TechSpot

Trojan Sirefef.Y

Solved
By Andy Sweetman
Jun 13, 2012
  1. Hi
    I have a Windows 7 64 bit system and have today got the trojan sirefef.y which disabled MSE and started Windows shutting down after finding critical error. I have installed Antimalware software per the pinned thread on this forum however the pc does not allow (even in safe mode) time for the process to scan before the computer reboots after 60 seconds.

    I have downloaded the FRST file and attach the text output below - please help Broni!

    Scan result of Farbar Recovery Scan Tool Version: 12-06-2012 02
    Ran by SYSTEM at 13-06-2012 15:21:20
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
    HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)
    HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-04-03] (CANON INC.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-04-27] (cyberlink)
    HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2009-09-30] ()
    HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
    HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [557056 2011-08-17] (BitLeader)
    HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-06-02] (CyberLink Corp.)
    HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-09-26] (Seagate LLC)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-21] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [AmdAgent] C:\Windows\Temp\temp88.exe [792576 2012-06-13] ()
    HKU\Andy\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)
    HKU\Andy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
    HKU\Andy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Andy\...\Policies\system: [LogonHoursAction] 2
    HKU\Andy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Ben\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
    HKU\Ben\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
    HKU\Ben\...\Policies\system: [LogonHoursAction] 2
    HKU\Ben\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Hannah\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
    HKU\Hannah\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\Hannah\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
    HKU\Hannah\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-05-28] (Valve Corporation)
    HKU\Hannah\...\Policies\system: [LogonHoursAction] 2
    HKU\Hannah\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Lucy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
    HKU\Lucy\...\Policies\system: [LogonHoursAction] 2
    HKU\Lucy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Sam\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
    HKU\Sam\...\Policies\system: [LogonHoursAction] 2
    HKU\Sam\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Sam.Desktop\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
    HKU\Sam.Desktop\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\Sam.Desktop\...\Policies\system: [LogonHoursAction] 2
    HKU\Sam.Desktop\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-04] (Dell)
    HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
    Startup: C:\Users\Andy\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Ben\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Hannah\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Lucy\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Sam\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Sam.Desktop\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ==================== Services (Whitelisted) ======
    2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
    2 FreeAgentGoNext Service; "C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe" [189736 2009-09-26] (Seagate Technology LLC)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-07-02] ()
    3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-06-26] (Sonic Solutions)
    2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
    2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
    2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    ========================== Drivers (Whitelisted) =============
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\My Documents\~$ternet IDs.doc
    2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\Documents\~$ternet IDs.doc
    2012-06-13 13:01 - 2012-06-13 13:01 - 00003352 ____N C:\bootsqm.dat
    2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Sam.Desktop\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Lucy\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Hannah\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Ben\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Andy\Desktop\Live Security Platinum.lnk
    2012-06-11 18:24 - 2012-06-11 18:24 - 00000000 ____D C:\Users\Ben\Desktop\Minecraft
    2012-06-10 21:27 - 2012-06-10 21:27 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00133632 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00110592 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000221 ____A C:\Users\Ben\Desktop\Clones Demo.url
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\My Documents\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Documents\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Application Data\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2012-06-10 18:52 - 2012-06-10 18:52 - 00015910 ____A C:\Users\Ben\Desktop\hs_err_pid26928.log
    2012-06-10 18:37 - 2012-06-10 18:38 - 00002018 ____A C:\Users\Ben\My Documents\mcedit.ini
    2012-06-10 18:37 - 2012-06-10 18:38 - 00002018 ____A C:\Users\Ben\Documents\mcedit.ini
    2012-06-10 18:37 - 2012-06-10 18:37 - 00060473 ____A C:\Users\Ben\Downloads\mcedit-uninstall.exe
    2012-06-10 18:37 - 2012-06-10 18:37 - 00001693 ____A C:\Users\Ben\Desktop\MCEdit.lnk
    2012-06-10 18:37 - 2012-06-10 18:37 - 00001671 ____A C:\Users\Ben\Downloads\MCEdit.lnk
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\My Documents\MCEdit-schematics
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\MCEditData
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\doc
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Documents\MCEdit-schematics
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Application Data\pymclevel
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\AppData\Roaming\pymclevel
    2012-06-10 18:35 - 2012-06-10 18:36 - 10629010 ____A C:\Users\Ben\Downloads\MCEdit-stable33-win32-setup.exe
    2012-06-10 18:34 - 2012-06-10 18:34 - 01779847 ____A C:\Users\Ben\Downloads\mcedit-mcedit-0.1.1-1-g41ea379.zip
    2012-06-10 18:08 - 2012-06-10 18:08 - 01589718 ____A C:\Users\Ben\Downloads\Minecraft_Server.exe
    2012-06-10 18:07 - 2012-06-10 21:26 - 00000000 ____D C:\Users\Ben\Desktop\Ben's Minecraft Server
    2012-06-09 22:22 - 2012-06-09 22:28 - 00000000 ____D C:\Users\Hannah\Application Data\Mozilla
    2012-06-09 22:22 - 2012-06-09 22:28 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Mozilla
    2012-06-09 22:21 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\My Documents\The Lord of the Rings Online
    2012-06-09 22:21 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\Documents\The Lord of the Rings Online
    2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\The Lord of the Rings Online
    2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\The Lord of the Rings Online
    2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\AppData\Local\The Lord of the Rings Online
    2012-06-09 22:17 - 2009-09-04 18:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2012-06-09 22:17 - 2009-09-04 18:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2012-06-09 22:06 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\Local Settings\ApplicationHistory
    2012-06-09 22:06 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\ApplicationHistory
    2012-06-09 22:06 - 2012-06-09 22:29 - 00000000 ____D C:\Users\Hannah\AppData\Local\ApplicationHistory
    2012-06-09 22:06 - 2012-06-09 22:18 - 00000000 ____D C:\Users\Hannah\Local Settings\Turbine
    2012-06-09 22:06 - 2012-06-09 22:18 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Turbine
    2012-06-09 22:06 - 2012-06-09 22:18 - 00000000 ____D C:\Users\Hannah\AppData\Local\Turbine
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\fusioncache.dat
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\Application Data\fusioncache.dat
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\AppData\Local\fusioncache.dat
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\ApplicationHistory
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\ApplicationHistory
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\AppData\Local\ApplicationHistory
    2012-06-09 22:05 - 2012-06-09 22:05 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
    2012-06-09 22:05 - 2007-03-12 17:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2012-06-09 22:00 - 2012-06-09 22:01 - 09067083 ____A C:\Users\Hannah\Downloads\Soartex Fanver.zip
    2012-06-09 21:58 - 2012-06-09 21:58 - 01440341 ____A C:\Users\Hannah\Downloads\soartex1.2.5.zip
    2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\Application Data\Trine2
    2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Trine2
    2012-06-09 19:50 - 2012-06-09 19:50 - 00000210 ____A C:\Users\Ben\Desktop\The Lord of the Rings Online.url
    2012-06-06 22:48 - 2012-06-06 22:48 - 00000197 ____A C:\Users\Hannah\Desktop\Portal First Slice.url
    2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\Application Data\Trine2
    2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Trine2
    2012-06-06 21:56 - 2008-05-30 15:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2012-06-06 21:56 - 2008-05-30 15:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2012-06-06 21:56 - 2007-04-04 19:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2012-06-06 21:51 - 2012-06-06 21:51 - 00000194 ____A C:\Users\Hannah\Desktop\Trine 2 Demo.url
    2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\Adobe
    2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Adobe
    2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\AppData\Local\Adobe
    2012-06-06 17:12 - 2012-06-06 17:12 - 01007734 ____A C:\Users\Ben\Downloads\LightCraft by Skalander97.zip
    2012-06-06 15:00 - 2012-06-06 15:01 - 05356584 ____A (Code Laboratories, Inc.) C:\Users\Andy\Downloads\CL-Eye-Driver-5.0.1.0528 (1).exe
    2012-06-06 14:37 - 2012-06-06 15:01 - 00001236 ____A C:\Users\Public\Desktop\CL-Eye Test.lnk
    2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ____D C:\Program Files (x86)\Code Laboratories
    2012-06-06 09:37 - 2012-06-06 09:37 - 00015948 ____A C:\Users\Hannah\Downloads\hs_err_pid99584.log
    2012-06-03 08:41 - 2012-06-03 08:42 - 08386590 ____A C:\Users\Ben\Downloads\Soartex Fanver.zip
    2012-06-02 21:26 - 2012-06-02 21:26 - 00084993 ____A C:\Users\Ben\Downloads\Dynamic Lights 1.2.4.zip
    2012-05-30 22:46 - 2012-05-30 22:46 - 00001807 ____A C:\Users\Hannah\Downloads\sketch (1).png
    2012-05-30 22:43 - 2012-05-30 22:43 - 00002022 ____A C:\Users\Hannah\Downloads\sketch.png
    2012-05-30 18:27 - 2012-05-30 18:27 - 00013146 ____A C:\Users\Ben\Downloads\hs_err_pid24560.log
    2012-05-30 18:19 - 2012-05-30 18:20 - 05938896 ____A C:\Users\Ben\Downloads\MAtmos__1_2_4_r12__WithWeaponInteractions.zip
    2012-05-29 20:44 - 2012-05-29 20:45 - 00002122 ____A C:\Users\Ben\Downloads\sketch.png
    2012-05-29 18:12 - 2012-05-29 18:12 - 00000221 ____A C:\Users\Ben\Desktop\AI War Fleet Command - Demo.url
    2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Windows\SysWOW64\xlive
    2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-05-29 17:17 - 2009-09-04 18:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2012-05-29 17:17 - 2009-09-04 18:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2012-05-29 17:17 - 2007-04-04 19:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2012-05-29 17:15 - 2008-10-15 07:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2012-05-29 17:15 - 2008-10-15 07:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2012-05-29 17:15 - 2008-10-15 07:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2012-05-29 17:15 - 2008-10-15 07:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2012-05-29 17:15 - 2008-10-15 07:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2012-05-29 17:15 - 2008-10-15 07:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2012-05-29 17:15 - 2005-03-18 18:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2012-05-29 17:07 - 2012-05-29 17:07 - 00000222 ____A C:\Users\Ben\Desktop\Age of Empires Online.url
    2012-05-29 07:36 - 2012-05-29 07:36 - 00067464 ____A C:\Windows\System32\CLEyeDevices.dll
    2012-05-28 22:24 - 2012-06-12 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-05-28 22:24 - 2012-05-28 22:24 - 01606656 ____A C:\Users\Hannah\Downloads\SteamInstall.msi
    2012-05-28 22:24 - 2012-05-28 22:24 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-28 22:16 - 2012-05-28 22:16 - 01653839 ____A C:\Users\Hannah\Downloads\Shaders-Windows.zip
    2012-05-26 18:59 - 2012-05-26 18:59 - 00105478 ____A C:\Users\Ben\Downloads\[1.2.5] Cheat Pack 1.5 #2 Singleplayer.zip
    2012-05-26 18:54 - 2012-05-26 18:54 - 00109228 ____A C:\Users\Ben\Downloads\Minecraft 1.2.5 Singleplayer Cheat Pack.zip
    2012-05-26 18:37 - 2012-05-26 18:37 - 00276586 ____A C:\Users\Ben\Downloads\zombe's_modpack-v6.2_MC.1.2.5.zip
    2012-05-26 14:24 - 2012-05-26 14:24 - 00051131 ____A C:\Users\Ben\Downloads\TooManyItems2012_04_13_1.2.5.zip
    2012-05-26 14:14 - 2012-05-26 14:15 - 43813068 ____A C:\Users\Ben\Downloads\Spatial Distortion.zip
    2012-05-26 12:20 - 2012-05-26 12:22 - 69677540 ____A C:\Users\Ben\Downloads\The Minecraft Files217.zip
    2012-05-26 10:35 - 2012-05-26 10:35 - 00649502 ____A C:\Users\Ben\Downloads\Yay-Toast-Pack-125upgrade.zip
    2012-05-20 16:25 - 2012-05-20 16:24 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3 - Copy.rar
    2012-05-20 16:24 - 2012-05-20 16:24 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3.rar
    2012-05-20 09:37 - 2012-05-20 09:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-05-20 09:37 - 2012-05-20 09:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-19 22:54 - 2012-05-19 22:54 - 00240023 ____A C:\Users\Hannah\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
    2012-05-19 22:01 - 2012-05-19 22:01 - 18220021 ____A C:\Users\Hannah\Downloads\Sphax PureBDCraft 128x.zip
    2012-05-19 19:59 - 2012-05-19 20:00 - 19735526 ____A C:\Users\Ben\Downloads\MineLoL Texturepack Realistic 128x128.zip
    2012-05-19 19:59 - 2012-05-19 20:00 - 11085411 ____A C:\Users\Ben\Downloads\Another Castle!.zip
    2012-05-19 19:58 - 2012-05-19 20:00 - 33085073 ____A C:\Users\Ben\Downloads\WoW Pack 1.2.5.zip
    2012-05-19 19:57 - 2012-05-19 19:57 - 02151082 ____A C:\Users\Ben\Downloads\Super-Mario.zip
    2012-05-19 14:27 - 2012-05-19 14:27 - 01539265 ____A C:\Users\Ben\Downloads\mcpatcher-2.3.6.exe
    2012-05-19 14:22 - 2012-05-19 14:22 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06 (1).zip
    2012-05-19 14:21 - 2012-05-19 14:21 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
    2012-05-18 19:51 - 2012-05-18 19:52 - 08688607 ____A C:\Users\Ben\Downloads\The Survival Games 2.zip
    2012-05-16 21:26 - 2012-05-16 21:50 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\Skype
    2012-05-16 21:26 - 2012-05-16 21:50 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\Skype
     
  2. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    ============ 3 Months Modified Files and Folders =============
    2012-06-13 16:05 - 2010-09-28 15:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-06-13 16:05 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-13 16:05 - 2009-07-14 06:51 - 00052256 ____A C:\Windows\setupact.log
    2012-06-13 15:42 - 2012-04-17 20:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-13 15:27 - 2012-02-01 21:20 - 00000000 ____D C:\Users\Andy\Local Settings\LogMeIn Hamachi
    2012-06-13 15:27 - 2012-02-01 21:20 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\LogMeIn Hamachi
    2012-06-13 15:27 - 2012-02-01 21:20 - 00000000 ____D C:\Users\Andy\AppData\Local\LogMeIn Hamachi
    2012-06-13 15:27 - 2011-08-18 07:25 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-13 15:27 - 2011-08-18 07:25 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-13 15:27 - 2010-09-28 15:39 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-06-13 15:25 - 2011-08-17 17:50 - 00000372 ____A C:\Windows\lgfwup.ini
    2012-06-13 15:24 - 2011-08-17 17:50 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
    2012-06-13 15:21 - 2012-06-13 15:21 - 00000000 ____D C:\FRST
    2012-06-13 13:41 - 2009-07-14 07:10 - 01310884 ____A C:\Windows\WindowsUpdate.log
    2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\My Documents\~$ternet IDs.doc
    2012-06-13 13:40 - 2012-06-13 13:40 - 00000162 ___AH C:\Users\Andy\Documents\~$ternet IDs.doc
    2012-06-13 13:01 - 2012-06-13 13:01 - 00003352 ____N C:\bootsqm.dat
    2012-06-13 12:01 - 2012-01-11 21:10 - 00000000 __SHD C:\Users\Andy\Local Settings\Application Data\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
    2012-06-13 12:01 - 2012-01-11 21:10 - 00000000 __SHD C:\Users\Andy\Local Settings\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
    2012-06-13 12:01 - 2012-01-11 21:10 - 00000000 __SHD C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
    2012-06-13 11:52 - 2009-07-14 07:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-13 11:36 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-13 11:36 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-13 11:35 - 2012-06-13 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-13 11:35 - 2012-02-02 01:04 - 00749064 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-13 11:35 - 2012-02-02 01:04 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-13 11:27 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\My Documents\Outlook Files
    2012-06-13 11:27 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Documents\Outlook Files
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Sam.Desktop\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Lucy\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Hannah\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Ben\Desktop\Live Security Platinum.lnk
    2012-06-13 11:24 - 2012-06-13 11:24 - 00001096 ____A C:\Users\Andy\Desktop\Live Security Platinum.lnk
    2012-06-13 11:03 - 2011-09-11 20:20 - 00000000 ____D C:\Users\Lucy\My Documents\Outlook Files
    2012-06-13 11:03 - 2011-09-11 20:20 - 00000000 ____D C:\Users\Lucy\Documents\Outlook Files
    2012-06-12 22:13 - 2011-11-09 22:52 - 00000000 ____D C:\Users\Hannah\Application Data\Skype
    2012-06-12 22:13 - 2011-11-09 22:52 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Skype
    2012-06-12 22:09 - 2012-01-28 23:01 - 00000000 ____D C:\Users\Hannah\Application Data\.minecraft
    2012-06-12 22:09 - 2012-01-28 23:01 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\.minecraft
    2012-06-12 21:59 - 2012-05-28 22:24 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-06-12 21:59 - 2012-01-30 22:46 - 00000000 ____D C:\Users\Hannah\Local Settings\LogMeIn Hamachi
    2012-06-12 21:59 - 2012-01-30 22:46 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\LogMeIn Hamachi
    2012-06-12 21:59 - 2012-01-30 22:46 - 00000000 ____D C:\Users\Hannah\AppData\Local\LogMeIn Hamachi
    2012-06-12 21:59 - 2011-08-31 16:40 - 00000000 ____D C:\Users\Hannah\Tracing
    2012-06-12 21:10 - 2011-08-31 14:35 - 00000000 ____D C:\Users\Ben\Application Data\Skype
    2012-06-12 21:10 - 2011-08-31 14:35 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype
    2012-06-12 20:42 - 2012-01-21 19:58 - 00000000 ____D C:\Users\Ben\Application Data\.minecraft
    2012-06-12 20:42 - 2012-01-21 19:58 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.minecraft
    2012-06-12 20:41 - 2012-01-31 17:05 - 00000000 ____D C:\Users\Lucy\Local Settings\LogMeIn Hamachi
    2012-06-12 20:41 - 2012-01-31 17:05 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\LogMeIn Hamachi
    2012-06-12 20:41 - 2012-01-31 17:05 - 00000000 ____D C:\Users\Lucy\AppData\Local\LogMeIn Hamachi
    2012-06-12 20:41 - 2012-01-30 22:19 - 00000000 ____D C:\Users\Ben\Local Settings\LogMeIn Hamachi
    2012-06-12 20:41 - 2012-01-30 22:19 - 00000000 ____D C:\Users\Ben\Local Settings\Application Data\LogMeIn Hamachi
    2012-06-12 20:41 - 2012-01-30 22:19 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi
    2012-06-11 20:28 - 2012-03-24 09:54 - 00002330 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-06-11 18:24 - 2012-06-11 18:24 - 00000000 ____D C:\Users\Ben\Desktop\Minecraft
    2012-06-11 18:23 - 2012-02-15 11:12 - 00000000 ____D C:\Users\Ben\My Documents\Minecraft
    2012-06-11 18:23 - 2012-02-15 11:12 - 00000000 ____D C:\Users\Ben\Documents\Minecraft
    2012-06-10 21:27 - 2012-06-10 21:27 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00133632 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00110592 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000221 ____A C:\Users\Ben\Desktop\Clones Demo.url
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\My Documents\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Documents\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\Application Data\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\ClonesDemo
    2012-06-10 21:27 - 2012-06-10 21:27 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2012-06-10 21:26 - 2012-06-10 18:07 - 00000000 ____D C:\Users\Ben\Desktop\Ben's Minecraft Server
    2012-06-10 18:52 - 2012-06-10 18:52 - 00015910 ____A C:\Users\Ben\Desktop\hs_err_pid26928.log
    2012-06-10 18:38 - 2012-06-10 18:37 - 00002018 ____A C:\Users\Ben\My Documents\mcedit.ini
    2012-06-10 18:38 - 2012-06-10 18:37 - 00002018 ____A C:\Users\Ben\Documents\mcedit.ini
    2012-06-10 18:37 - 2012-06-10 18:37 - 00060473 ____A C:\Users\Ben\Downloads\mcedit-uninstall.exe
    2012-06-10 18:37 - 2012-06-10 18:37 - 00001693 ____A C:\Users\Ben\Desktop\MCEdit.lnk
    2012-06-10 18:37 - 2012-06-10 18:37 - 00001671 ____A C:\Users\Ben\Downloads\MCEdit.lnk
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\My Documents\MCEdit-schematics
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\MCEditData
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Downloads\doc
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Documents\MCEdit-schematics
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\Application Data\pymclevel
    2012-06-10 18:37 - 2012-06-10 18:37 - 00000000 ____D C:\Users\Ben\AppData\Roaming\pymclevel
    2012-06-10 18:36 - 2012-06-10 18:35 - 10629010 ____A C:\Users\Ben\Downloads\MCEdit-stable33-win32-setup.exe
    2012-06-10 18:34 - 2012-06-10 18:34 - 01779847 ____A C:\Users\Ben\Downloads\mcedit-mcedit-0.1.1-1-g41ea379.zip
    2012-06-10 18:08 - 2012-06-10 18:08 - 01589718 ____A C:\Users\Ben\Downloads\Minecraft_Server.exe
    2012-06-09 22:29 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\My Documents\The Lord of the Rings Online
    2012-06-09 22:29 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Documents\The Lord of the Rings Online
    2012-06-09 22:29 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\ApplicationHistory
    2012-06-09 22:29 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\ApplicationHistory
    2012-06-09 22:29 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\AppData\Local\ApplicationHistory
    2012-06-09 22:28 - 2012-06-09 22:22 - 00000000 ____D C:\Users\Hannah\Application Data\Mozilla
    2012-06-09 22:28 - 2012-06-09 22:22 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Mozilla
    2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\The Lord of the Rings Online
    2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\The Lord of the Rings Online
    2012-06-09 22:21 - 2012-06-09 22:21 - 00000000 ____D C:\Users\Hannah\AppData\Local\The Lord of the Rings Online
    2012-06-09 22:18 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\Turbine
    2012-06-09 22:18 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Turbine
    2012-06-09 22:18 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Hannah\AppData\Local\Turbine
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\fusioncache.dat
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\Local Settings\Application Data\fusioncache.dat
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000094 ____A C:\Users\Hannah\AppData\Local\fusioncache.dat
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\ApplicationHistory
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\ApplicationHistory
    2012-06-09 22:06 - 2012-06-09 22:06 - 00000000 ____D C:\Users\Andy\AppData\Local\ApplicationHistory
    2012-06-09 22:05 - 2012-06-09 22:05 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
    2012-06-09 22:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
    2012-06-09 22:01 - 2012-06-09 22:00 - 09067083 ____A C:\Users\Hannah\Downloads\Soartex Fanver.zip
    2012-06-09 21:58 - 2012-06-09 21:58 - 01440341 ____A C:\Users\Hannah\Downloads\soartex1.2.5.zip
    2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\Application Data\Trine2
    2012-06-09 20:09 - 2012-06-09 20:09 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Trine2
    2012-06-09 19:50 - 2012-06-09 19:50 - 00000210 ____A C:\Users\Ben\Desktop\The Lord of the Rings Online.url
    2012-06-09 19:50 - 2011-08-17 17:59 - 00000000 ____D C:\Users\Ben\My Documents\Outlook Files
    2012-06-09 19:50 - 2011-08-17 17:59 - 00000000 ____D C:\Users\Ben\Documents\Outlook Files
    2012-06-09 12:11 - 2011-08-17 16:36 - 00000000 ____D C:\Users\Andy\My Documents\Travel
    2012-06-09 12:11 - 2011-08-17 16:36 - 00000000 ____D C:\Users\Andy\Documents\Travel
    2012-06-09 12:10 - 2009-07-14 07:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-08 21:53 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Application Data\Skype
    2012-06-08 21:53 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
    2012-06-08 21:53 - 2010-09-28 15:23 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-06-06 22:48 - 2012-06-06 22:48 - 00000197 ____A C:\Users\Hannah\Desktop\Portal First Slice.url
    2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\Application Data\Trine2
    2012-06-06 21:57 - 2012-06-06 21:57 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Trine2
    2012-06-06 21:56 - 2010-09-28 15:21 - 00101378 ____A C:\Windows\DirectX.log
    2012-06-06 21:51 - 2012-06-06 21:51 - 00000194 ____A C:\Users\Hannah\Desktop\Trine 2 Demo.url
    2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\Adobe
    2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\Local Settings\Adobe
    2012-06-06 17:37 - 2012-06-06 17:37 - 00000000 ____D C:\Users\Lucy\AppData\Local\Adobe
    2012-06-06 17:37 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\Application Data\Adobe
    2012-06-06 17:37 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\AppData\Roaming\Adobe
    2012-06-06 17:37 - 2011-08-22 16:22 - 00000000 ____D C:\Users\Lucy\AppData\LocalLow
    2012-06-06 17:12 - 2012-06-06 17:12 - 01007734 ____A C:\Users\Ben\Downloads\LightCraft by Skalander97.zip
    2012-06-06 15:01 - 2012-06-06 15:00 - 05356584 ____A (Code Laboratories, Inc.) C:\Users\Andy\Downloads\CL-Eye-Driver-5.0.1.0528 (1).exe
    2012-06-06 15:01 - 2012-06-06 14:37 - 00001236 ____A C:\Users\Public\Desktop\CL-Eye Test.lnk
    2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2012-06-06 14:37 - 2012-06-06 14:37 - 00000000 ____D C:\Program Files (x86)\Code Laboratories
    2012-06-06 09:37 - 2012-06-06 09:37 - 00015948 ____A C:\Users\Hannah\Downloads\hs_err_pid99584.log
    2012-06-06 06:01 - 2012-01-31 23:51 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\LogMeIn Hamachi
    2012-06-06 06:01 - 2012-01-31 23:51 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\Application Data\LogMeIn Hamachi
    2012-06-06 06:01 - 2012-01-31 23:51 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Local\LogMeIn Hamachi
    2012-06-04 22:11 - 2011-08-20 12:08 - 00000000 ____D C:\HDW30_TMP
    2012-06-03 19:42 - 2011-10-04 21:29 - 00000000 ____D C:\Users\Sam.Desktop\Tracing
    2012-06-03 08:42 - 2012-06-03 08:41 - 08386590 ____A C:\Users\Ben\Downloads\Soartex Fanver.zip
    2012-06-02 23:37 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\My Documents\Finance
    2012-06-02 23:37 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Documents\Finance
    2012-06-02 21:26 - 2012-06-02 21:26 - 00084993 ____A C:\Users\Ben\Downloads\Dynamic Lights 1.2.4.zip
    2012-05-30 22:46 - 2012-05-30 22:46 - 00001807 ____A C:\Users\Hannah\Downloads\sketch (1).png
    2012-05-30 22:43 - 2012-05-30 22:43 - 00002022 ____A C:\Users\Hannah\Downloads\sketch.png
    2012-05-30 18:27 - 2012-05-30 18:27 - 00013146 ____A C:\Users\Ben\Downloads\hs_err_pid24560.log
    2012-05-30 18:20 - 2012-05-30 18:19 - 05938896 ____A C:\Users\Ben\Downloads\MAtmos__1_2_4_r12__WithWeaponInteractions.zip
    2012-05-29 20:45 - 2012-05-29 20:44 - 00002122 ____A C:\Users\Ben\Downloads\sketch.png
    2012-05-29 18:12 - 2012-05-29 18:12 - 00000221 ____A C:\Users\Ben\Desktop\AI War Fleet Command - Demo.url
    2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Windows\SysWOW64\xlive
    2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-05-29 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-05-29 17:07 - 2012-05-29 17:07 - 00000222 ____A C:\Users\Ben\Desktop\Age of Empires Online.url
    2012-05-29 07:36 - 2012-05-29 07:36 - 00067464 ____A C:\Windows\System32\CLEyeDevices.dll
    2012-05-28 22:24 - 2012-05-28 22:24 - 01606656 ____A C:\Users\Hannah\Downloads\SteamInstall.msi
    2012-05-28 22:24 - 2012-05-28 22:24 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-28 22:24 - 2011-08-22 16:25 - 00000000 ____D C:\users\Hannah
    2012-05-28 22:16 - 2012-05-28 22:16 - 01653839 ____A C:\Users\Hannah\Downloads\Shaders-Windows.zip
    2012-05-26 18:59 - 2012-05-26 18:59 - 00105478 ____A C:\Users\Ben\Downloads\[1.2.5] Cheat Pack 1.5 #2 Singleplayer.zip
    2012-05-26 18:54 - 2012-05-26 18:54 - 00109228 ____A C:\Users\Ben\Downloads\Minecraft 1.2.5 Singleplayer Cheat Pack.zip
    2012-05-26 18:37 - 2012-05-26 18:37 - 00276586 ____A C:\Users\Ben\Downloads\zombe's_modpack-v6.2_MC.1.2.5.zip
    2012-05-26 14:24 - 2012-05-26 14:24 - 00051131 ____A C:\Users\Ben\Downloads\TooManyItems2012_04_13_1.2.5.zip
    2012-05-26 14:15 - 2012-05-26 14:14 - 43813068 ____A C:\Users\Ben\Downloads\Spatial Distortion.zip
    2012-05-26 12:22 - 2012-05-26 12:20 - 69677540 ____A C:\Users\Ben\Downloads\The Minecraft Files217.zip
    2012-05-26 10:35 - 2012-05-26 10:35 - 00649502 ____A C:\Users\Ben\Downloads\Yay-Toast-Pack-125upgrade.zip
    2012-05-26 10:17 - 2010-09-29 00:06 - 00062164 ____A C:\Windows\PFRO.log
    2012-05-24 20:06 - 2012-04-17 20:12 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-24 20:06 - 2011-08-18 07:25 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-20 16:24 - 2012-05-20 16:25 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3 - Copy.rar
    2012-05-20 16:24 - 2012-05-20 16:24 - 00054926 ____A C:\Users\Ben\Downloads\Backpack_1.2.5_FML_r3.rar
    2012-05-20 15:48 - 2011-08-17 17:58 - 00000000 ____D C:\Users\Ben\My Documents\Bens blog
    2012-05-20 15:48 - 2011-08-17 17:58 - 00000000 ____D C:\Users\Ben\Documents\Bens blog
    2012-05-20 09:38 - 2012-05-20 09:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-05-20 09:37 - 2012-05-20 09:37 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-19 22:54 - 2012-05-19 22:54 - 00240023 ____A C:\Users\Hannah\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
    2012-05-19 22:01 - 2012-05-19 22:01 - 18220021 ____A C:\Users\Hannah\Downloads\Sphax PureBDCraft 128x.zip
    2012-05-19 20:00 - 2012-05-19 19:59 - 19735526 ____A C:\Users\Ben\Downloads\MineLoL Texturepack Realistic 128x128.zip
    2012-05-19 20:00 - 2012-05-19 19:59 - 11085411 ____A C:\Users\Ben\Downloads\Another Castle!.zip
    2012-05-19 20:00 - 2012-05-19 19:58 - 33085073 ____A C:\Users\Ben\Downloads\WoW Pack 1.2.5.zip
    2012-05-19 19:57 - 2012-05-19 19:57 - 02151082 ____A C:\Users\Ben\Downloads\Super-Mario.zip
    2012-05-19 14:27 - 2012-05-19 14:27 - 01539265 ____A C:\Users\Ben\Downloads\mcpatcher-2.3.6.exe
    2012-05-19 14:22 - 2012-05-19 14:22 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06 (1).zip
    2012-05-19 14:21 - 2012-05-19 14:21 - 00240023 ____A C:\Users\Ben\Downloads\[1.2.5]ReiMinimap_v3.0_06.zip
    2012-05-18 19:52 - 2012-05-18 19:51 - 08688607 ____A C:\Users\Ben\Downloads\The Survival Games 2.zip
    2012-05-16 21:50 - 2012-05-16 21:26 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\Skype
    2012-05-16 21:50 - 2012-05-16 21:26 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\Skype
    2012-05-16 21:29 - 2012-04-07 23:19 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\.minecraft
    2012-05-16 21:29 - 2012-04-07 23:19 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\.minecraft
    2012-05-12 12:42 - 2010-10-09 12:49 - 00032768 ____A C:\Users\Andy\My Documents\Internet IDs.doc
    2012-05-12 12:42 - 2010-10-09 12:49 - 00032768 ____A C:\Users\Andy\Documents\Internet IDs.doc
    2012-05-11 21:57 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\Application Data\Adobe
    2012-05-11 21:57 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
    2012-05-11 21:57 - 2011-08-17 17:55 - 00000000 ____D C:\Users\Ben\AppData\LocalLow
    2012-05-10 04:26 - 2009-07-14 06:45 - 00465792 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-10 04:25 - 2010-09-28 15:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-10 04:07 - 2011-10-11 20:27 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-05-10 04:00 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-09 22:39 - 2012-05-09 22:39 - 00015765 ____A C:\Users\Hannah\Downloads\hs_err_pid80632.log
    2012-05-07 16:40 - 2012-05-07 16:19 - 01720320 ____A C:\Users\Sam.Desktop\My Documents\Aspirin.ppt
    2012-05-07 16:40 - 2012-05-07 16:19 - 01720320 ____A C:\Users\Sam.Desktop\Documents\Aspirin.ppt
    2012-05-05 22:11 - 2012-05-05 22:11 - 00007607 ____A C:\Users\Andy\Local Settings\Resmon.ResmonCfg
    2012-05-05 22:11 - 2012-05-05 22:11 - 00007607 ____A C:\Users\Andy\Local Settings\Application Data\Resmon.ResmonCfg
    2012-05-05 22:11 - 2012-05-05 22:11 - 00007607 ____A C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
    2012-05-05 21:42 - 2011-08-30 18:11 - 00000000 ____D C:\Users\Andy\Local Settings\ElevatedDiagnostics
    2012-05-05 21:42 - 2011-08-30 18:11 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\ElevatedDiagnostics
    2012-05-05 21:42 - 2011-08-30 18:11 - 00000000 ____D C:\Users\Andy\AppData\Local\ElevatedDiagnostics
    2012-05-05 12:42 - 2012-05-05 12:42 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-04 23:00 - 2012-05-04 23:00 - 00860753 ____A C:\Users\Hannah\Downloads\SimpleCraft.zip
    2012-05-04 22:59 - 2012-05-04 22:59 - 02536937 ____A C:\Users\Hannah\Downloads\GoodMorningCraft.zip
    2012-05-02 19:30 - 2012-05-02 19:30 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2012-05-02 19:30 - 2012-05-02 19:30 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-05-02 19:30 - 2011-08-17 17:25 - 00000000 ____D C:\Program Files\ATI Technologies
    2012-04-30 02:53 - 2012-04-30 02:53 - 00930416 ____A C:\Windows\Minidump\043012-12714-01.dmp
    2012-04-30 02:53 - 2012-03-03 18:55 - 00000000 ____D C:\Windows\Minidump
    2012-04-30 02:53 - 2012-03-03 18:54 - 745417739 ____A C:\Windows\MEMORY.DMP
    2012-04-29 22:15 - 2012-04-29 22:15 - 01188737 ____A C:\Users\Hannah\Downloads\faithful32pack.zip
    2012-04-29 10:58 - 2011-09-11 10:57 - 00000000 ____D C:\Users\Public\Documents\THFC Rota
    2012-04-27 22:31 - 2012-04-27 22:31 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Adobe
    2012-04-27 22:31 - 2012-04-27 22:31 - 00000000 ____D C:\Users\Hannah\Local Settings\Adobe
    2012-04-27 22:31 - 2012-04-27 22:31 - 00000000 ____D C:\Users\Hannah\AppData\Local\Adobe
    2012-04-27 22:31 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\Application Data\Adobe
    2012-04-27 22:31 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Adobe
    2012-04-27 22:31 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\AppData\LocalLow
    2012-04-26 18:44 - 2012-04-26 18:42 - 00000000 ____D C:\Users\Ben\Desktop\DeepSpaceTurtleChase_Client
    2012-04-26 18:43 - 2012-01-27 20:32 - 00000000 ____D C:\Users\Andy\Application Data\.minecraft
    2012-04-26 18:43 - 2012-01-27 20:32 - 00000000 ____D C:\Users\Andy\AppData\Roaming\.minecraft
    2012-04-26 18:36 - 2012-04-18 21:45 - 00000000 ____D C:\Users\Ben\Desktop\world
    2012-04-26 18:33 - 2012-03-18 20:37 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2012-04-25 21:45 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\Local Settings\Google
    2012-04-25 21:45 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Google
    2012-04-25 21:45 - 2011-08-22 16:28 - 00000000 ____D C:\Users\Hannah\AppData\Local\Google
    2012-04-23 22:00 - 2012-04-22 23:00 - 01129749 ____A C:\Users\Hannah\Downloads\2012-04-22_21.59.04.png
    2012-04-22 21:39 - 2012-04-22 21:33 - 06524348 ____A C:\Users\Hannah\Downloads\DeepSpaceTurtleChase.zip
    2012-04-21 19:16 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\Local Settings\PMB Files
    2012-04-21 19:16 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\PMB Files
    2012-04-21 19:16 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\AppData\Local\PMB Files
    2012-04-21 18:28 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\My Documents\LOTRO Standard Res Install Files EN
    2012-04-21 18:28 - 2012-04-21 18:28 - 00000000 ____D C:\Users\Andy\Documents\LOTRO Standard Res Install Files EN
    2012-04-21 18:28 - 2012-04-21 18:28 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2012-04-21 15:21 - 2012-04-21 15:21 - 00026472 ____A C:\Users\Ben\Desktop\ModLoaderMP 1.2.5 v1.zip
    2012-04-18 21:56 - 2012-04-18 21:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 21:56 - 2012-04-18 21:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-15 18:23 - 2012-04-15 18:23 - 00000000 ____D C:\Users\Ben\Desktop\Player API
    2012-04-15 18:22 - 2012-04-15 18:22 - 00000000 ____D C:\Users\Ben\Desktop\Too Many Items
    2012-04-15 18:21 - 2012-04-15 18:21 - 00000000 ____D C:\Users\Ben\Desktop\Smart Moving
    2012-04-15 18:21 - 2012-04-15 18:20 - 00000000 ____D C:\Users\Ben\Desktop\Modloader
    2012-04-15 18:19 - 2012-04-15 18:19 - 00000000 ____D C:\Users\Ben\Desktop\Server Map version 1
    2012-04-15 18:18 - 2012-04-15 18:01 - 00000000 ____D C:\Users\Ben\Desktop\Server Map-
    2012-04-12 04:03 - 2009-07-14 04:34 - 00000540 ____A C:\Windows\win.ini
    2012-04-09 19:25 - 2012-04-09 19:25 - 00000000 ____D C:\Program Files (x86)\MCSkin3D
    2012-04-07 23:40 - 2012-04-07 23:40 - 00024848 ____A C:\Users\Sam.Desktop\My Documents\wow.docx
    2012-04-07 23:40 - 2012-04-07 23:40 - 00024848 ____A C:\Users\Sam.Desktop\Documents\wow.docx
    2012-04-07 23:40 - 2012-04-07 23:40 - 00000162 ___AH C:\Users\Sam.Desktop\My Documents\~$wow.docx
    2012-04-07 23:40 - 2012-04-07 23:40 - 00000162 ___AH C:\Users\Sam.Desktop\Documents\~$wow.docx
    2012-04-07 23:33 - 2012-04-07 23:33 - 00278561 ____A C:\Users\Sam.Desktop\Downloads\Minecraft.exe
    2012-04-07 23:22 - 2012-04-07 23:22 - 00000000 ____D C:\Users\Sam.Desktop\Application Data\WinRAR
    2012-04-07 23:22 - 2012-04-07 23:22 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Roaming\WinRAR
    2012-04-07 23:03 - 2011-10-02 17:44 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\Google
    2012-04-07 23:03 - 2011-10-02 17:44 - 00000000 ____D C:\Users\Sam.Desktop\Local Settings\Application Data\Google
    2012-04-07 23:03 - 2011-10-02 17:44 - 00000000 ____D C:\Users\Sam.Desktop\AppData\Local\Google
    2012-04-07 21:45 - 2012-04-07 21:44 - 05542229 ____A C:\Users\Hannah\Downloads\Assassins Creep (1).zip
    2012-04-07 21:45 - 2012-03-23 23:03 - 06516034 ____A C:\Users\Hannah\Downloads\AI_Pack_16x16_v124.zip
    2012-04-07 21:42 - 2012-04-07 21:42 - 00876555 ____A C:\Users\Hannah\Downloads\Assassini~Costruttori_v2.0_Assassin version.zip
    2012-04-07 09:54 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\Local Settings\Google
    2012-04-07 09:54 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\Local Settings\Application Data\Google
    2012-04-07 09:54 - 2011-08-19 17:39 - 00000000 ____D C:\Users\Ben\AppData\Local\Google
    2012-04-06 22:24 - 2012-04-06 22:22 - 39225864 ____A C:\Users\Hannah\Downloads\Misa412.zip
    2012-04-06 07:22 - 2012-04-06 07:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-04-06 04:23 - 2012-04-06 04:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-04-06 04:23 - 2012-04-06 04:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
    2012-04-06 04:22 - 2012-04-06 04:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-04-06 04:21 - 2011-07-28 23:40 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-04-06 04:20 - 2010-09-29 00:51 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-04-06 04:16 - 2012-04-06 04:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-04-06 04:16 - 2012-04-06 04:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-04-06 04:16 - 2011-07-28 23:36 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-04-06 04:14 - 2012-04-06 04:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-04-06 04:14 - 2012-04-06 04:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-04-06 04:14 - 2012-04-06 04:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-04-06 04:14 - 2012-04-06 04:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-04-06 04:13 - 2011-07-28 23:30 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-04-06 04:10 - 2012-04-06 04:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-04-06 04:00 - 2010-09-29 00:51 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
    2012-04-06 03:54 - 2010-09-29 00:51 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-04-06 03:50 - 2012-04-06 03:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-04-06 03:35 - 2012-04-06 03:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
    2012-04-06 03:34 - 2012-04-06 03:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2012-04-06 03:34 - 2010-09-29 00:51 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-04-06 03:34 - 2010-09-29 00:51 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-04-06 03:30 - 2012-04-06 03:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-04-06 03:30 - 2012-04-06 03:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-04-06 03:30 - 2012-04-06 03:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-04-06 03:30 - 2012-04-06 03:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-04-06 03:29 - 2012-04-06 03:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-04-06 03:29 - 2012-04-06 03:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
    2012-04-06 03:25 - 2012-04-06 03:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-04-06 03:23 - 2010-09-29 00:51 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-04-06 03:22 - 2010-09-29 00:51 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-04-06 03:21 - 2012-04-06 03:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-04-06 03:11 - 2012-04-06 03:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-04-06 03:11 - 2012-04-06 03:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-04-06 03:11 - 2012-04-06 03:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-04-06 03:11 - 2012-04-06 03:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-04-06 03:11 - 2012-04-06 03:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-04-06 03:11 - 2011-07-28 22:54 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-04-06 03:10 - 2012-04-06 03:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-04-06 03:10 - 2012-04-06 03:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-04-06 03:09 - 2012-04-06 03:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-04-06 03:09 - 2011-10-26 03:21 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-04-06 03:09 - 2011-07-28 22:53 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-04-06 03:09 - 2010-09-29 00:51 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-04-06 03:09 - 2010-09-29 00:51 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-04-06 03:06 - 2012-04-06 03:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-04-06 03:06 - 2012-04-06 03:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-04-06 03:06 - 2012-04-06 03:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-04-06 03:06 - 2012-04-06 03:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-04-05 23:34 - 2012-04-05 23:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-04-05 23:34 - 2012-04-05 23:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-04-05 23:34 - 2012-04-05 23:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-04-05 23:33 - 2012-04-05 23:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-04-05 23:33 - 2012-04-05 23:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-04-05 23:33 - 2012-04-05 23:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-04-05 23:32 - 2012-04-05 23:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-04-04 18:10 - 2012-04-04 18:10 - 00000000 ____D C:\Users\Andy\Application Data\TuneUp Software
    2012-04-04 18:10 - 2012-04-04 18:10 - 00000000 ____D C:\Users\Andy\AppData\Roaming\TuneUp Software
    2012-04-04 09:09 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Application Data\Adobe
    2012-04-04 09:09 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Adobe
    2012-04-03 22:58 - 2012-04-03 22:57 - 02104188 ____A C:\Users\Hannah\Downloads\SkyBlock2.1 (1).zip
    2012-04-01 22:07 - 2012-04-01 22:07 - 00024174 ____A C:\Users\Hannah\Downloads\Arrows Mod.zip
    2012-04-01 22:05 - 2012-04-01 22:05 - 00694792 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Smart Moving 7.5 (1).zip
    2012-04-01 22:05 - 2012-04-01 22:05 - 00083847 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Player API client 1.0 (1).zip
    2012-04-01 22:03 - 2012-04-01 22:03 - 00107814 ____A C:\Users\Hannah\Downloads\ModLoader (3).zip
    2012-04-01 22:02 - 2012-04-01 22:00 - 01488305 ____A C:\Users\Hannah\Downloads\mcpatcher-2.3.5_01.exe
    2012-04-01 21:48 - 2012-04-01 21:48 - 00694792 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Smart Moving 7.5.zip
    2012-04-01 21:48 - 2012-04-01 21:48 - 00694792 ____A C:\Users\Hannah\Desktop\MC 1.2.4 - Smart Moving 7.5.zip
    2012-04-01 21:44 - 2012-04-01 21:44 - 00083847 ____A C:\Users\Hannah\Downloads\MC 1.2.4 - Player API client 1.0.zip
    2012-04-01 21:44 - 2012-04-01 21:44 - 00083847 ____A C:\Users\Hannah\Desktop\MC 1.2.4 - Player API client 1.0.zip
    2012-04-01 15:46 - 2012-04-01 15:46 - 00000000 ____D C:\Users\Ben\My Documents\Backup
    2012-04-01 15:46 - 2012-04-01 15:46 - 00000000 ____D C:\Users\Ben\Documents\Backup
    2012-03-31 10:58 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\My Documents\Misc
    2012-03-31 10:58 - 2011-08-17 16:35 - 00000000 ____D C:\Users\Andy\Documents\Misc
    2012-03-31 08:05 - 2012-05-09 19:45 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-31 06:39 - 2012-05-09 19:45 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-03-31 06:39 - 2012-05-09 19:45 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-03-31 05:10 - 2012-05-09 19:45 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-03-30 13:35 - 2012-05-09 19:44 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-29 11:34 - 2012-03-29 11:34 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-03-29 11:34 - 2012-03-29 11:33 - 00000000 ____D C:\Program Files\iTunes
    2012-03-29 11:34 - 2011-12-26 08:36 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-03-29 11:33 - 2012-03-29 11:33 - 00000000 ____D C:\Program Files\iPod
    2012-03-27 21:53 - 2012-03-27 21:53 - 00737719 ____A C:\Users\Hannah\Downloads\ATs-RPGish_1774854.zip
    2012-03-27 21:51 - 2012-03-27 21:51 - 00504942 ____A C:\Users\Hannah\Downloads\eldpack_v3.8a.zip
    2012-03-27 21:48 - 2012-03-27 21:48 - 00710622 ____A C:\Users\Hannah\Downloads\Mordeny-Craft.zip
    2012-03-27 21:29 - 2012-03-27 21:29 - 05542229 ____A C:\Users\Hannah\Downloads\Assassins Creep.zip
    2012-03-27 21:05 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\Local Settings\VirtualStore
    2012-03-27 21:05 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\VirtualStore
    2012-03-27 21:05 - 2011-08-22 16:25 - 00000000 ____D C:\Users\Hannah\AppData\Local\VirtualStore
    2012-03-26 12:36 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\Local Settings\Google
    2012-03-26 12:36 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\Local Settings\Application Data\Google
    2012-03-26 12:36 - 2011-08-22 16:23 - 00000000 ____D C:\Users\Lucy\AppData\Local\Google
    2012-03-25 08:31 - 2011-08-18 07:25 - 00000000 ____D C:\Users\Andy\Local Settings\Google
    2012-03-25 08:31 - 2011-08-18 07:25 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\Google
    2012-03-25 08:31 - 2011-08-18 07:25 - 00000000 ____D C:\Users\Andy\AppData\Local\Google
    2012-03-24 09:54 - 2011-08-18 07:25 - 00000000 ____D C:\Program Files (x86)\Google
    2012-03-24 09:53 - 2012-03-24 09:53 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2012-03-24 09:53 - 2011-11-13 20:25 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-03-24 09:53 - 2011-08-20 11:50 - 00000000 ____D C:\Users\Andy\Local Settings\Application Data\Adobe
    2012-03-24 09:53 - 2011-08-20 11:50 - 00000000 ____D C:\Users\Andy\Local Settings\Adobe
    2012-03-24 09:53 - 2011-08-20 11:50 - 00000000 ____D C:\Users\Andy\AppData\Local\Adobe
    2012-03-24 09:46 - 2012-03-24 09:46 - 00208478 ____A C:\Users\Andy\Downloads\YourBTbill_18032012.pdf
    2012-03-21 21:28 - 2012-03-19 09:02 - 00001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-03-20 23:27 - 2012-03-20 23:27 - 00015769 ____A C:\Users\Hannah\Downloads\hs_err_pid79448.log
    2012-03-20 21:44 - 2012-03-20 21:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-03-20 21:44 - 2012-03-20 21:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-03-19 09:02 - 2012-03-19 09:02 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
    2012-03-18 20:39 - 2012-03-18 20:35 - 00001054 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-03-17 09:58 - 2012-05-09 19:44 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-03-16 22:26 - 2012-03-16 22:26 - 00017321 ____A C:\Users\Hannah\Desktop\hs_err_pid25624.log
    2012-03-16 22:24 - 2012-03-16 22:24 - 02342228 ____A C:\Users\Hannah\Downloads\Mine Wars.zip
    ZeroAccess:
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\@
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\L
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\n
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U\00000001.@
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U\80000000.@
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U\800000cb.@
    ZeroAccess:
    C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}
    C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\@
    C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\L
    C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 9%
    Total physical RAM: 8151.08 MB
    Available physical RAM: 7350.7 MB
    Total Pagefile: 8149.23 MB
    Available Pagefile: 7346.04 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:920.52 GB) (Free:594.83 GB) NTFS
    4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
    5 Drive g: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.41 GB) NTFS
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 3824 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 117 MB 31 KB
    Partition 2 Primary 10 GB 118 MB
    Partition 3 Primary 920 GB 10 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 FAT32 Partition 117 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 G RECOVERY NTFS Partition 10 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 920 GB Healthy
    ======================================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3823 MB 24 KB
    ======================================================================================================
    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 F FAT32 Removable 3823 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-08 01:59
    ======================= End Of Log ==========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to BartPe and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  4. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Farbar Recovery Scan Tool Version: 12-06-2012 02
    Ran by SYSTEM at 2012-06-13 22:25:05
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\WINDOWS\System32\services.exe
    [2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======
     
  5. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  6. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 12-06-2012 02
    Ran by SYSTEM at 2012-06-13 22:52:09 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{4d7d91c5-6b57-a2d8-28ea-88014306e428} moved successfully.
    C:\Users\Andy\AppData\Local\{4d7d91c5-6b57-a2d8-28ea-88014306e428} moved successfully.
    C:\Users\Andy\Local Settings\Application Data\{4d7d91c5-6b57-a2d8-28ea-88014306e428} not found.
    C:\Users\Andy\Local Settings\{4d7d91c5-6b57-a2d8-28ea-88014306e428} not found.
    C:\WINDOWS\System32\services.exe moved successfully.
    C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\WINDOWS\System32\services.exe
    ==== End of Fixlog ====
     
  7. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    Try to boot normally.
     
  8. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Booted up OK. I am not getting the Windows critical error which makes the pc shut down after 60 seconds. I notice that the shortcut that the trojan placed on the desktop called "Live Security Platinum" is still there.

    Thanks for your help Broni so far - what should I do next?
     
  9. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    Good news :)

    We'll run some more scans to make sure you're clean.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Thanks
    When I was copying Combofix across to my desktop, at that time Malwarebyte Antimalware popped up on screen saying it had found Live Security Platinum related file, so I quarantined it. I ran Combofix but realised actually although I had disabled MSE real time protection I had not disabled Malwarebyte Antimalware - should I repeat the exercise because of this? If there is no need, here is the log report from Combofix

    (I had to reboot the computer in order to be able to access MSE to recommence real time protection)

    Here is the text file

    ComboFix 12-06-13.05 - Andy 14/06/2012 7:05.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8151.6375 [GMT 1:00]
    Running from: c:\users\Andy\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
    c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{01009237-08E6-4922-A8F1-235AC9600873}.xps
    c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1F28F8B3-CA4A-4EE3-87DA-CB9B3C55112C}.xps
    c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3B4F0E1A-13B3-4472-B6E4-4DAA800916AE}.xps
    c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4136B49F-952C-4124-AA48-4C5A6F7998F0}.xps
    c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71EBD970-4104-4712-AF5D-479FDFDAAC50}.xps
    c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85248271-9984-4BF0-9291-FDA96363FF01}.xps
    c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{866F6130-1FBD-46CB-B849-65E04EB05758}.xps
    c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E3B626CB-7171-46E2-91E4-EE3A3E953700}.xps
    c:\users\Ben\Desktop\Live Security Platinum.lnk
    c:\users\Hannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{558F97AE-F6E1-4930-BF45-36D8791FA52B}.xps
    c:\users\Hannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BC531439-64B9-476A-A325-887D733CD6D8}.xps
    c:\users\Hannah\Desktop\Live Security Platinum.lnk
    c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1BD477E2-E9B4-484F-B878-EDF333EB4541}.xps
    c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5838D53E-447A-4CE5-BBD9-A4238DEE7282}.xps
    c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{61B67FDA-C206-4C41-9FC3-44B0CEFD17A4}.xps
    c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6F551517-8402-4662-84AF-A2AD72387D47}.xps
    c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83234A8B-0B44-41FA-8D57-C9BD88804BD4}.xps
    c:\users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0840368-47E3-4E35-AB8E-DDA01FEF4B68}.xps
    c:\users\Lucy\Desktop\Live Security Platinum.lnk
    c:\users\Sam.Desktop\Desktop\Live Security Platinum.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Lucy\AppData\Local\temp
    2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Sam\AppData\Local\temp
    2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Sam.Desktop\AppData\Local\temp
    2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Hannah\AppData\Local\temp
    2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Ben\AppData\Local\temp
    2012-06-13 22:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 14:53 . 2012-06-13 14:53 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
    2012-06-13 14:52 . 2012-06-13 14:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-13 14:52 . 2012-06-13 14:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-13 14:52 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-13 13:21 . 2012-06-13 13:22 -------- d-----w- C:\FRST
    2012-06-13 09:35 . 2012-06-13 09:35 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC54E5DE-B28E-421C-8E72-FA2CBA866FBC}\gapaengine.dll
    2012-06-13 09:35 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A0CD9DF-3837-450E-A1B7-35B290F476F7}\mpengine.dll
    2012-06-13 09:35 . 2012-06-13 09:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-13 09:35 . 2012-06-13 09:35 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-13 09:22 . 2012-06-13 09:26 -------- d-----w- c:\programdata\99058D6500006F4E00037C80B4EB2367
    2012-06-13 09:20 . 2012-06-13 10:04 -------- d-----w- c:\program files (x86)\Common Files\PSFactoryBuffer
    2012-06-10 19:27 . 2012-06-10 19:27 -------- d-----w- c:\users\Ben\AppData\Roaming\ClonesDemo
    2012-06-10 19:27 . 2012-06-10 19:27 419840 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-06-10 19:27 . 2012-06-10 19:27 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-06-10 19:27 . 2012-06-10 19:27 133632 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-06-10 19:27 . 2012-06-10 19:27 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-06-10 19:27 . 2012-06-10 19:27 -------- d-----w- c:\program files (x86)\OpenAL
    2012-06-10 16:37 . 2012-06-10 16:37 -------- d-----w- c:\users\Ben\AppData\Roaming\pymclevel
    2012-06-09 20:21 . 2012-06-09 20:21 -------- d-----w- c:\users\Hannah\AppData\Local\The Lord of the Rings Online
    2012-06-09 20:17 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
    2012-06-09 20:17 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
    2012-06-09 20:06 . 2012-06-09 20:18 -------- d-----w- c:\users\Hannah\AppData\Local\Turbine
    2012-06-09 20:06 . 2012-06-09 20:29 -------- d-----w- c:\users\Hannah\AppData\Local\ApplicationHistory
    2012-06-09 20:06 . 2012-06-09 20:06 -------- d-----w- c:\users\Andy\AppData\Local\ApplicationHistory
    2012-06-09 20:05 . 2012-06-09 20:05 -------- d-----w- c:\windows\SysWow64\URTTEMP
    2012-06-09 20:05 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
    2012-06-09 18:09 . 2012-06-09 18:09 -------- d-----w- c:\users\Ben\AppData\Roaming\Trine2
    2012-06-06 19:57 . 2012-06-06 19:57 -------- d-----w- c:\users\Hannah\AppData\Roaming\Trine2
    2012-06-06 19:56 . 2008-05-30 13:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
    2012-06-06 19:56 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
    2012-06-06 19:56 . 2007-04-04 17:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
    2012-06-06 15:37 . 2012-06-06 15:37 -------- d-----w- c:\users\Lucy\AppData\Local\Adobe
    2012-06-06 12:37 . 2012-06-06 12:37 -------- d-----w- c:\program files (x86)\Code Laboratories
    2012-05-29 15:17 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2012-05-29 15:17 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
    2012-05-29 15:17 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
    2012-05-29 15:17 . 2012-05-29 15:17 -------- d-----w- c:\windows\SysWow64\xlive
    2012-05-29 15:17 . 2012-05-29 15:17 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2012-05-29 15:15 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
    2012-05-29 15:15 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
    2012-05-29 15:15 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2012-05-29 15:15 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
    2012-05-29 15:15 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
    2012-05-29 15:15 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
    2012-05-29 05:36 . 2012-05-29 05:36 67464 ----a-w- c:\windows\system32\CLEyeDevices.dll
    2012-05-28 20:24 . 2012-05-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2012-05-28 20:24 . 2012-06-12 19:59 -------- d-----w- c:\program files (x86)\Steam
    2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-05-20 07:38 . 2012-05-20 07:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-05-20 07:37 . 2012-05-20 07:38 -------- d-----w- c:\program files (x86)\QuickTime
    2012-05-16 19:26 . 2012-05-16 19:50 -------- d-----w- c:\users\Sam.Desktop\AppData\Roaming\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-24 18:06 . 2012-04-17 18:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-24 18:06 . 2011-08-18 05:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 10:42 . 2012-05-05 10:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2011-07-28 21:40 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2010-09-28 22:51 1067520 ----a-w- c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2011-07-28 21:36 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2011-07-28 21:30 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2010-09-28 22:51 64000 ----a-w- c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2010-09-28 22:51 7479296 ----a-w- c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2010-09-28 22:51 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2010-09-28 22:51 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2010-09-28 22:51 7431680 ----a-w- c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2010-09-28 22:51 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2011-07-28 20:54 514560 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2010-09-28 22:51 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2011-07-28 20:53 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2011-10-26 01:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2010-09-28 22:51 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-04-05 21:34 . 2012-04-05 21:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-05 21:34 . 2012-04-05 21:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-05 21:34 . 2012-04-05 21:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-05 21:33 . 2012-04-05 21:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-05 21:33 . 2012-04-05 21:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-05 21:33 . 2012-04-05 21:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-05 21:32 . 2012-04-05 21:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-03-30 11:35 . 2012-05-09 17:44 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-17 07:58 . 2012-05-09 17:44 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
    "{9427041a-a8dc-4d06-9a68-93873486e957}"= "c:\program files (x86)\Productivity_3.1\prxtbProd.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Productivity_3.1\prxtbProd.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-08-23 21:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
    "{9427041a-a8dc-4d06-9a68-93873486e957}"= "c:\program files (x86)\Productivity_3.1\prxtbProd.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-18 39408]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-13 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-04-27 75048]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
    "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-08-17 557056]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
    "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
    .
    c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    .
    c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    .
    c:\users\Sam.Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    .
    c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-8-17 292240]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "UpdReg"=c:\windows\UpdReg.EXE
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2010/09/28 15:30;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-26 232944]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 257696]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - CLKMDRV10_9EC60124
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 18:06]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 05:25]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 05:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bbc.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-14 07:19:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-14 06:19
    .
    Pre-Run: 651,508,965,376 bytes free
    Post-Run: 656,462,860,288 bytes free
    .
    - - End Of File - - EE004F240D2AFBAFE751DAC4746DF623
     
  11. mihai

    mihai TS Rookie

    this method worked you are a genius
    Thanks a lot I used same fix.txt file and it worked
    I though I will wipe everything on my computer or put it in the bin
    Thanks again
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    Thank you mihai :)

    ========================================================

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  13. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    OK thanks Broni, I will need to this at the weekend as snowed under at work at the moment - will post reply as soon as I can - really appreciate your support with this.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    Sure.....
     
  15. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.17.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andy :: DESKTOP [administrator]
    Protection: Enabled
    17/06/2012 20:31:47
    mbam-log-2012-06-17 (20-31-47).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 355553
    Time elapsed: 4 minute(s), 14 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Users\Ben\Local Settings\lluyfv.exe (Trojan.Agent.P3Xgen) -> Quarantined and deleted successfully.
    C:\Users\Ben\Local Settings\Application Data\lluyfv.exe (Trojan.Agent.P3Xgen) -> Quarantined and deleted successfully.
    (end)
     
  16. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-17 20:42:28
    -----------------------------
    20:42:28.026 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:42:28.026 Number of processors: 8 586 0x1E05
    20:42:28.026 ComputerName: DESKTOP UserName: Andy
    20:42:48.452 Initialize success
    20:43:25.825 AVAST engine defs: 12061700
    20:46:28.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
    20:46:28.574 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
    20:46:28.594 Disk 0 MBR read successfully
    20:46:28.594 Disk 0 MBR scan
    20:46:28.604 Disk 0 Windows 7 default MBR code
    20:46:28.614 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 117 MB offset 63
    20:46:28.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 241664
    20:46:28.664 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942608 MB offset 23060480
    20:46:28.724 Disk 0 scanning C:\Windows\system32\drivers
    20:46:42.975 Service scanning
    20:47:08.780 Modules scanning
    20:47:08.790 Disk 0 trace - called modules:
    20:47:08.870 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
    20:47:09.210 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dcb790]
    20:47:09.220 3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b01050]
    20:47:12.680 AVAST engine scan C:\Windows
    20:47:23.901 AVAST engine scan C:\Windows\system32
    20:51:45.709 AVAST engine scan C:\Windows\system32\drivers
    20:51:59.747 AVAST engine scan C:\Users\Andy
    21:15:13.270 AVAST engine scan C:\ProgramData
    21:16:37.323 Scan finished successfully
    21:37:50.129 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
    21:37:50.176 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"
     
  17. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 6/18/2012 7:10:25 AM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Andy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.96 Gb Total Physical Memory | 6.44 Gb Available Physical Memory | 80.85% Memory free
    15.92 Gb Paging File | 13.05 Gb Available in Paging File | 81.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.52 Gb Total Space | 610.34 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
    Drive D: | 4.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 833.86 Gb Total Space | 285.40 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
    Drive G: | 97.63 Gb Total Space | 49.98 Gb Free Space | 51.19% Space Free | Partition Type: FAT32
    Drive L: | 14.87 Gb Total Space | 0.23 Gb Free Space | 1.56% Space Free | Partition Type: FAT32

    Computer Name: DESKTOP | User Name: Andy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/18 07:08:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
    PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/17 16:51:42 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2010/12/15 18:53:44 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    PRC - [2010/04/27 03:10:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/10/02 12:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2009/07/17 15:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    PRC - [2009/07/06 13:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 03:26:09 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
    MOD - [2012/06/14 03:26:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 03:25:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:25:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 03:25:33 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/10 03:31:36 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/05/10 03:31:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/10 03:29:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/10 03:29:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/10 03:29:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/10 03:29:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/10 03:29:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/10 03:29:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/10 03:28:59 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
    MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
    MOD - [2010/02/09 12:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
    MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
    MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/05/28 21:25:08 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/24 19:06:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/02/28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2010/09/28 14:26:39 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/04/26 17:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009/09/30 20:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 20:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2009/06/26 10:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/27 00:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 14:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/01/29 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/10/16 12:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009/10/02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/06/26 09:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{68ECD579-BBC5-4349-AEC2-1D28AB4E2870}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{500DBB15-4777-4EDD-A707-8650DD9CB252}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...10482&mntrId=18a90484000000000000842b2b9a50b6
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{0FB25D2A-22FB-4ECD-8628-31270E0DDEA0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB445
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9ED2E1A9-CF3E-4C56-9A70-BA8F160B7DDB&
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{F33759E6-7E3D-463C-A080-C8B4A77CD83E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
    FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


    [2012/03/04 16:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions
    [2011/09/03 14:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2011/09/03 14:12:11 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: General Crawler = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\

    O1 HOSTS File: ([2012/06/14 07:13:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Productivity 3.1 Toolbar) - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Productivity 3.1 Toolbar) - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (Productivity 3.1 Toolbar) - {9427041A-A8DC-4D06-9A68-93873486E957} - C:\Program Files (x86)\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
    O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-63198334-734529218-994976-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-63198334-734529218-994976-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Sam.Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.btinternet.com/templates/btwebcontrol028.cab (webhelper Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EE00AA7-E80F-49A6-B1FB-252AFD6A4489}: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/10/10 18:38:30 | 000,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2011/05/31 18:05:04 | 000,000,067 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  19. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/18 07:08:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
    [2012/06/17 20:38:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andy\Desktop\aswMBR.exe
    [2012/06/14 07:23:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/14 07:19:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/14 07:00:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/14 07:00:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/14 07:00:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/14 07:00:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/06/14 07:00:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/14 06:59:37 | 004,557,245 | R--- | C] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
    [2012/06/13 15:53:04 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
    [2012/06/13 15:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/13 15:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/13 15:52:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/13 15:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/13 14:21:03 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/13 10:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/13 10:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/13 10:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D6500006F4E00037C80B4EB2367
    [2012/06/13 10:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PSFactoryBuffer
    [2012/06/10 20:27:46 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/06/10 20:27:46 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/06/10 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2012/06/09 21:06:08 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ApplicationHistory
    [2012/06/09 21:05:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
    [2012/06/06 13:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver
    [2012/06/06 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Code Laboratories
    [2012/05/29 16:17:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
    [2012/05/29 16:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    [2012/05/29 16:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2012/05/28 21:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2012/05/28 21:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2012/05/28 21:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2012/05/20 08:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/05/20 08:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

    ========== Files - Modified Within 30 Days ==========

    [2012/06/18 07:08:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
    [2012/06/18 06:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/18 06:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/18 05:11:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/17 21:37:50 | 000,000,512 | ---- | M] () -- C:\Users\Andy\Desktop\MBR.dat
    [2012/06/17 21:33:41 | 000,000,372 | ---- | M] () -- C:\Windows\lgfwup.ini
    [2012/06/17 20:48:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/17 20:48:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/17 20:42:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/17 20:39:44 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/17 20:38:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andy\Desktop\aswMBR.exe
    [2012/06/17 18:08:22 | 000,743,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/17 18:08:22 | 000,639,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/17 18:08:22 | 000,115,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/14 07:13:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/14 06:55:24 | 004,557,245 | R--- | M] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
    [2012/06/14 03:22:48 | 000,465,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/13 15:53:00 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/13 10:35:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/13 10:35:21 | 000,749,064 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/11 19:28:32 | 000,002,330 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/06/10 20:27:46 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/06/10 20:27:46 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/06/06 14:01:52 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
    [2012/06/06 13:37:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
    [2012/05/29 06:36:40 | 000,067,464 | ---- | M] () -- C:\Windows\SysNative\CLEyeDevices.dll
    [2012/05/28 21:24:46 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/05/20 08:37:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

    ========== Files Created - No Company Name ==========

    [2012/06/17 21:37:50 | 000,000,512 | ---- | C] () -- C:\Users\Andy\Desktop\MBR.dat
    [2012/06/14 07:00:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/14 07:00:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/14 07:00:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/14 07:00:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/14 07:00:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/13 15:53:00 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/13 10:35:22 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/06 13:37:53 | 000,001,236 | ---- | C] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
    [2012/06/06 13:37:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
    [2012/05/29 16:17:00 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
    [2012/05/29 06:36:40 | 000,067,464 | ---- | C] () -- C:\Windows\SysNative\CLEyeDevices.dll
    [2012/05/28 21:24:46 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012/05/20 08:37:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/05/05 21:11:58 | 000,007,607 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/02 00:04:36 | 000,749,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/25 21:13:59 | 000,000,618 | ---- | C] () -- C:\Windows\eReg.dat
    [2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/09/03 14:36:40 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
    [2011/08/31 13:39:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/08/17 19:01:30 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/08/17 16:50:55 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2010/09/28 23:07:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/28 14:27:18 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2010/09/28 14:27:18 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2010/09/28 14:27:18 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2010/09/28 14:27:15 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/09/28 14:27:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

    ========== LOP Check ==========

    [2012/04/26 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\.minecraft
    [2011/09/25 17:53:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Amazon
    [2012/03/04 16:08:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Babylon
    [2011/08/24 11:53:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\BSD
    [2011/09/03 14:27:21 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Canon
    [2012/01/01 09:33:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoft
    [2012/01/01 09:33:47 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012/03/11 09:47:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Media Finder
    [2011/08/17 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PCDr
    [2011/09/03 14:36:38 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ScanSoft
    [2011/11/09 11:41:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Spotify
    [2011/08/17 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TomTom
    [2012/04/04 17:10:50 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TuneUp Software
    [2011/08/24 12:43:54 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\WindSolutions
    [2012/06/17 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.minecraft
    [2012/06/10 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ClonesDemo
    [2012/06/10 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\pymclevel
    [2012/06/09 19:09:38 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Trine2
    [2012/06/12 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\.minecraft
    [2012/06/06 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Trine2
    [2012/05/16 20:29:25 | 000,000,000 | ---D | M] -- C:\Users\Sam.Desktop\AppData\Roaming\.minecraft
    [2012/06/13 10:52:46 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/06/14 07:19:09 | 000,033,123 | ---- | M] () -- C:\ComboFix.txt
    [2010/09/28 23:59:23 | 000,004,986 | RH-- | M] () -- C:\dell.sdr
    [2012/06/17 20:39:44 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/17 20:39:48 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/04 16:20:43 | 000,002,984 | ---- | M] () -- C:\user.js

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/10/11 19:43:42 | 000,000,221 | -HS- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/17 20:38:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andy\Desktop\aswMBR.exe
    [2012/06/14 06:55:24 | 004,557,245 | R--- | M] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
    [2012/06/18 07:08:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/18 06:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/17 20:42:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/18 06:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/17 20:40:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/13 10:52:46 | 000,032,620 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 08:28:31 | 000,000,402 | -HS- | M] () -- C:\Users\Andy\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/08/17 19:01:30 | 000,000,119 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < >
    < End of report >
     
  20. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 6/18/2012 7:10:25 AM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Andy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.96 Gb Total Physical Memory | 6.44 Gb Available Physical Memory | 80.85% Memory free
    15.92 Gb Paging File | 13.05 Gb Available in Paging File | 81.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.52 Gb Total Space | 610.34 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
    Drive D: | 4.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 833.86 Gb Total Space | 285.40 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
    Drive G: | 97.63 Gb Total Space | 49.98 Gb Free Space | 51.19% Space Free | Partition Type: FAT32
    Drive L: | 14.87 Gb Total Space | 0.23 Gb Free Space | 1.56% Space Free | Partition Type: FAT32

    Computer Name: DESKTOP | User Name: Andy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{258E529E-5D6B-4DC6-9A88-9C8DBD6A4B58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2ED95CF4-5C54-4476-ADDF-0902D2A91470}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2903AAC5-C110-4D5A-9F69-20E20C5EC9A8}" = protocol=58 | dir=in | app=system |
    "{34058832-C92C-4500-9031-3CD3D6CDCD74}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{60E4FBEB-0BCA-4F74-9BF3-928268F39ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8FCE00D3-2650-42EF-AEDA-E29BC15A4043}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "{958C329B-BEE2-46E3-B972-FED54614F11C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "{A2370AC4-F82A-4701-94C3-D62766896377}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{10A347CD-7777-4593-8F40-58FA2E6E50E0}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "TCP Query User{544B2190-9201-404C-9AAD-19F02186B40A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{9433BD7A-43B8-4B37-AD04-C2BF9E7338A8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{2F4AC42C-3737-4A55-A9DC-01610E84C0E3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{563B3DE0-B6EC-4EAA-A2FA-99E3219231EC}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "UDP Query User{A3C9A316-91BF-4C36-A890-A651F420460F}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{312B06EC-684D-24DF-0AB6-F66DC61193B5}" = ATI AVIVO64 Codecs
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D77162FE-B7B2-8E1E-D80D-89DE6217DF13}" = AMD Drag and Drop Transcoding
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CanonMyPrinter" = Canon My Printer
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "{2CBB71EE-A4DD-4B4D-A635-608D8D1E6F81}" = Driver Tool
    "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{36CEA188-3DFA-6391-4774-C92D4B092407}" = Skins
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
    "{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
    "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
    "{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1" = MCSkin3D version 1.3
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.01.8015
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "BabylonToolbar" = Babylon toolbar on IE
    "Canon MP970 series User Registration" = Canon MP970 series User Registration
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CL-Eye Driver" = CL-Eye Driver
    "Dell Dock" = Dell Dock
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
    "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "McAfee Security Scan" = McAfee Security Scan Plus
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "NetDevil_LEGO_Universe_is1" = LEGO Universe
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "OpenAL" = OpenAL
    "Productivity_3.1 Toolbar" = Productivity 3.1 Toolbar
    "Steam App 105430" = Age of Empires Online
    "Steam App 204260" = Trine 2 Demo
    "Steam App 212500" = The Lord of the Rings Online™
    "Steam App 40410" = AI War: Fleet Command - Demo
    "Steam App 410" = Portal: First Slice
    "Steam App 72410" = Clones Demo
    "TomTom HOME" = TomTom HOME 2.8.2.2264
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.11 (32-bit)
    "WOLAPI" = Westwood Shared Internet Components
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/15/2012 9:32:41 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5507

    Error - 5/15/2012 9:32:41 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5507

    Error - 5/15/2012 9:32:42 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/15/2012 9:32:42 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6506

    Error - 5/15/2012 9:32:42 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6506

    Error - 5/15/2012 9:32:43 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/15/2012 9:32:43 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7504

    Error - 5/15/2012 9:32:43 AM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7504

    Error - 5/15/2012 9:44:38 AM | Computer Name = Desktop | Source = System Restore | ID = 8193
    Description =

    Error - 5/15/2012 12:30:52 PM | Computer Name = Desktop | Source = System Restore | ID = 8193
    Description =

    [ Dell Events ]
    Error - 8/18/2011 8:06:06 AM | Computer Name = Desktop | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/18/2011 8:06:06 AM | Computer Name = Desktop | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 8/20/2011 9:25:28 AM | Computer Name = Desktop | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ System Events ]
    Error - 3/5/2012 1:33:31 AM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 3:13:41 AM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 3:16:11 AM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 3:16:12 AM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 5:58:53 AM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 6:22:22 AM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 10:35:12 AM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 1:31:58 PM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 1:31:59 PM | Computer Name = Desktop | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 3/5/2012 1:32:22 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.


    < End of report >
     
  21. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Posted both text files above.

    Just so you are aware while running the OTL program I did get a number of error boxes reading "There is no disk in the drive. Please insert a disk into drive\Device\Harddisk5\DR5" - (The number 5 was replaced with different numbers on different occasions). I believe that this error message relates to the card reader that I have built in to the pc and so continued the process and did not worry too much about that.

    Generally the pc appears to be working well but appreciate we have not given it a clean bill of health just yet. Its loads better than it was last week thanks to your help.

    Thanks for your continued support.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,974   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
      IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      IE - HKU\S-1-5-21-63198334-734529218-994976-1001\..\SearchScopes\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9ED2E1A9-CF3E-4C56-9A70-BA8F160B7DDB&
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-63198334-734529218-994976-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
      O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
      O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    ======================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
    2. Please download Farbar Service Scanner(FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    No active process named Updater.exe was found!
    Registry value HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry key HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AB926CF-FD3E-4EF6-B7ED-AEE853A5DBA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-63198334-734529218-994976-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets folder moved successfully.
    C:\Program Files (x86)\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Andy
    ->Temp folder emptied: 220495855 bytes
    ->Temporary Internet Files folder emptied: 923140192 bytes
    ->Java cache emptied: 26275 bytes
    ->Google Chrome cache emptied: 6380849 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 45518 bytes

    User: Ben
    ->Temp folder emptied: 5540433 bytes
    ->Temporary Internet Files folder emptied: 757902980 bytes
    ->Java cache emptied: 108571 bytes
    ->Google Chrome cache emptied: 372808364 bytes
    ->Flash cache emptied: 76337 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User

    User: Hannah
    ->Temp folder emptied: 3651 bytes
    ->Temporary Internet Files folder emptied: 727167073 bytes
    ->Java cache emptied: 58743 bytes
    ->Google Chrome cache emptied: 6629894 bytes
    ->Flash cache emptied: 53382 bytes

    User: Lucy
    ->Temp folder emptied: 730 bytes
    ->Temporary Internet Files folder emptied: 269378777 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 8111 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sam
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2654599 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Sam.Desktop
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 271162225 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 5901 bytes

    User: TEMP
    ->Temp folder emptied: 0 bytes

    User: TEMP.Desktop
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 89174 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51654 bytes
    RecycleBin emptied: 6134180926 bytes

    Total Files Cleaned = 9,249.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Andy
    ->Java cache emptied: 0 bytes

    User: Ben
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Hannah
    ->Java cache emptied: 0 bytes

    User: Lucy
    ->Java cache emptied: 0 bytes

    User: Public

    User: Sam
    ->Java cache emptied: 0 bytes

    User: Sam.Desktop
    ->Java cache emptied: 0 bytes

    User: TEMP

    User: TEMP.Desktop

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Andy
    ->Flash cache emptied: 0 bytes

    User: Ben
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Hannah
    ->Flash cache emptied: 0 bytes

    User: Lucy
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sam
    ->Flash cache emptied: 0 bytes

    User: Sam.Desktop
    ->Flash cache emptied: 0 bytes

    User: TEMP

    User: TEMP.Desktop

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.49.0 log created on 06192012_071228
    Files\Folders moved on Reboot...
    C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    Registry entries deleted on Reboot...
     
  24. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Security Scan Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  25. Andy Sweetman

    Andy Sweetman TS Rookie Topic Starter Posts: 21

    Farbar Service Scanner Version: 19-06-2012
    Ran by Andy (administrator) on 19-06-2012 at 07:28:01
    Running from "C:\Users\Andy\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.