Control Manager [7000] - The TOSHIBA Power Saver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  • cepheus
    cepheus Posts: 20,053 Forumite
    edited 14 August 2012 at 3:28PM
    The program just froze my computer,

    EDIT

    It worked the seecond time, all cache cleared, I noticed it included Firefox.

    Virus warning still popping up, BTW.

    I informed AVAST if that is going to do any good.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Download OTL and save it to your Desktop. If you already have a copy, delete it and download it again.

    http://oldtimer.geekstogo.com/OTL.exe
    • Double click OTL.exe to run it
    • Allow the UAC prompt
    • Under the Custom Scans/fixes box copy/paste this in:
    c:|bProtector;true;true;true; /FP

    • Click the Quick Scan button.
    • When it's finished, two Notepad files will open.
    • OTL.txt <- Will be opened
    • Extras.txt <- Will be minimized
    • Post the contents of just OTL.txt for now
  • cepheus
    cepheus Posts: 20,053 Forumite
    OTL logfile created on: 8/14/2012 5:59:43 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\stephen\Documents\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.80 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 50.97% Memory free
    7.60 Gb Paging File | 5.72 Gb Available in Paging File | 75.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 69.37 Gb Free Space | 46.54% Space Free | Partition Type: NTFS
    Drive D: | 148.65 Gb Total Space | 140.46 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
    Drive G: | 232.88 Gb Total Space | 14.51 Gb Free Space | 6.23% Space Free | Partition Type: NTFS

    Computer Name: STEPHEN-TOSH | User Name: stephen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/14 17:39:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\stephen\My Documents\Downloads\OTL.exe
    PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/06/21 17:00:41 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    PRC - [2011/04/27 18:06:24 | 001,044,248 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\Windows\SysWOW64\cryptainersrv.exe
    PRC - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    PRC - [2010/06/03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
    PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/03/13 02:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
    MOD - [2009/03/13 02:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/05/16 23:09:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2011/04/27 18:06:24 | 001,044,248 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\cryptainersrv.exe -- (ssoftservice)
    SRV - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2010/07/28 22:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/05/11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
    SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/05/28 07:45:46 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2011/04/27 18:07:06 | 000,103,704 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ssoftnt4.sys -- (ssoftnt4)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 14:36:50 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/05 22:23:18 | 007,884,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/10/05 21:15:14 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/07/29 06:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/06/23 16:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/28 12:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{5F0BE361-2E46-4E99-A13B-9F671BF4866E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0EF3904D-0908-48F2-B2FE-C1E8A27EEE14}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGHP_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:blank"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/10 15:37:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/26 18:40:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{132931E3-D8F4-11E1-8270-B8AC6F996F26}: C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26}\ [2012/07/28 21:37:42 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/26 18:40:02 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/20 08:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stephen\AppData\Roaming\Mozilla\Extensions
    [2012/05/26 18:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\aicv56t1.default\extensions
    [2012/05/20 08:05:19 | 000,000,000 | ---D | M] (No name found) --
  • cepheus
    cepheus Posts: 20,053 Forumite
    C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/26 18:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/07/28 21:37:42 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26}
    [2012/05/21 19:32:25 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\STEPHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AICV56T1.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012/05/26 18:40:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/05/16 23:08:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/05/16 23:08:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/14 09:59:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8:64bit: - Extra context menu item: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
    O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110620094923 (PhotoboxPhotowaysUploader5 Control)
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E013B8A-BE41-43B6-BEB6-85C6104005FD}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/14 15:00:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/08/14 14:29:24 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\stephen\Documents\Desktop\TFC.exe
    [2012/08/14 12:47:24 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{0506D7A8-BE06-4D4D-B490-02AC375FD040}
    [2012/08/14 12:47:13 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{AF8F9F3C-7290-45EA-BE19-43DCEF2232E6}
    [2012/08/14 09:59:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/14 08:26:48 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\stephen\Documents\Desktop\ComboFix.exe
    [2012/08/13 22:47:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/13 22:47:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/13 22:47:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/13 22:46:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/13 22:46:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/13 13:59:42 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{9934C67B-43EF-4946-9B76-516B35C9520C}
    [2012/08/13 13:59:31 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{3E02ADA3-D8A0-40EE-8E39-BEEC376DD18E}
    [2012/08/12 20:16:30 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{6786FC17-D5D4-4800-B62B-E1FA2D93D659}
    [2012/08/12 20:16:20 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{1A9D7D58-6667-40FF-A160-AEDCC0E78E67}
    [2012/08/12 08:04:49 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{5A478FDA-1844-43E6-A35D-171FEB5614D3}
    [2012/08/12 08:04:39 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{7FEFBE55-68C6-411F-83C4-336F21A84A60}
    [2012/08/10 18:27:11 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{53B7A1A4-3496-45CB-8489-83DFCEDA997B}
    [2012/08/10 18:27:01 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{FC8E8E29-DAAB-4DBA-8FBB-49377A29923D}
    [2012/08/09 07:58:21 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{0655E7B5-8E79-4F06-95ED-4B49BBFD2D48}
    [2012/08/09 07:58:11 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{6FE21955-396D-407D-8E22-9FED07115BC1}
    [2012/08/08 07:45:44 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{544AA7D7-2883-4E97-BDAA-E45070B44521}
    [2012/08/08 07:45:33 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{B57163EF-8F48-4113-B830-78CDF8647D6F}
    [2012/08/07 10:47:18 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{0988A3A1-6A5B-4F86-BD08-01E30BFA4A88}
    [2012/08/07 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{A895AC9D-C69D-4B12-8E32-B8D3B1892992}
    [2012/08/06 07:56:03 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{1B3B38EB-261E-42F6-B834-58B6FDF74961}
    [2012/08/06 07:55:51 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{3B5B6A83-A4E3-4E61-A153-0EAF0BF4FE67}
    [2012/08/05 23:05:47 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{806A1455-8940-4F11-AB43-A36BD75A59D9}
    [2012/08/05 08:38:37 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{219B9ED8-6529-41AD-AC87-706B0CEA3731}
    [2012/08/05 08:38:26 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{CDD2AC9C-C466-4845-BC8E-A0C115732DE0}
    [2012/08/04 08:49:35 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{79E9A706-9461-4204-A4AF-432C2CB69B99}
    [2012/08/04 08:49:24 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{18DCE614-5F6D-4751-8561-CF24EC786306}
    [2012/08/03 19:08:24 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{81279512-46E9-477D-9DF3-ADFF20F112AF}
    [2012/08/03 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{C5D3B86A-145F-4338-8662-4049E08547D1}
    [2012/08/02 21:05:35 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{DFA88910-A426-49FD-B59D-FABBA0307404}
    [2012/08/02 21:05:25 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{8C77F82B-80AB-4D81-BE82-83E4DFA46FA9}
    [2012/08/02 07:57:20 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{4810AA14-14C0-45AA-BC3F-4E485B1722D7}
    [2012/08/02 07:57:09 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{706541A3-4664-44B7-826F-6485317125CD}
    [2012/08/01 07:19:53 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{896B1211-1BC1-4538-A6AB-716E4C5D3C66}
    [2012/08/01 07:19:43 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{E0CA371E-63CF-4DF9-A2E4-9EDC4EF11D02}
    [2012/07/31 13:35:23 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{AD30A2A0-FED7-4BA7-9303-ED36F6DE1C30}
    [2012/07/31 13:35:12 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{3B8A4933-0BAF-4E33-B0A0-CF55C13F0696}
    [2012/07/30 19:31:16 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{26E24C17-B0BB-484D-A7A6-937E518EF98F}
    [2012/07/30 19:31:06 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{9C6156AE-525A-4755-8651-7D924C5AC9D0}
    [2012/07/30 18:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/07/30 07:30:34 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{6DB9777A-B4B8-4A54-97E1-2384AE792D16}
    [2012/07/30 07:30:24 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{F70E7057-A69F-498C-8344-9D6AC64CEE2D}
    [2012/07/29 18:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/29 18:20:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/29 18:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/29 07:24:42 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{1DDCF4C5-5F42-4A62-B1B5-4211264666E8}
    [2012/07/29 07:24:31 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{2AAF93CD-F996-4833-AD9A-9E947BF66FCF}
    [2012/07/28 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26}
    [2012/07/28 15:22:44 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{4DFB0A2A-2B11-4410-BC2D-D8A21CDE081A}
    [2012/07/28 15:22:34 | 000,000,000 | ---D | C] --
  • cepheus
    cepheus Posts: 20,053 Forumite
    C:\Users\stephen\AppData\Local\{4E6FEA4A-FB52-43A6-8B01-D2656163D15B}
    [2012/07/27 10:42:29 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{7FF2F997-B757-4236-84B0-F9D25059FFD3}
    [2012/07/27 10:42:17 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{6B2683DD-8362-4B19-9732-803A049880A3}
    [2012/07/26 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{4BB3C8B0-5150-4575-BE06-95234C9BE5C8}
    [2012/07/26 22:27:50 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{62249014-DB13-4AD7-974C-FA53A12BADC1}
    [2012/07/26 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{EC8CA9E8-0377-425D-98E5-8D8D7F1E12A2}
    [2012/07/26 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{AEB7C706-075A-47F1-98F5-3BE14BF1C8F0}
    [2012/07/25 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{617DFD8F-2CAA-4099-8E4A-C4A13A82DD72}
    [2012/07/25 21:17:05 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{999F628E-3F91-4D47-A77B-8FC1A43BD063}
    [2012/07/25 07:26:03 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{BEA36201-B2F0-46C9-8975-50CCAA8BCE0E}
    [2012/07/25 07:25:52 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{E164033D-C4EE-4BB7-8776-089A4A6D5E2C}
    [2012/07/24 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{890AF71F-1203-4CB8-B5BC-44ABAA01818D}
    [2012/07/24 09:12:33 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{5039B34C-2A42-4A89-B3B9-70387C3B89E5}
    [2012/07/23 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{9093ED4E-1799-41DB-99DA-28454163243F}
    [2012/07/23 21:11:54 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{8FF61BA4-80F6-4C45-953E-AD59427EF1D5}
    [2012/07/23 07:27:38 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{5252FBBB-2B5E-4B3B-BCCA-DE6D62F1B505}
    [2012/07/23 07:27:27 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{49335A93-B15C-4CE8-AB16-E801D9D97F11}
    [2012/07/22 19:25:28 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{5A7AC5C5-E0C0-460B-9F8D-DAB09C6B87A6}
    [2012/07/22 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{CFC12AF4-AE94-46A7-BDBD-253BDCDD66D4}
    [2012/07/22 07:24:48 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{5938729C-002E-474E-8B80-56428599DB17}
    [2012/07/22 07:24:38 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{7F0ABBE3-45AF-45C9-9FC3-9341E12EB418}
    [2012/07/21 07:23:37 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{41B57710-2056-40B4-B397-0A5319531805}
    [2012/07/21 07:23:27 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{D0F4F894-7B05-40F6-9939-8A122A411936}
    [2012/07/20 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{5429E97D-F829-49AA-BBF4-AD0CB919ABB4}
    [2012/07/20 07:30:25 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{95F3EC46-9AD8-48CF-BFF7-F956DD61D652}
    [2012/07/20 07:30:15 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{23F534B4-6666-4348-AB92-B7BBFFBE34D5}
    [2012/07/19 14:46:14 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{9E72B0C0-A090-451C-A873-728A1A37CB6F}
    [2012/07/19 14:46:03 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{DA50C083-71D8-494A-8A2B-E177E0A91F83}
    [2012/07/18 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{2720D71C-CEC8-4A1F-B312-DFEBF6E770D0}
    [2012/07/18 21:00:26 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{C8C2F218-5BD7-40DB-81D8-B9C104F27BEE}
    [2012/07/18 07:28:51 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{BC69428C-3253-45DA-9627-B1F09349B1AF}
    [2012/07/18 07:28:41 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{52F8E877-DD60-47BF-A739-303FC851E227}
    [2012/07/17 06:44:02 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{AF511A3C-9608-4BC3-9094-54E75323B944}
    [2012/07/17 06:43:52 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{FF4405BE-50C6-4CA4-8F39-E23B76D31A75}
    [2012/07/16 11:02:33 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{D380F1E5-73E7-42ED-B702-EAF1D7EE9A25}
    [2012/07/16 11:02:23 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\{53E26D2C-92B8-40D4-9C44-BBE4A875BD2E}

    ========== Files - Modified Within 30 Days ==========

    [2012/08/14 17:10:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/14 15:23:59 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 15:23:59 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 15:16:32 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/14 15:16:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/14 15:16:18 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/14 14:59:58 | 704,139,262 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/14 14:29:25 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\stephen\Documents\Desktop\TFC.exe
    [2012/08/14 14:02:13 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/14 14:02:13 | 000,629,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/14 14:02:13 | 000,111,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/14 09:59:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/14 09:58:36 | 000,338,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/14 08:27:12 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\stephen\Documents\Desktop\ComboFix.exe
    [2012/08/13 22:10:58 | 000,000,512 | ---- | M] () -- C:\Users\stephen\Documents\Desktop\MBR.dat
    [2012/08/13 21:26:37 | 000,028,303 | ---- | M] () -- C:\Users\stephen\Documents\Desktop\telephone list May 2012.ods
    [2012/08/13 13:58:11 | 000,021,107 | ---- | M] () -- C:\Users\stephen\Documents\UK Athletics Performance.ods
    [2012/08/13 13:57:03 | 001,565,723 | ---- | M] () -- C:\Users\stephen\Documents\GB Olympic Performance.mht
    [2012/08/10 14:52:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/08/02 15:29:59 | 000,053,482 | ---- | M] () -- C:\Users\stephen\Documents\temperature records by decade.ods
    [2012/07/29 18:20:03 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/14 14:59:58 | 704,139,262 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/08/14 09:58:12 | 000,338,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/13 22:47:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/13 22:47:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/13 22:47:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/13 22:47:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/13 22:47:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/13 22:10:58 | 000,000,512 | ---- | C] () -- C:\Users\stephen\Documents\Desktop\MBR.dat
    [2012/08/13 13:57:03 | 001,565,723 | ---- | C] () -- C:\Users\stephen\Documents\GB Olympic Performance.mht
    [2012/08/13 09:02:00 | 000,021,107 | ---- | C] () -- C:\Users\stephen\Documents\UK Athletics Performance.ods
    [2012/07/29 18:20:03 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/19 21:04:51 | 000,053,482 | ---- | C] () -- C:\Users\stephen\Documents\temperature records by decade.ods
    [2012/03/26 15:11:59 | 000,001,355 | ---- | C] () -- C:\Users\stephen\AppData\Roaming\SAS7_000.DAT
    [2012/01/05 10:53:08 | 000,001,630 | ---- | C] () -- C:\ProgramData\repository.xml
    [2011/09/07 23:12:15 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2011/05/29 15:58:32 | 000,026,624 | ---- | C] () -- C:\Users\stephen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/27 13:28:06 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/04 14:48:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2011/03/04 14:42:11 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2010/11/10 15:43:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/11/10 15:41:29 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2012/05/24 17:12:11 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Audacity
    [2011/11/02 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\coupons
    [2011/10/17 15:12:58 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\ieSpell
    [2012/01/05 16:15:00 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\IrfanView
    [2012/03/26 14:06:41 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Nuance
    [2012/01/19 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\OOo-dev
    [2012/01/05 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\OpenOffice.org
    [2012/01/05 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\PerformerSoft
    [2012/01/05 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Serif
    [2012/03/05 09:00:08 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Shareaza
    [2012/01/06 10:31:49 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\SmallBASIC
    [2012/08/14 16:28:02 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\SoftGrid Client
    [2011/05/27 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Toshiba
    [2011/05/27 13:28:54 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\TP
    [2011/06/29 16:54:21 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\TrueCrypt
    [2011/05/27 16:43:17 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Windows Live Writer
    [2012/07/31 08:19:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < c:|bProtector;true;true;true; /FP >
    [2012/08/13 22:58:26 | 000,000,000 | ---D | M] -- c:\Qoobox\Quarantine\C\ProgramData\bProtector

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 16 bytes -> C:\Users\stephen\Documents\dump:Shareaza.GUID
    @Alternate Data Stream - 16 bytes -> C:\Users\stephen\Documents\Downloads:Shareaza.GUID
    < End of report >
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Whilst I go through that, Firefox has it's own "safe mode".

    Start it in safe mode and see if you get the warnings from Avast.

    http://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode#w_how-to-start-firefox-in-safe-mode
  • cepheus
    cepheus Posts: 20,053 Forumite
    No problem in safe mode
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.3K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.7K Spending & Discounts
  • 244.2K Work, Benefits & Business
  • 599.4K Mortgages, Homes & Bills
  • 177.1K Life & Family
  • 257.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture