Incredibar, not to sure if I've removed it all

Solved
By tedus987
Jan 31, 2013
Topic Status:
Not open for further replies.
  1. Ok, I've built a new computer and within a couple of days ended up getting a virus infection. the reasion for this is that I went to download and install paint.NET. not knowing that the 'download now' button wasn't for paint'.net but for malisions software.

    I ran both spybot and malwarebytes and they removed sevral items... I then uninstalled the incredibar from the start menu, then from add or remove programs, then did a search for anything created that day and removed anything that looked like an incredibar thing. and removed the addons from IE, Crome and Mozzila.

    it's been 3 days since and I'm not to sure if I'm in the clear, spybot notified me that it's immunization wasn't on mozilla (could have been to me removing all history and clearing the cookie cashe) and every day my PC keeps telling me it has something plugged in to the front speker jack of my computer. "what device did you just plug in." even thought I have nothing plugged in.

    oth spybot and Malwarebytes are telling me I'm clean but I'm not to sure.

    I'll post a log of todays malware bytes scan

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.31.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Luke :: LUKE-PC-BUILD2 [administrator]

    31/01/2013 07:16:48
    mbam-log-2013-01-31 (07-16-48).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 386560
    Time elapsed: 22 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ---------------

    and I'll run the other thing straight away after this post, my main goal is ti find out if I've cleaned my PC.
  2. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    And here's the DDS

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/01/2013 15:36:01
    System Uptime: 31/01/2013 07:10:17 (8 hours ago)
    .
    Motherboard: MSI | | 990FXA-GD65 (MS-7640)
    Processor: AMD FX(tm)-6200 Six-Core Processor | CPU 1 | 3800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 848.433 GiB free.
    D: is FIXED (NTFS) - 3726 GiB total, 3691.106 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&198C2624&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&198C2624&0
    Service: i8042prt
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&198C2624&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&198C2624&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP14: 25/01/2013 21:58:20 - Windows Update
    RP15: 25/01/2013 22:11:17 - Windows Update
    RP16: 25/01/2013 22:13:04 - Windows Update
    RP17: 25/01/2013 22:41:42 - Windows Update
    RP18: 25/01/2013 22:46:35 - Windows Update
    RP19: 25/01/2013 22:53:23 - Windows Update
    RP20: 27/01/2013 17:35:58 - Windows Update
    RP21: 27/01/2013 18:37:32 - Installed Steam
    RP22: 29/01/2013 16:31:27 - Installed DirectX
    RP23: 29/01/2013 16:47:24 - Installed DirectX
    RP25: 30/01/2013 17:28:05 - Paint.NET v3.5.10
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Fuel
    AVG Security Toolbar
    Back to the Future: Ep 1 - It's About Time
    Back to the Future: Ep 2 - Get Tannen!
    Back to the Future: Ep 3 - Citizen Brown
    Back to the Future: Ep 4 - Double Visions
    Back to the Future: Ep 5 - OUTATIME
    Catalyst Control Center
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Creative System Information
    CyberLink BD_3D Advisor 2.0
    CyberLink LabelPrint 2.5
    CyberLink Media Suite 10
    CyberLink MediaEspresso 6.5
    CyberLink MediaShow 6
    CyberLink Power2Go 7
    CyberLink PowerDVD 10
    CyberLink PowerProducer 5.5
    Dolby Digital Live Pack
    EVGA Precision X 3.0.3
    Google Chrome
    Google Update Helper
    LG ODD Auto Firmware Update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Mozilla Firefox 18.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Paint.NET v3.5.10
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Sound Blaster Recon3D PCIe
    Sound Blaster Recon3D PCIe Extras
    Spybot - Search & Destroy
    Star Wars Knights of the Old Republic
    Star Wars Knights of the Old Republic II - The Sith Lords
    Star Wars: The Old Republic
    Steam
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    ZoneAlarm Antivirus
    ZoneAlarm DataLock
    ZoneAlarm Do Not Track Add-on 2.2.5.1213
    ZoneAlarm Extreme Security
    ZoneAlarm Firewall
    ZoneAlarm LTD Toolbar
    ZoneAlarm Security
    ZoneAlarm Security Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/01/2013 19:51:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    27/01/2013 19:51:20, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    27/01/2013 17:23:46, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    25/01/2013 22:50:09, Error: Service Control Manager [7034] - The Sound Blaster Service service terminated unexpectedly. It has done this 1 time(s).
    25/01/2013 22:50:09, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
    25/01/2013 22:50:09, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
    25/01/2013 22:50:08, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
    25/01/2013 22:50:08, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    25/01/2013 22:40:22, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2799329).
    25/01/2013 22:37:48, Error: Service Control Manager [7023] -
    25/01/2013 22:15:54, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2750841).
    25/01/2013 22:15:54, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2757638).
    25/01/2013 22:15:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2709630).
    25/01/2013 22:15:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2541014).
    25/01/2013 22:15:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2509553).
    25/01/2013 22:15:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2770660).
    25/01/2013 22:15:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2758857).
    25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2749655).
    25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2732059).
    25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2785220).
    25/01/2013 22:15:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).
    25/01/2013 22:15:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2488113).
    25/01/2013 22:15:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2536275).
    25/01/2013 22:15:10, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).
    25/01/2013 22:15:01, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2645640).
    25/01/2013 22:15:01, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2762895).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2726535).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2699779).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2506014).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2743555).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2727528).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2706045).
    25/01/2013 22:14:55, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2690533).
    25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2786081).
    25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2761217).
    25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2778930).
    25/01/2013 22:14:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2659262).
    25/01/2013 22:14:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2732500).
    25/01/2013 22:14:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2506928).
    25/01/2013 22:14:17, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2705219).
    25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2654428).
    25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2544893).
    25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2491683).
    25/01/2013 22:14:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656411).
    25/01/2013 22:07:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Windows Update Setup Handler.
    .
    ==== End Of File ===========================
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there!

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  4. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, my active firewall and anti virus are zone alarm, disabled them to run combofix.
  5. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Right how many stages dose combo fix have, it's currently on stage 4... having to use my old PC because I disconnected my new one to run combo fix.

    edit: I meant to say it's currently saying 'completed stage 4' but I've been waiting half an hour and it hasn't moved since.

    ok, been a couple of hours gonna try in safe mode from a CD.
  6. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Solved ran perfectly in safe mode

    combo fix logs

    ComboFix 13-01-31.03 - Luke 31/01/2013 19:51:04.2.6 - x64 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.32738.30415 [GMT 0:00]
    Running from: c:\users\Luke\Desktop\ComboFix.exe
    AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Free Firewall Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\tmp3830.tmp
    c:\windows\SysWow64\tmp39D6.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-31 19:53 . 2013-01-31 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-30 17:28 . 2013-01-30 17:28 -------- d-----w- c:\program files\Paint.NET
    2013-01-29 17:27 . 2013-01-29 17:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-29 17:27 . 2013-01-29 17:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\SysWow64\Macromed
    2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\system32\Macromed
    2013-01-29 17:16 . 2013-01-29 17:16 450 ----a-w- C:\user.js
    2013-01-29 15:14 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63A718F7-5265-4E0F-960F-150194B16483}\mpengine.dll
    2013-01-27 21:01 . 2013-01-27 21:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\hedev
    2013-01-27 18:37 . 2013-01-29 15:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2013-01-27 18:34 . 2013-01-27 18:34 -------- d-----w- c:\programdata\AVG Secure Search
    2013-01-27 18:33 . 2013-01-30 16:09 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-01-27 18:33 . 2013-01-30 16:10 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2013-01-27 18:33 . 2013-01-30 16:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2013-01-27 18:24 . 2013-01-27 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-27 18:24 . 2013-01-27 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2013-01-27 18:19 . 2013-01-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-27 18:19 . 2013-01-27 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-27 18:19 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-27 18:10 . 2012-11-15 21:06 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
    2013-01-27 18:10 . 2012-11-15 21:06 611160 ----a-w- c:\windows\system32\drivers\klif.sys
    2013-01-27 18:05 . 2013-01-27 18:05 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
    2013-01-27 17:39 . 2013-01-27 17:39 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2013-01-27 17:23 . 2013-01-27 17:23 -------- d-----w- c:\program files\CheckPoint
    2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
    2013-01-27 17:21 . 2013-01-27 17:23 -------- d-----w- c:\program files (x86)\CheckPoint
    2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\programdata\CheckPoint
    2013-01-25 22:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2013-01-25 22:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-25 22:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2013-01-25 22:51 . 2013-01-25 22:51 -------- d-----w- c:\users\Public\Creative
    2013-01-25 22:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-25 22:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-01-25 22:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-01-25 22:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-25 22:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-01-25 22:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-01-25 22:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-01-25 22:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-01-25 22:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-01-25 22:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2013-01-25 22:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2013-01-25 22:43 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-25 22:43 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-25 22:43 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2013-01-25 22:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-01-25 22:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2013-01-25 22:43 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-25 22:43 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2013-01-25 22:42 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2013-01-25 22:42 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2013-01-25 22:42 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2013-01-25 22:42 . 2013-01-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2013-01-25 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-01-25 22:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2013-01-25 22:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2013-01-25 22:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2013-01-25 22:40 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2013-01-25 22:40 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2013-01-25 22:40 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2013-01-25 22:40 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2013-01-25 22:40 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2013-01-25 22:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2013-01-25 22:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2013-01-25 22:40 . 2013-01-25 22:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-01-25 22:39 . 2013-01-25 22:41 -------- d-----w- c:\program files (x86)\Google
    2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\SysWow64\Wat
    2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\system32\Wat
    2013-01-25 22:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-01-25 22:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-01-25 22:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-01-25 22:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-01-25 22:23 . 2012-12-16 17:31 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-25 22:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2013-01-25 22:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-25 22:12 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2013-01-25 22:09 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
    2013-01-25 22:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2013-01-25 22:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2013-01-25 22:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2013-01-25 21:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2013-01-25 21:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2013-01-25 21:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2013-01-25 21:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-25 21:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2013-01-25 21:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2013-01-25 21:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-25 21:58 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-25 21:58 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-25 21:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2013-01-25 21:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2013-01-25 21:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2013-01-25 21:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2013-01-25 21:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2013-01-25 21:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2013-01-25 21:47 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2013-01-25 07:15 . 2013-01-24 15:36 -------- d-----w- c:\windows\Panther
    2013-01-24 18:02 . 2013-01-24 18:02 -------- d-----w- c:\users\Public\CyberLink
    2013-01-24 17:44 . 2012-07-11 13:18 23664 ----a-w- c:\windows\SysWow64\lgfwunis.exe
    2013-01-24 17:44 . 2001-08-29 21:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
    2013-01-24 17:44 . 1998-07-22 00:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
    2013-01-24 17:44 . 1998-07-22 00:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
    2013-01-24 17:44 . 1998-06-24 00:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
    2013-01-24 17:44 . 2013-01-29 18:10 -------- d-----w- c:\program files (x86)\lg_fwupdate
    2013-01-24 17:42 . 2013-01-24 17:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2013-01-24 17:42 . 2013-01-24 17:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-24 17:42 . 2013-01-24 17:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-24 17:38 . 2013-01-24 17:45 -------- d-----w- c:\programdata\install_clap
    2013-01-24 17:37 . 2013-01-24 17:45 -------- d-----w- c:\program files (x86)\CyberLink
    2013-01-24 17:37 . 2013-01-24 17:37 -------- d-----w- c:\programdata\CLSK
    2013-01-24 17:37 . 2013-01-24 18:02 -------- d-----w- c:\programdata\CyberLink
    2013-01-24 16:34 . 2013-01-25 22:49 -------- d-----w- c:\programdata\Creative
    2013-01-24 16:28 . 2000-05-11 01:00 90112 ------w- c:\windows\Updreg.EXE
    2013-01-24 16:28 . 2013-01-24 16:28 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-01-24 16:28 . 2013-01-24 16:28 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2013-01-24 16:28 . 2013-01-24 16:28 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-01-24 16:28 . 2013-01-24 16:28 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2013-01-24 16:28 . 2011-11-14 15:23 1943040 ------w- c:\windows\system32\Sens_oal.dll
    2013-01-24 16:20 . 2013-01-24 16:21 -------- d-----w- c:\program files (x86)\EVGA Precision X
    2013-01-24 16:15 . 2013-01-31 07:10 -------- d-----w- c:\programdata\NVIDIA
    2013-01-24 16:15 . 2013-01-25 22:53 -------- d-----w- c:\users\UpdatusUser
    2013-01-24 16:13 . 2013-01-24 16:13 -------- d-----w- C:\NVIDIA
    2013-01-24 16:11 . 2013-01-24 16:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2013-01-24 16:10 . 2013-01-24 16:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-13 11:49 . 2012-12-13 11:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2012-11-30 04:45 . 2013-01-25 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-01-30 16:09 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-30 1883824]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="d:\installed games\Steam\Steam.exe" [2013-01-27 1354736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" [2011-11-14 880128]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-30 1101488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/24 17:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-09 242664]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe [2013-01-10 103424]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-30 945328]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-01-24 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-01-24 79360]
    R3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys [2013-01-10 1044400]
    R3 CTHDB;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\CtHDb.sys [2013-01-10 28592]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
    R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-25 1255736]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-30 37720]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 22:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 17:27]
    .
    2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
    .
    2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
    .
    2013-01-31 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30 16:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&v=14.0.2.14&pid=avg&sg=&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
    FF - ExtSQL: 2013-01-27 17:23; ffxtlbr@zonealarm.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\ffxtlbr@zonealarm.com
    FF - ExtSQL: 2013-01-27 17:23; donottrack@checkpoint.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com
    FF - ExtSQL: 2013-01-27 18:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - ExtSQL: 2013-01-27 18:34; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.0.2.14
    FF - user.js: extensions.zonealarm_i.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.dfltSrch - true
    FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
    FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm_i.dnsErr - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.autoRvrt - false
    FF - user.js: extensions.zonealarm_i.newTab - false
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=97be6726efb44bfba75cc672272c65bf&tu=10GpG006K2B000s&sku=&tstsId=&ver=&&q=
    FF - user.js: extensions.zonealarm.id - 9c17b2130000000000008c89a588ce82
    FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
    FF - user.js: extensions.zonealarm.instlDay - 15732
    FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
    FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:05
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1043
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base2013
    FF - user.js: extensions.zonealarm.instlRef - ZLN116573865866699-1001
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 9c17b2130000000000008c89a588ce82
    FF - user.js: extensions.incredibar_i.instlDay - 15734
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:16
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6Oz1LE6ej6
    FF - user.js: extensions.incredibar_i.upn2n - 92262881519060488
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10678
    FF - user.js: extensions.incredibar_i.ppd - 111
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-31 19:55:24
    ComboFix-quarantined-files.txt 2013-01-31 19:55
    .
    Pre-Run: 909,724,925,952 bytes free
    Post-Run: 909,311,721,472 bytes free
    .
    - - End Of File - - D20D566C6E235562733684FA5AD01B4D

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------

    ok, got to turn infected PC off here, I can still respond from my old PC.
  7. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Right, just turned it on this morning and spybot's immunize has reported that the global host had no immunity this time.
  8. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Can I ask if I'm suppose to do anything else... not too sure how long it takes for a standard reply.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next step:

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  10. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Will it work outside of safe mode?
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try it out...it should. :)
     
  12. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, gonna run it now. I'll post the log before I turn the computer off.
  13. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    That was quick...

    ok, log is...

    the OLT log
    ----------------------------------------------------------------------------------
    OTL logfile created on: 01/02/2013 19:49:21 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    31.97 Gb Total Physical Memory | 27.51 Gb Available Physical Memory | 86.04% Memory free
    63.94 Gb Paging File | 59.34 Gb Available in Paging File | 92.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 847.62 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
    Drive D: | 3725.90 Gb Total Space | 3672.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS
    Drive E: | 0.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: LUKE-PC-BUILD2 | User Name: Luke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/01 19:08:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.exe
    PRC - [2013/01/30 16:09:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2013/01/30 16:09:30 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    PRC - [2013/01/27 19:51:16 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2013/01/27 18:39:08 | 001,354,736 | ---- | M] (Valve Corporation) -- D:\installed games\Steam\Steam.exe
    PRC - [2013/01/25 22:39:57 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2013/01/23 18:28:36 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2013/01/23 17:57:24 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2013/01/10 10:02:16 | 000,103,424 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHdaSvc.exe
    PRC - [2012/10/02 22:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/05/09 07:03:28 | 000,078,312 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2012/03/28 10:34:28 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2011/11/14 05:44:20 | 000,880,128 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
    PRC - [2011/10/19 08:30:49 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2011/03/09 14:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/30 16:09:31 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
    MOD - [2013/01/30 16:09:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2013/01/27 19:51:18 | 000,647,168 | ---- | M] () -- D:\installed games\Steam\sdl.dll
    MOD - [2013/01/27 19:51:16 | 020,320,240 | ---- | M] () -- D:\installed games\Steam\bin\libcef.dll
    MOD - [2013/01/27 19:51:16 | 001,100,800 | ---- | M] () -- D:\installed games\Steam\bin\avcodec-53.dll
    MOD - [2013/01/27 19:51:16 | 000,969,640 | ---- | M] () -- D:\installed games\Steam\bin\chromehtml.dll
    MOD - [2013/01/27 19:51:16 | 000,192,000 | ---- | M] () -- D:\installed games\Steam\bin\avformat-53.dll
    MOD - [2013/01/27 19:51:16 | 000,124,416 | ---- | M] () -- D:\installed games\Steam\bin\avutil-51.dll
    MOD - [2013/01/27 18:49:24 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
    MOD - [2013/01/27 18:49:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
    MOD - [2013/01/27 18:49:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013/01/27 18:48:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
    MOD - [2013/01/27 18:47:58 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/27 18:47:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/27 18:47:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/27 18:47:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2011/03/09 14:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2011/03/09 14:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/11/22 14:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
    SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/01/30 16:09:30 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
    SRV - [2013/01/29 17:27:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/27 19:51:16 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/01/24 16:28:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2013/01/24 16:27:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2013/01/23 18:28:36 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/01/16 20:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/10 10:02:16 | 000,103,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
    SRV - [2012/10/02 22:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/05/09 16:03:26 | 000,242,664 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
    SRV - [2011/10/19 08:30:49 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/30 16:09:31 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/01/10 10:02:16 | 001,044,400 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthda.sys -- (cthda)
    DRV:64bit: - [2013/01/10 10:02:16 | 000,028,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthdb.sys -- (CTHDB)
    DRV:64bit: - [2012/12/13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2012/11/22 14:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2012/11/15 21:06:08 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2012/08/23 14:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/03 15:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/28 20:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/11/17 23:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC F7 F6 DC B0 FC CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{F7D9FB40-D297-491E-86F4-2DF3A207CB95}: "URL" = http://search.zonealarm.com/search?...f&tu=10G90006K2B000s&sku=&tstsId=&ver=&&r=658
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com/?cid={774FCF...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&v=14.0.2.14&pid=avg&sg=&sap=hp"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
    FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
    FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.0.2.14
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&pid=avg&sg=&v=14.0.2.14&sap=ku&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013/01/27 18:11:11 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/01/27 18:11:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/30 16:10:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 22:40:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/01/25 22:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Extensions
    [2013/01/29 17:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions
    [2013/01/27 18:11:07 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com
    [2013/01/27 18:11:06 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\ffxtlbr@zonealarm.com
    [2013/01/27 18:05:10 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js
    [2013/01/25 22:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/30 16:10:00 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.0.2.14
    [2013/01/16 20:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/01/17 00:36:02 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2013/01/30 16:09:53 | 000,003,594 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2013/01/17 00:36:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/17 00:36:02 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2013/01/17 00:36:02 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2013/01/17 00:36:02 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2013/01/17 00:36:03 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.co.uk/
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={...ab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33:58&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.co.uk/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - Extension: Google Docs = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
    CHR - Extension: Google Drive = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Secure Search = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\
    CHR - Extension: Gmail = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/02/01 14:37:14 | 000,444,602 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15296 more lines...
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\bh\zonealarm.dll (Montera Technologeis LTD)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Do Not Track) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\zonealarmTlbr.dll (Montera Technologeis LTD)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Sound Blaster Recon3D PCIe Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [Steam] D:\installed games\Steam\Steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AB2F9CB-4AAC-4F71-8F68-A98FC8BE792D}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  14. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/01 19:47:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.exe
    [2013/01/31 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\ElevatedDiagnostics
    [2013/01/31 19:59:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/31 19:55:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/31 19:48:19 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\Luke\Desktop\ComboFix.exe
    [2013/01/31 17:05:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/31 17:05:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/31 17:05:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/31 17:04:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/31 17:04:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/30 17:49:13 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2013/01/30 17:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
    [2013/01/30 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Paint.NET
    [2013/01/29 18:49:48 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\DoNotTrackPlus
    [2013/01/29 18:26:43 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Diagnostics
    [2013/01/29 17:27:41 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Macromedia
    [2013/01/29 17:27:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2013/01/29 17:27:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2013/01/29 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\NVIDIA
    [2013/01/29 16:31:16 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
    [2013/01/28 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\SWTOR
    [2013/01/28 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\HeroBlade Logs
    [2013/01/27 21:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
    [2013/01/27 21:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
    [2013/01/27 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2013/01/27 18:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2013/01/27 18:34:05 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\AVG Secure Search
    [2013/01/27 18:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2013/01/27 18:33:56 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/01/27 18:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2013/01/27 18:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2013/01/27 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2013/01/27 18:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/01/27 18:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2013/01/27 18:20:07 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Malwarebytes
    [2013/01/27 18:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/27 18:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/27 18:19:58 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/01/27 18:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/27 18:19:28 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Programs
    [2013/01/27 18:10:52 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
    [2013/01/27 18:10:52 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
    [2013/01/27 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DoNotTrackPlus
    [2013/01/27 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\ForceField Shared Files
    [2013/01/27 17:23:41 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\CheckPoint
    [2013/01/27 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2013/01/27 17:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    [2013/01/27 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD
    [2013/01/27 17:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
    [2013/01/27 17:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2013/01/25 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2013/01/25 22:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/01/25 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Mozilla
    [2013/01/25 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Mozilla
    [2013/01/25 22:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/01/25 22:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/25 22:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/01/25 22:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2013/01/25 22:39:54 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Google
    [2013/01/25 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Apps
    [2013/01/25 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Deployment
    [2013/01/25 22:35:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2013/01/25 22:35:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2013/01/25 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Power2Go
    [2013/01/25 07:15:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2013/01/24 23:19:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/01/24 23:17:02 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2013/01/24 23:16:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2013/01/24 17:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
    [2013/01/24 17:44:58 | 000,023,664 | ---- | C] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
    [2013/01/24 17:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate
    [2013/01/24 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\CyberLink
    [2013/01/24 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\CyberLink
    [2013/01/24 17:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
    [2013/01/24 17:37:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
    [2013/01/24 17:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
    [2013/01/24 17:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
    [2013/01/24 17:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
    [2013/01/24 17:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [2013/01/24 16:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2013/01/24 16:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
    [2013/01/24 16:28:13 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2013/01/24 16:28:13 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2013/01/24 16:28:07 | 002,906,590 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
    [2013/01/24 16:28:07 | 001,943,040 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
    [2013/01/24 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
    [2013/01/24 16:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
    [2013/01/24 16:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
    [2013/01/24 16:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
    [2013/01/24 16:21:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2013/01/24 16:20:57 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
    [2013/01/24 16:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision X
    [2013/01/24 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2013/01/24 16:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2013/01/24 16:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2013/01/24 16:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2013/01/24 16:13:23 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2013/01/24 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Macromedia
    [2013/01/24 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2013/01/24 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Adobe
    [2013/01/24 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2013/01/24 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/01/24 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2013/01/24 16:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
    [2013/01/24 16:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
    [2013/01/24 16:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
    [2013/01/24 16:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2013/01/24 16:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2013/01/24 16:05:24 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2013/01/24 16:05:24 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2013/01/24 16:05:23 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2013/01/24 16:05:23 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2013/01/24 16:05:23 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2013/01/24 16:05:20 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2013/01/24 16:05:20 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2013/01/24 16:05:20 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2013/01/24 16:05:20 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2013/01/24 16:05:20 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2013/01/24 16:05:20 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2013/01/24 16:05:16 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2013/01/24 16:05:15 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2013/01/24 16:05:12 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2013/01/24 16:05:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2013/01/24 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2013/01/24 16:01:19 | 000,539,240 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2013/01/24 16:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2013/01/24 16:00:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2013/01/24 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2013/01/24 15:58:54 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\AMD
    [2013/01/24 15:58:53 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\ATI
    [2013/01/24 15:58:53 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\ATI
    [2013/01/24 15:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2013/01/24 15:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2013/01/24 15:58:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2013/01/24 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2013/01/24 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
    [2013/01/24 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2013/01/24 15:57:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2013/01/24 15:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2013/01/24 15:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2013/01/24 15:36:16 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/01/24 15:36:16 | 000,000,000 | R--D | C] -- C:\Users\Luke\Searches
    [2013/01/24 15:36:16 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/01/24 15:36:16 | 000,000,000 | -H-D | C] -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/01/24 15:36:09 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Identities
    [2013/01/24 15:36:08 | 000,000,000 | R--D | C] -- C:\Users\Luke\Contacts
    [2013/01/24 15:36:07 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\VirtualStore
    [2013/01/24 15:36:04 | 000,000,000 | --SD | C] -- C:\Users\Luke\AppData\Roaming\Microsoft
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Videos
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Saved Games
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Pictures
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Music
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Links
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Favorites
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Downloads
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Documents
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\Desktop
    [2013/01/24 15:36:04 | 000,000,000 | R--D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\Temporary Internet Files
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Templates
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Start Menu
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\SendTo
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Recent
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\PrintHood
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\NetHood
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Videos
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Pictures
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Music
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\My Documents
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Local Settings
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\History
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Cookies
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\Application Data
    [2013/01/24 15:36:04 | 000,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\Application Data
    [2013/01/24 15:36:04 | 000,000,000 | -H-D | C] -- C:\Users\Luke\AppData
    [2013/01/24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Temp
    [2013/01/24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Microsoft
    [2013/01/24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Media Center Programs
    [2013/01/24 15:36:00 | 000,000,000 | ---D | C] -- C:\Recovery

    ========== Files - Modified Within 30 Days ==========

    [2013/02/01 19:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/01 19:08:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Desktop\OTL.exe
    [2013/02/01 19:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/01 14:37:14 | 000,444,602 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/02/01 07:17:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/01 07:17:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/01 07:14:25 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2013/02/01 07:14:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/01 07:14:15 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/01 07:14:15 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/01 07:14:15 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/01 07:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/01 07:09:53 | 4271,554,555 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/31 20:00:10 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini
    [2013/01/31 19:53:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130201-143714.backup
    [2013/01/31 19:31:26 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\Luke\Desktop\ComboFix.exe
    [2013/01/30 17:28:57 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
    [2013/01/30 16:09:31 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/01/29 18:50:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/29 17:16:34 | 000,000,450 | ---- | M] () -- C:\user.js
    [2013/01/29 16:58:16 | 000,000,823 | ---- | M] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
    [2013/01/29 16:58:07 | 000,000,963 | ---- | M] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic.lnk
    [2013/01/29 16:49:29 | 000,013,449 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
    [2013/01/27 21:01:20 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    [2013/01/27 21:01:20 | 000,001,049 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
    [2013/01/27 18:37:52 | 000,000,699 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2013/01/27 18:30:20 | 000,445,399 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130130-163829.backup
    [2013/01/27 18:24:39 | 000,001,282 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/01/27 18:24:39 | 000,001,258 | ---- | M] () -- C:\Users\Luke\Desktop\Spybot - Search & Destroy.lnk
    [2013/01/27 18:19:59 | 000,001,133 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/01/27 18:13:55 | 000,418,047 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2013/01/27 17:23:30 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    [2013/01/25 22:51:37 | 000,002,279 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/25 22:51:05 | 000,277,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/25 22:41:15 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/01/25 22:40:21 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/01/25 22:38:07 | 000,001,437 | ---- | M] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/25 22:38:03 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
    [2013/01/25 22:17:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/01/25 22:17:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/01/24 23:19:12 | 000,040,868 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2013/01/24 23:19:12 | 000,040,868 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2013/01/24 17:45:56 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
    [2013/01/24 17:37:42 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
    [2013/01/24 16:28:13 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2013/01/24 16:28:13 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2013/01/24 16:27:49 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
    [2013/01/24 16:27:06 | 000,000,078 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2013/01/24 16:20:57 | 000,001,088 | ---- | M] () -- C:\Users\Luke\Desktop\EVGA Precision X.lnk
    [2013/01/24 16:11:04 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
    [2013/01/24 16:10:38 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2013/01/10 10:02:16 | 000,025,076 | ---- | M] () -- C:\Windows\SysNative\CtHda.ini
    [2013/01/10 10:02:16 | 000,011,180 | ---- | M] () -- C:\Windows\SysWow64\CtHRFX64.hda
    [2013/01/10 10:02:16 | 000,011,180 | ---- | M] () -- C:\Windows\SysNative\CTHRFX64.hda
    [2013/01/10 10:02:16 | 000,004,850 | ---- | M] () -- C:\Windows\CtHdaLoc.reg

    ========== Files Created - No Company Name ==========

    [2013/01/31 17:05:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/31 17:05:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/31 17:05:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/31 17:05:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/31 17:05:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/30 17:28:57 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
    [2013/01/30 17:28:57 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
    [2013/01/30 16:10:00 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2013/01/29 17:27:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/29 17:16:34 | 000,000,450 | ---- | C] () -- C:\user.js
    [2013/01/29 16:58:16 | 000,000,823 | ---- | C] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
    [2013/01/29 16:58:07 | 000,000,963 | ---- | C] () -- C:\Users\Luke\Desktop\Star Wars Knights of the Old Republic.lnk
    [2013/01/27 21:01:20 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
    [2013/01/27 21:01:20 | 000,001,049 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
    [2013/01/27 18:37:59 | 000,013,449 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
    [2013/01/27 18:37:52 | 000,000,699 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2013/01/27 18:24:39 | 000,001,282 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/01/27 18:24:39 | 000,001,258 | ---- | C] () -- C:\Users\Luke\Desktop\Spybot - Search & Destroy.lnk
    [2013/01/27 18:19:59 | 000,001,133 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/01/27 18:19:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/27 17:23:44 | 000,418,047 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2013/01/27 17:23:30 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    [2013/01/25 22:41:15 | 000,002,279 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/25 22:41:15 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/01/25 22:40:21 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/01/25 22:40:21 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/01/25 22:39:59 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/25 22:39:59 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/25 22:38:03 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
    [2013/01/25 22:23:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013/01/25 22:17:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/01/25 22:17:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/01/25 22:14:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013/01/24 23:19:07 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2013/01/24 23:19:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2013/01/24 23:16:42 | 4271,554,555 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/24 17:45:56 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
    [2013/01/24 17:45:02 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2013/01/24 17:37:42 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
    [2013/01/24 16:27:49 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
    [2013/01/24 16:27:45 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
    [2013/01/24 16:27:23 | 000,005,594 | ---- | C] () -- C:\Windows\SysNative\CTOPT399.cat
    [2013/01/24 16:27:23 | 000,005,498 | ---- | C] () -- C:\Windows\SysWow64\CTOPT399.cat
    [2013/01/24 16:26:33 | 000,003,770 | ---- | C] () -- C:\Windows\cthdaENG.reg
    [2013/01/24 16:26:33 | 000,000,078 | RH-- | C] () -- C:\Windows\ctfile.rfc
    [2013/01/24 16:20:57 | 000,001,088 | ---- | C] () -- C:\Users\Luke\Desktop\EVGA Precision X.lnk
    [2013/01/24 16:14:48 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
    [2013/01/24 16:14:21 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
    [2013/01/24 16:11:04 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
    [2013/01/24 16:11:04 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
    [2013/01/24 16:10:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2013/01/24 16:10:38 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2013/01/24 16:01:18 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2013/01/24 15:58:25 | 000,001,437 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/24 15:36:19 | 000,001,409 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2013/01/24 15:36:17 | 000,001,443 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/01/24 15:36:04 | 000,000,290 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/01/24 15:36:04 | 000,000,272 | ---- | C] () -- C:\Users\Luke\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/01/10 10:02:16 | 000,025,076 | ---- | C] () -- C:\Windows\SysNative\CtHda.ini
    [2013/01/10 10:02:16 | 000,011,180 | ---- | C] () -- C:\Windows\SysWow64\CtHRFX64.hda
    [2013/01/10 10:02:16 | 000,011,180 | ---- | C] () -- C:\Windows\SysNative\CTHRFX64.hda
    [2013/01/10 10:02:16 | 000,004,850 | ---- | C] () -- C:\Windows\CtHdaLoc.reg
    [2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/27 17:23:41 | 000,000,000 | ---D | M] -- C:\Users\Luke\AppData\Roaming\CheckPoint

    ========== Purity Check ==========



    < End of report >
  15. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, and the extra log

    ---------------------------------------

    OTL Extras logfile created on: 01/02/2013 19:49:21 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luke\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    31.97 Gb Total Physical Memory | 27.51 Gb Available Physical Memory | 86.04% Memory free
    63.94 Gb Paging File | 59.34 Gb Available in Paging File | 92.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 847.62 Gb Free Space | 91.00% Space Free | Partition Type: NTFS
    Drive D: | 3725.90 Gb Total Space | 3672.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS
    Drive E: | 0.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: LUKE-PC-BUILD2 | User Name: Luke | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1231501D-D3D3-4E1D-8866-509AB477B59C}" = protocol=6 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{17C7CAB3-6D64-4B3A-ACE0-791D67CBE4B0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{25EFF774-485F-42E8-82A6-26EF603F17E6}" = protocol=17 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{2DCF96F0-07A3-4603-8BE4-76BBC4E6DD43}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 104\backtothefuture104.exe |
    "{2F0AD109-1295-49DA-BC0A-1133BC4889B0}" = protocol=6 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{4542839F-2AB6-4258-8DA1-190C6C3628AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{513521C8-FFCD-4D60-A547-D34E49105B89}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{63ABBC34-2F8B-4643-8E01-3C32056E0836}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{6A062871-1EC4-48B9-BFE8-4586F560DC7A}" = protocol=17 | dir=in | app=d:\installed games\steam\steam.exe |
    "{7928597A-24B2-41E3-8A00-790367F50B29}" = protocol=17 | dir=in | app=d:\installed games\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{85253198-5014-4138-98F3-38DADCDA8D1C}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{872FF794-3885-40D5-A749-3367FEE66439}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 2\backtothefuture102.exe |
    "{8859D5A8-E3B8-4918-BE0E-BB129F285742}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{9F834A52-B472-4F88-AC37-C6843A7ABD05}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 105\backtothefuture105.exe |
    "{A124DB4E-5325-4437-96D1-3821CDD07771}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
    "{A8BE664C-905A-4E36-B5A3-980C349D958E}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 105\backtothefuture105.exe |
    "{AA710D5C-A37D-4488-8839-7C0422E249E9}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 1\backtothefuture101.exe |
    "{B8302805-306C-4A32-8E75-2AE7103CDFC5}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 1\backtothefuture101.exe |
    "{BB3C59C0-65CE-45D3-BC0D-65714606B847}" = protocol=6 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 103\backtothefuture103.exe |
    "{D0E9BAA7-5CB9-44BF-8275-D72F0F821469}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{DC30EF47-FC14-40CA-BD7F-96315ED8E36B}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 104\backtothefuture104.exe |
    "{E400491B-8A18-4C96-A976-1654FD1DF6B8}" = protocol=6 | dir=in | app=d:\installed games\steam\steam.exe |
    "{E93C82DF-440B-4277-881A-E2B74A7355D3}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future ep 2\backtothefuture102.exe |
    "{FF54245B-188E-4CF6-971A-EE882A2CA83B}" = protocol=17 | dir=in | app=d:\installed games\steam\steamapps\common\back to the future 103\backtothefuture103.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{32F437DA-BABA-CD62-E342-69FE17FAC771}" = ccc-utility64
    "{413C3B15-DCB6-4329-77B0-C20A3D9F010F}" = AMD Fuel
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{9AFAAEAF-7256-793D-AE2B-B4B2C5B3A807}" = AMD Catalyst Install Manager
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{015E3420-9CA0-49A1-A107-8DF03523B000}" = ZoneAlarm DataLock
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{049155CC-5AB3-296F-5815-CD73A9646E99}" = CCC Help Greek
    "{08366AE3-72A2-523E-7218-D1B0B8271EBA}" = CCC Help Turkish
    "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
    "{204FCF73-1450-407D-BCF9-1233EC5F5787}" = Sound Blaster Recon3D PCIe Extras
    "{2812B4B3-A412-7785-1964-4D60340E60A9}" = CCC Help French
    "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{354C5FB7-C8EC-1EC4-BE90-109E048E9C82}" = CCC Help Russian
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
    "{462D8F12-355D-5920-9193-25388DA500DA}" = CCC Help Chinese Traditional
    "{4A1C03BB-6A5A-B8F8-F910-6791960DC25C}" = Catalyst Control Center Localization All
    "{4BF35375-9076-1169-6452-EC085410DD0E}" = Catalyst Control Center Profiles Mobile
    "{4CC4A295-8204-75C9-6E44-E280E661282B}" = CCC Help Korean
    "{4FD0F94D-0CAB-C85B-FA2C-9586BA0AAE60}" = CCC Help Spanish
    "{53B04D20-50D5-EA2F-BDFC-BCE332124FED}" = CCC Help Dutch
    "{53BCB6DB-C944-CE07-BBA7-B8EC2DA228B0}" = CCC Help Swedish
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5983D9F0-E6E9-423C-A920-9BA78935DC7A}" = ZoneAlarm Antivirus
    "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7C428915-7C49-E005-8D9C-0AFC3B9E2A55}" = CCC Help English
    "{86227080-3ADB-5A9B-BB8A-8CE8CB6429F8}" = CCC Help Chinese Standard
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink MediaShow 6
    "{91B1F7B1-9721-D228-F591-2C2A4695302C}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A075239D-F706-B32D-A071-5804AE360AF0}" = CCC Help Finnish
    "{A338D97B-5164-4D07-9C5D-19236976B2A2}" = ZoneAlarm Security
    "{A7CDE866-4E90-D922-89C4-31B836BC6E67}" = CCC Help German
    "{A83FC388-927A-68E4-72FC-FC54E404B27F}" = CCC Help Japanese
    "{A860FE72-A9F6-AB3D-09AE-3AA954EA1725}" = CCC Help Norwegian
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA2FA84C-E17E-4E6F-9F6B-8CFEB3661F0E}" = Sound Blaster Recon3D PCIe
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B2F86EAE-18EE-6B39-20D8-C542D841F034}" = CCC Help Thai
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
    "{BC3EBF1D-5F30-4E53-93A5-15FD9D1CF12B}" = ZoneAlarm Firewall
    "{BC5CE684-9D5B-707E-30BC-9275E2B49FA0}" = CCC Help Danish
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
    "{DC311C01-B1A9-8CAD-F018-9395269654EC}" = CCC Help Polish
    "{DCFF61CC-B313-37DF-D567-26430CBC8720}" = CCC Help Portuguese
    "{DE329278-4E61-8A9B-CADA-44AAC9E06C81}" = CCC Help Italian
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{DFE4070B-1657-942F-72B1-0057A9A830EF}" = CCC Help Hungarian
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
    "{ED20800E-1BFF-E5D6-86DF-2B8015E308E3}" = Catalyst Control Center
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FDF4B587-4070-4C2A-C3DC-A8F5DB3B6C5B}" = CCC Help Czech
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG Secure Search" = AVG Security Toolbar
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dolby Digital Live Pack" = Dolby Digital Live Pack
    "Google Chrome" = Google Chrome
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PrecisionX" = EVGA Precision X 3.0.3
    "Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 31290" = Back to the Future: Ep 1 - It's About Time
    "Steam App 94500" = Back to the Future: Ep 2 - Get Tannen!
    "Steam App 94510" = Back to the Future: Ep 3 - Citizen Brown
    "Steam App 94520" = Back to the Future: Ep 4 - Double Visions
    "Steam App 94530" = Back to the Future: Ep 5 - OUTATIME
    "SWKotOR2" = Star Wars Knights of the Old Republic II - The Sith Lords
    "SysInfo" = Creative System Information
    "ZoneAlarm Do Not Track Add-on_is1" = ZoneAlarm Do Not Track Add-on 2.2.5.1213
    "ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
    "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31/01/2013 15:48:44 | Computer Name = Luke-PC-Build2 | Source = WinMgmt | ID = 10
    Description =

    Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = VSS | ID = 18
    Description =

    Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = VSS | ID = 8193
    Description =

    Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = System Restore | ID = 8193
    Description =

    Error - 31/01/2013 15:59:44 | Computer Name = Luke-PC-Build2 | Source = WinMgmt | ID = 10
    Description =

    Error - 01/02/2013 03:10:05 | Computer Name = Luke-PC-Build2 | Source = WinMgmt | ID = 10
    Description =

    Error - 01/02/2013 03:58:09 | Computer Name = Luke-PC-Build2 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 01/02/2013 03:58:19 | Computer Name = Luke-PC-Build2 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 01/02/2013 03:59:17 | Computer Name = Luke-PC-Build2 | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 01/02/2013 12:43:19 | Computer Name = Luke-PC-Build2 | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    [ System Events ]
    Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 31/01/2013 15:47:46 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 31/01/2013 15:48:18 | Computer Name = Luke-PC-Build2 | Source = DCOM | ID = 10005
    Description =

    Error - 31/01/2013 15:50:29 | Computer Name = Luke-PC-Build2 | Source = DCOM | ID = 10005
    Description =

    Error - 31/01/2013 15:52:22 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 31/01/2013 15:53:32 | Computer Name = Luke-PC-Build2 | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 31/01/2013 15:53:53 | Computer Name = Luke-PC-Build2 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
  16. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, with that I have to turn off the infected computer. feal free to post the next step and I'll run it tomorow morning.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  18. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    OK, I'll do that tomorrow
    DragonMaster Jay likes this.
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay! (y)
    tedus987 likes this.
  20. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ow before I go, Adware cleaner, will it require safe mode or can I run it normally?

    if so, in order my tasks are...
    turn PC on and copy that text.
    re-start and run safe mode for combo fix making sure to close Zone alarm.
    re-start, upload combo fix log and run AdwCleaner and upload log.
    re-start and run safe-mode for Junkware Removal Tool.
    re-start and upload Junkware Removal Tool.

    I'm gonna have fun.
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    All these tools can run normally, as long as the system boots fine in Normal Mode.
    tedus987 likes this.
  22. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Combo Fix got stuck in normal mode, plus Zone alarm can be a pain to turn off in Normal mode.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Give it a try in Normal Mode. If no joy, then Safe Mode is best option. :)
    tedus987 likes this.
  24. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, will do.
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Will wait for info.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.