TechSpot

Win64/Patched.A

By Mark Lightfoot
Jul 15, 2012
  1. Hello


    I appear to have acquired a virus or two. Firstly AVG reports that I have a Win64/Patched.A infection in windows\system32\services.exe. It is also reporting Generic15.AXLA in windows\assembly\GAC_32\desktop.ini and Generic28.ANIC in windows\assembly\GAC_32\desktop.ini. Are you able to help?
    I am Using Windows Vista Home Premium.
    Many thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by Mark at 18:03:39 on 2012-07-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.1995 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\PC Speed Up\PCSUService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Windows\RAVCpl64.exe
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Users\Mark\Program Files (x86)\DNA\btdna.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    uStart Page = hxxp://www.bbc.co.uk/
    uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    mURLSearchHooks: H - No File
    BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll
    BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: VMN Toolbar Astro Gemini: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: VMN Toolbar Astro Gemini: {a057a204-bacc-4d26-8287-79a187e26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: Google Side Bar: {32004b8a-44a9-43e7-84e9-808838809519} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [BitTorrent DNA] "C:\Users\Mark\Program Files (x86)\DNA\btdna.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [RockMelt Update] "C:\Users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    mRun: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
    mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    LSP: mswsock.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{442137D7-940B-4FA1-AF2D-DD969AB89F17} : DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{D368AE70-9005-4B55-A5C2-9639009AC9D1} : DhcpNameServer = 208.67.222.222 208.67.220.220
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll
    BHO-X64: Complitly - No File
    BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll
    BHO-X64: PriceGong - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: VMN Toolbar Astro Gemini: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: VMN Toolbar Astro Gemini: {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL
    TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB-X64: {32004B8A-44A9-43E7-84E9-808838809519} - No File
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    mRun-x64: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
    mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun-x64: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun-x64: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=107763&mntrId=28ab22e5000000000000801f0215f18d
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-87de5333d4254860\NPRobloxProxy.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
    FF - plugin: C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Mark\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Mark\Program Files (x86)\DNA\plugins\npbtdna.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - d1206e98-f879-4534-a8a2-47dca13a9332
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
    FF - user.js: extensions.BabylonToolbar_i.id - 28ab22e5000000000000801f0215f18d
    FF - user.js: extensions.BabylonToolbar_i.hardId - 28ab22e5000000000000801f0215f18d
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15306
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:46:29
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-11 8704]
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-10-7 655944]
    R2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\PC Speed Up\PCSUService.exe [2011-10-20 233184]
    R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2011-9-24 36864]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-3-8 1153368]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-7-11 1188896]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-7-11 1395736]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-7-11 166528]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-3 2666880]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
    S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
    S3 ctxva51;Citrix Virtual Adapter;C:\Windows\system32\DRIVERS\ctxva51.sys --> C:\Windows\system32\DRIVERS\ctxva51.sys [?]
    S3 FlashUSB;FlashUSB;C:\Windows\System32\drivers\FlashUsb_x64.sys [2010-5-10 20480]
    S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 136176]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
    S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\system32\Drivers\VMUVC.sys --> C:\Windows\system32\Drivers\VMUVC.sys [?]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\system32\drivers\vvftUVC.sys --> C:\Windows\system32\drivers\vvftUVC.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-25 89920]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-07-15 15:55:11 -------- d-sh--w- C:\found.002
    2012-07-14 17:50:43 -------- d-----w- C:\Users\Mark\AppData\Local\Macromedia
    2012-07-11 18:28:02 -------- d-----w- C:\Ace of Spades
    2012-07-11 09:05:59 754808 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2012-07-11 07:26:21 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-07-11 06:44:55 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2012-07-11 06:44:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-07-10 17:27:31 -------- d-----w- C:\Users\Mark\AppData\Roaming\Mumble
    2012-07-10 16:44:00 -------- d-----w- C:\Program Files (x86)\Mumble
    2012-07-09 05:34:53 -------- d-sh--w- C:\found.001
    2012-07-07 11:53:32 -------- d-----w- C:\Users\Mark\AppData\Local\SniperV2
    2012-07-06 16:12:54 52736 ----a-w- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
    2012-06-27 15:23:24 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-06-24 17:54:07 -------- d-----w- C:\Program Files (x86)\OApps
    2012-06-24 17:54:06 -------- d-----w- C:\Program Files (x86)\TorrentSearch
    2012-06-24 17:53:50 -------- d-----w- C:\Program Files (x86)\intellidownload
    2012-06-24 15:30:55 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.8
    2012-06-22 20:35:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-21 15:01:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 15:00:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 15:00:07 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2012-06-21 14:59:42 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 14:59:42 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2012-06-21 14:59:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 14:59:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2012-06-18 17:22:06 -------- d-----w- C:\Users\Mark\AppData\Roaming\TS3Client
    2012-06-18 17:18:06 -------- d-----w- C:\Users\Mark\AppData\Local\TeamSpeak 3 Client
    .
    ==================== Find3M ====================
    .
    2012-07-12 16:23:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-05-16 16:18:25 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-05-16 16:18:25 839112 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-24 16:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
    2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    .
    ============= FINISH: 18:04:58.56 ===============
     
  4. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/02/2009 19:15:23
    System Uptime: 18/07/2012 13:08:35 (5 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M3A78-EM
    Processor: AMD Phenom(tm) 8450 Triple-Core Processor | AM2 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 126.13 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 190 GiB total, 178.786 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    3D Bungalow Aquarium Screensaver 1.1
    3D Haunted Halloween Screensaver 1.0
    3D Merry Christmas Screensaver 1.0
    3D Spooky Halloween Screensaver 1.0
    3D Titanic Screensaver 1.0
    3D Waterfall Screensaver 1.0
    ABBYY FineReader 6.0 Sprint
    abgx360 v1.0.5
    AC3Filter (remove only)
    Ace of Spades
    Acrobat.com
    Adobe After Effects CS5.5
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    Adobe Story
    Adventure Maker v4.5.2 (build1)
    Advertising Center
    Age of Empires Online
    AI Nap
    Alliance of Valiant Arms
    AMCap
    Ancient Castle 3D Screensaver 1.1
    Apple Application Support
    Apple Software Update
    Astro Gemini Screensaver Manager 2.0
    ASUS VGA Driver
    ASUSUpdate
    Atlantis 3D Screensaver 1.0
    Audacity 1.3.9 (Unicode)
    avi.NET
    AviSynth 2.5
    AVS Image Converter 2.1.1.168
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.4
    Bandicam
    Bandisoft MPEG-1 Decoder
    Batman: Arkham Asylum - Demo
    BBC iPlayer Desktop
    BitTorrent
    Braid Demo
    BrickForce 1.4.40
    Call of Juarez: Bound in Blood Demo
    CamStudio
    CamStudio Lossless Codec v1.4
    Camtasia Studio 7
    Canon RAW Codec
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    Christmas Eve 3D Screensaver 1.0
    Christmas Time 3D Screensaver 1.0
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CloneCD
    Cobalt
    Community Smartbar
    Complitly
    Contents
    Cool & Quiet
    Corel VideoStudio Pro X3
    CraftBukkit
    D3DX10
    Dan Elwell's Broadband Speed Test
    Dark Halloween Night 3D Screensaver 1.0
    Debut Video Capture Software
    DeviceIO
    Digital microscope
    Dinosaurs 3D Screensaver 1.0
    DiRT 2 - Demo
    DiRT 3
    DivX Setup
    DNA
    Doremi FLV to MP3 Converter 1.6
    Doxillion Document Converter
    DVD Architect Studio 5.0
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    Easter 3D Screensaver 1.0
    Easy Burner
    Edimax Wireless LAN Driver and Utility
    Empire Earth
    EpicBot
    Epson Easy Photo Print 2
    Epson Event Manager
    Epson Printer Software Downloader
    EPSON Scan
    Epson Stylus SX510W_TX550W Manual
    EpsonNet Print
    EpsonNet Setup
    Eufloria - Demo
    Exotic Aquarium 3D Screensaver 1.0
    Express Gate
    Facebook Plug-In
    Facebook Video Calling 1.2.0.159
    Fantasy Moon 3D Screensaver 1.3
    ffdshow v1.1.4096 [2011-11-29]
    Fish Aquarium 3D Screensaver 1.2
    Fraps (remove only)
    Free CD Music Converter 10
    Free Flash FLV Video Converter v3.0
    Free Mp3 Wma Converter V 1.8.0
    Free RAR Extract Frog
    Free Video Converter V 2.9
    FUEL - Demo
    Garry's Mod
    GIMP 2.6.10
    Google Chrome
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    Halloween 3D Screensaver 1.1
    Halloween in the Attic 3D Screensaver 1.0
    HandBrake 0.9.5
    Haunted House 3D Screensaver 1.1
    HD Writer LE 1.0
    Hi-Rez Studios Authenticate and Update Service
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ICA
    ImgBurn
    Infineon USB driver 1.0.0.6
    iPhone Configuration Utility
    IPM_VS_Pro
    Java Auto Updater
    Java(TM) 6 Update 32
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Junk Mail filter update
    LAME v3.98.2 for Audacity
    Lantern 3D Screensaver 1.0
    League of Legends
    LogMeIn Hamachi
    Machinarium Demo
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Marine Life 3D Screensaver 1.0
    Media Player Codec Pack 3.4.0
    Mesh Runtime
    Messenger Companion
    MicroCapture 2.0
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Minecraft Version Changer
    MinecraftSkinStealer 1.7.0
    MLE
    Morphyre
    Mozilla Firefox 5.0 (x86 en-GB)
    MP3 Surgeon 2003
    MSVC80_x86
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multiwinia v1.3.0
    Mumble 1.2.3
    NEF Codec
    Nero 9 Lite
    Nero ControlCenter
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    neroxml
    Night City 3D Screensaver 1.0
    OpenAL
    Osmos Demo
    Pando Media Booster
    PC Connectivity Solution
    PC Probe II
    PCSX2 - Playstation 2 Emulator
    PFPortChecker 1.0.39
    Picasa 3
    Pinnacle Instant DVD Recorder
    Planet Earth 3D Screensaver 1.1
    Populous - The Beginning
    Portal 2
    Portal 2 Map Installer
    PriceGong 2.5.4
    PureHD
    QuickTime
    RAD Video Tools
    Rapture3D 2.4.8 Game
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Revo Uninstaller 1.83
    Roblox
    RockMelt
    RollerCoaster Tycoon 3
    Santa's Home 3D Screensaver 1.0
    Scratch
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB979332)
    Segoe UI
    Setup
    Share
    Skype Click to Call
    Skype™ 5.9
    Smart Defrag 2
    SmartSound Common Data
    SmartSound Quicktracks 5
    Sniper Elite V2
    Solar System 3D Screensaver 1.4
    Spotify
    Spybot - Search & Destroy
    StarCraft II
    Steam
    Stykz 1.0 for Windows
    Team Fortress 2
    TeamSpeak 3 Client
    TeamViewer 7
    Terraria
    TerraWorld Online - Reborn v2.2.7
    TreeSize Free V2.6
    Tribes Ascend
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    USB Flash Port Driver
    VC80CRTRedist - 8.0.50727.4053
    Vegas Movie Studio HD Platinum 10.0
    VIO
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VMN Toolbar
    VSClassic
    VSPro
    Warhammer® 40,000®: Dawn of War® II – Retribution™
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinFF 1.0
    WinPcap 4.1.2
    WinRAR archiver
    Winter 3D Screensaver 1.0
    Winter Night 3D Screensaver 1.0
    World of Warcraft
    XSplit
    Xvid 1.1.3 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18/07/2012 13:09:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    18/07/2012 13:09:30, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 5 (0x5).
    17/07/2012 18:46:55, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    17/07/2012 18:44:08, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
    17/07/2012 18:44:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    16/07/2012 16:01:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    15/07/2012 16:14:54, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
    15/07/2012 16:14:54, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:14:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    15/07/2012 16:14:26, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:14:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    15/07/2012 16:11:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    15/07/2012 16:11:53, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 7 service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Realtek11nSU service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Protexis Licensing V2 service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PnkBstrA service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Speed Up Service service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonBidirectionalService service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The TeamViewer 7 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Realtek11nSU service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Protexis Licensing V2 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The PC Speed Up Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The EpsonBidirectionalService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 16:11:52, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 15:11:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Security Center Service service to connect.
    15/07/2012 15:11:37, Error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 15:11:18, Error: volsnap [13] - The shadow copy of volume C: could not grow its shadow copy storage on volume C:.
    15/07/2012 15:11:15, Error: EventLog [6008] - The previous system shutdown at 13:53:55 on 15/07/2012 was unexpected.
    15/07/2012 10:27:02, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
    15/07/2012 10:27:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
    15/07/2012 10:27:02, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/07/2012 10:21:58, Error: EventLog [6008] - The previous system shutdown at 10:20:35 on 15/07/2012 was unexpected.
    15/07/2012 07:58:39, Error: bowser [8003] - The master browser has received a server announcement from the computer BIG_BAD_DAD5 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D368AE70-9005-4B55-A5C2-9639009AC9D1}. The master browser is stopping or an election is being forced.
    11/07/2012 10:43:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nSU service.
    11/07/2012 10:16:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    11/07/2012 10:16:06, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/07/2012 10:05:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  5. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    The GMER log is blank. GMER reported that it had found no modifications
     
  6. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.18.06
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mark :: BIGBADDAD4 [administrator]
    Protection: Enabled
    18/07/2012 12:46:08
    mbam-log-2012-07-18 (12-46-08).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 245372
    Time elapsed: 8 minute(s), 47 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    (end)
     
  7. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    Hello. I've posted the logs as requested. I hope they help. Not so sure about the GMER log, I did as directed. I noticed that Internet Explorer and Chrome both had isearch.whitesmoke as the homepages. Not good I imagine. Navigation around the internet has been dodgy with the wrong sites loading in. On one occasion I requested google & got babylon search instead.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  9. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 19-07-2012 09:52:45
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [973488 2012-07-03] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC [135168 2008-03-26] (Vimicro Corporation)
    HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2006-09-28] (SlySoft, Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-06-26] (Corel)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot [274608 2010-12-23] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3739648 2007-01-01] (Google)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3921432 2012-07-04] (Safer-Networking Ltd.)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
    HKU\Mark\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-02-25] (Google Inc.)
    HKU\Mark\...\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-02-25] (Google Inc.)
    HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Mark\...\Run: [BitTorrent DNA] "C:\Users\Mark\Program Files (x86)\DNA\btdna.exe" [323392 2012-01-01] (BitTorrent, Inc.)
    HKU\Mark\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
    HKU\Mark\...\Run: [RockMelt Update] "C:\Users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2012-04-15] (RockMelt Inc.)
    HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
    HKU\Mark\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3527176 2012-07-04] (Safer-Networking Ltd.)
    HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
    HKU\Mcx1\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
    HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1716784 2012-04-24] (Soluto)

    ==================== Services (Whitelisted) ======

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-07] (AVG Technologies CZ, s.r.o.)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [233184 2011-09-05] ()
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-19] ()
    2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
    2 Realtek11nSU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1188896 2012-07-04] (Safer-Networking Ltd.)
    2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1395736 2012-07-04] (Safer-Networking Ltd.)
    2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)
    2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

    ========================== Drivers (Whitelisted) =============

    3 61883; C:\Windows\System32\Drivers\61883.sys [58496 2008-01-20] (Microsoft Corporation)
    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [14392 2007-12-17] ()
    3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [117328 2011-05-27] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-21] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-09] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-06] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
    3 ctxva51; C:\Windows\System32\Drivers\ctxva51.sys [45720 2010-05-10] (Citrix Systems, Inc.)
    4 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
    3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [20480 2009-05-12] (Danish Wireless Design A/S)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
    3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [729704 2010-08-05] (Realtek Semiconductor Corporation )
    2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [26624 2007-12-10] (Windows (R) Codename Longhorn DDK provider)
    0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
    3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43664 2010-03-25] (Sun Microsystems, Inc.)
    3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
    3 vvftUVC; C:\Windows\System32\Drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
    3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [x]
    3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [x]
    3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [x]
    3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [x]
    3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [x]
    3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [x]
    3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [x]
    3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [x]
    3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]
    3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-19 00:28 - 2012-07-19 00:30 - 00001887 ____A C:\Windows\diagwrn.xml
    2012-07-19 00:28 - 2012-07-19 00:30 - 00001887 ____A C:\Windows\diagerr.xml
    2012-07-18 09:03 - 2012-07-18 09:03 - 00607260 ____R (Swearware) C:\Users\Mark\Desktop\dds.scr
    2012-07-18 04:21 - 2012-07-18 08:51 - 00000000 ____A C:\Users\Mark\Desktop\gmer.log
    2012-07-18 04:14 - 2012-07-18 04:14 - 00302592 ____A C:\Users\Mark\Desktop\m05mvuex.exe
    2012-07-16 09:09 - 2012-07-16 09:10 - 11709306 ____A C:\Users\Mark\Downloads\Sphax 64x Tekkit SMP 3.0.3 v2.1.zip
    2012-07-16 09:01 - 2012-07-16 09:02 - 07518500 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x (1).zip
    2012-07-16 09:00 - 2012-07-16 09:00 - 00000000 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x.zip.crdownload
    2012-07-15 07:55 - 2012-07-15 07:55 - 00000000 __SHD C:\found.002
    2012-07-14 09:50 - 2012-07-14 09:50 - 00000000 ____D C:\Users\Mark\AppData\Local\Macromedia
    2012-07-14 09:37 - 2012-07-14 09:37 - 12361639 ____A C:\Users\Mark\Downloads\Super Hostile 07 - Legendary v3.1.zip
    2012-07-13 07:09 - 2012-07-19 00:28 - 00001155 ____A C:\Windows\setupact.log
    2012-07-11 10:30 - 2012-07-11 10:30 - 05792768 ____A C:\Users\Mark\Downloads\aos075install (1).msi
    2012-07-11 10:28 - 2012-07-11 10:29 - 00000000 ____D C:\Ace of Spades
    2012-07-11 10:28 - 2012-07-11 10:28 - 00000138 ____A C:\Users\Public\Desktop\Play Ace of Spades.url
    2012-07-11 10:26 - 2012-07-11 10:26 - 05792768 ____A C:\Users\Mark\Downloads\aos075install.msi
    2012-07-11 01:55 - 2012-07-11 01:55 - 00000680 ____A C:\Users\Mark\AppData\Local\d3d9caps.dat
    2012-07-11 01:06 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 01:06 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 01:06 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 01:06 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 01:06 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 01:06 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 01:06 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 01:06 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 01:06 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 01:06 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 01:05 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 01:05 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 01:05 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 01:05 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 01:05 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 01:05 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 01:05 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 01:05 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 01:05 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 01:05 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 01:05 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 01:05 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 01:05 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 01:05 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 01:05 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 01:05 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 01:05 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 01:05 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 01:05 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-11 01:01 - 2012-07-11 01:01 - 00012188 ____A C:\Windows\wininit.ini
    2012-07-10 23:26 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 23:26 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 23:26 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 23:26 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 23:26 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 23:26 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 23:26 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 23:26 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 23:26 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 23:26 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 23:26 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 23:26 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 22:45 - 2012-07-19 00:23 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2012-07-10 22:45 - 2012-07-11 01:40 - 00000630 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2012-07-10 22:45 - 2012-07-11 01:40 - 00000460 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2012-07-10 22:45 - 2012-07-10 22:45 - 00002012 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2012-07-10 22:44 - 2012-07-10 22:45 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-07-10 22:44 - 2009-01-25 04:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
    2012-07-10 22:42 - 2012-07-10 22:43 - 48534720 ____A (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.0.9-rc1.exe
    2012-07-10 09:32 - 2012-07-10 09:32 - 00002426 ____A C:\Users\Mark\certificate.p12
    2012-07-10 09:27 - 2012-07-11 01:56 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Mumble
    2012-07-10 08:44 - 2012-07-10 08:44 - 00000820 ____A C:\Users\Public\Desktop\Mumble.lnk
    2012-07-10 08:44 - 2012-07-10 08:44 - 00000000 ____D C:\Program Files (x86)\Mumble
    2012-07-10 08:39 - 2012-07-10 08:40 - 17904640 ____A C:\Users\Mark\Downloads\mumble-1.2.3a.msi
    2012-07-09 07:06 - 2012-07-15 01:07 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-08 21:34 - 2012-07-08 21:34 - 00000000 __SHD C:\found.001
    2012-07-07 11:18 - 2012-07-07 11:18 - 01581077 ____A C:\Users\Mark\Downloads\mcpatcher-2.3.7_02.exe
    2012-07-07 11:18 - 2012-07-07 11:18 - 01188737 ____A C:\Users\Mark\Downloads\faithful32pack.zip
    2012-07-07 07:40 - 2012-07-07 07:43 - 00000000 ____D C:\Users\Mark\Downloads\save
    2012-07-07 07:36 - 2012-07-07 07:39 - 23392175 ____A C:\Users\Mark\Downloads\Delver-alpha-6-22-12.zip
    2012-07-07 07:30 - 2012-07-07 07:30 - 10012564 ____A C:\Users\Mark\Downloads\spelunky_1_1.zip
    2012-07-07 03:53 - 2012-07-07 03:58 - 00000000 ____D C:\Users\Mark\AppData\Local\SniperV2
    2012-07-07 03:51 - 2012-07-07 03:51 - 00360306 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI61F3.txt
    2012-07-07 03:51 - 2012-07-07 03:51 - 00011154 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI61F3.txt
    2012-07-07 02:36 - 2012-07-07 02:36 - 00000221 ____A C:\Users\Mark\Desktop\Sniper Elite V2.url
    2012-07-06 12:26 - 2012-07-06 12:24 - 00138632 ____A C:\Users\Mark\Desktop\AMIDST.exe
    2012-07-06 12:24 - 2012-07-06 12:24 - 00138632 ____A C:\Users\Mark\Downloads\AMIDST.exe
    2012-07-06 09:26 - 2012-07-06 09:26 - 04584956 ____A C:\Users\Mark\Downloads\minecraft (3).jar
    2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper.jar
    2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper (1).jar
    2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher.exe
    2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher (1).exe
    2012-07-06 07:34 - 2012-07-06 07:34 - 00582170 ____A C:\Users\Mark\Downloads\technic-launcher-latest.jar
    2012-07-03 05:48 - 2012-07-03 05:48 - 00051131 ____A C:\Users\Mark\Downloads\TooManyItems2012_04_13_1.2.5 (1).zip
    2012-06-27 07:23 - 2012-06-27 07:23 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-06-25 07:24 - 2012-06-25 07:24 - 05940198 ____A C:\Users\Mark\Downloads\MAtmos__1__1_0_r10__WithWeaponInteractions.zip
    2012-06-24 10:04 - 2012-06-24 10:06 - 15115135 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 3.zip
    2012-06-24 09:55 - 2012-06-24 09:55 - 00197092 ____A C:\Users\Mark\Downloads\Verified_download_skate_2_pc.exe
    2012-06-24 09:55 - 2012-06-24 09:55 - 00000000 ____A C:\Users\Mark\Downloads\Unconfirmed 96547.crdownload
    2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Program Files (x86)\TorrentSearch
    2012-06-24 09:53 - 2012-06-24 09:55 - 00000000 ____D C:\Program Files (x86)\intellidownload
    2012-06-24 09:53 - 2012-06-24 09:53 - 00197088 ____A C:\Users\Mark\Downloads\download_skate_2_pc_Fast.exe
    2012-06-24 09:47 - 2012-06-24 09:47 - 00012568 ____A C:\Users\Mark\Downloads\[kat.ph]tony.hawks.pro.skater.2.pc.non.ripped.torrent
    2012-06-24 09:26 - 2012-06-24 09:27 - 14036653 ____A C:\Users\Mark\Downloads\Demul_BIOS_Pack.7z
    2012-06-24 09:24 - 2012-06-24 09:25 - 00924948 ____A C:\Users\Mark\Downloads\demul057.rar
    2012-06-24 09:21 - 2012-06-24 09:21 - 00916620 ____A C:\Users\Mark\Downloads\nullDC_104_r136.7z
    2012-06-24 07:44 - 2012-06-24 08:44 - 527154530 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 2.rar
    2012-06-24 07:40 - 2012-06-24 07:40 - 00740033 ____A C:\Users\Mark\Downloads\ChankastAlpha025.rar
    2012-06-24 07:32 - 2012-06-24 07:32 - 00000000 ____D C:\Users\Mark\Documents\PCSX2
    2012-06-24 07:31 - 2012-06-24 07:31 - 00361900 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI1211.txt
    2012-06-24 07:31 - 2012-06-24 07:31 - 00011240 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI1211.txt
    2012-06-24 07:30 - 2012-06-24 07:32 - 00000000 ____D C:\Program Files (x86)\PCSX2 0.9.8
    2012-06-24 07:29 - 2012-06-24 07:29 - 12780479 ____A C:\Users\Mark\Downloads\pcsx2-0.9.8-r4600-setup.exe
    2012-06-24 00:27 - 2012-06-24 00:27 - 01441789 ____A C:\Users\Mark\Downloads\Derivation4.zip
    2012-06-22 12:35 - 2012-07-18 23:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-22 12:35 - 2012-07-12 08:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-21 07:01 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 07:01 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 07:01 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 07:01 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 07:00 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 07:00 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-21 07:00 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 07:00 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-21 07:00 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 07:00 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-21 06:59 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 06:59 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-21 06:59 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 06:59 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-19 07:30 - 2012-06-19 07:30 - 04540049 ____A C:\Users\Mark\Downloads\minecraft (2).jar
     
  10. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    ============ 3 Months Modified Files ========================
    2012-07-19 00:30 - 2012-07-19 00:28 - 00001887 ____A C:\Windows\diagwrn.xml
    2012-07-19 00:30 - 2012-07-19 00:28 - 00001887 ____A C:\Windows\diagerr.xml
    2012-07-19 00:30 - 2009-03-05 12:36 - 00000012 ____A C:\Windows\bthservsdp.dat
    2012-07-19 00:30 - 2008-01-20 17:53 - 01612043 ____A C:\Windows\WindowsUpdate.log
    2012-07-19 00:30 - 2006-11-02 07:42 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-19 00:30 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-19 00:30 - 2006-11-02 07:22 - 00003840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-19 00:30 - 2006-11-02 07:22 - 00003840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-19 00:28 - 2012-07-13 07:09 - 00001155 ____A C:\Windows\setupact.log
    2012-07-19 00:28 - 2011-09-15 23:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-19 00:23 - 2012-07-10 22:45 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2012-07-19 00:23 - 2010-04-18 01:54 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-19 00:17 - 2006-11-02 04:46 - 00771128 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-19 00:16 - 2012-04-15 04:11 - 00000924 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    2012-07-18 23:57 - 2010-04-18 01:54 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-18 23:23 - 2012-06-22 12:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-18 23:16 - 2012-04-15 04:14 - 00001948 ____A C:\Users\Mark\Desktop\RockMelt.lnk
    2012-07-18 23:12 - 2009-06-29 23:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    2012-07-18 23:12 - 2009-02-25 04:12 - 00002037 ____A C:\Users\Mark\Desktop\Google Chrome.lnk
    2012-07-18 23:10 - 2011-10-28 14:05 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    2012-07-18 09:03 - 2012-07-18 09:03 - 00607260 ____R (Swearware) C:\Users\Mark\Desktop\dds.scr
    2012-07-18 08:51 - 2012-07-18 04:21 - 00000000 ____A C:\Users\Mark\Desktop\gmer.log
    2012-07-18 05:01 - 2010-05-17 05:01 - 00000250 ____A C:\Windows\Tasks\Epson Printer Software Downloader.job
    2012-07-18 04:16 - 2012-04-15 04:11 - 00000872 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    2012-07-18 04:14 - 2012-07-18 04:14 - 00302592 ____A C:\Users\Mark\Desktop\m05mvuex.exe
    2012-07-18 04:08 - 2011-09-14 03:20 - 00049838 ____A C:\Windows\PFRO.log
    2012-07-17 22:09 - 2009-06-29 23:51 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    2012-07-16 09:10 - 2012-07-16 09:09 - 11709306 ____A C:\Users\Mark\Downloads\Sphax 64x Tekkit SMP 3.0.3 v2.1.zip
    2012-07-16 09:02 - 2012-07-16 09:01 - 07518500 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x (1).zip
    2012-07-16 09:00 - 2012-07-16 09:00 - 00000000 ____A C:\Users\Mark\Downloads\Sphax PureBDCraft 64x.zip.crdownload
    2012-07-15 01:07 - 2012-07-09 07:06 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-14 09:37 - 2012-07-14 09:37 - 12361639 ____A C:\Users\Mark\Downloads\Super Hostile 07 - Legendary v3.1.zip
    2012-07-12 08:23 - 2012-06-22 12:35 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-12 08:23 - 2011-05-19 08:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 10:30 - 2012-07-11 10:30 - 05792768 ____A C:\Users\Mark\Downloads\aos075install (1).msi
    2012-07-11 10:28 - 2012-07-11 10:28 - 00000138 ____A C:\Users\Public\Desktop\Play Ace of Spades.url
    2012-07-11 10:26 - 2012-07-11 10:26 - 05792768 ____A C:\Users\Mark\Downloads\aos075install.msi
    2012-07-11 01:55 - 2012-07-11 01:55 - 00000680 ____A C:\Users\Mark\AppData\Local\d3d9caps.dat
    2012-07-11 01:40 - 2012-07-10 22:45 - 00000630 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2012-07-11 01:40 - 2012-07-10 22:45 - 00000460 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2012-07-11 01:40 - 2006-11-02 07:21 - 05068272 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 01:15 - 2006-11-02 04:34 - 00000429 ____A C:\Windows\win.ini
    2012-07-11 01:08 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-11 01:01 - 2012-07-11 01:01 - 00012188 ____A C:\Windows\wininit.ini
    2012-07-10 22:45 - 2012-07-10 22:45 - 00002012 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2012-07-10 22:43 - 2012-07-10 22:42 - 48534720 ____A (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.0.9-rc1.exe
    2012-07-10 09:32 - 2012-07-10 09:32 - 00002426 ____A C:\Users\Mark\certificate.p12
    2012-07-10 08:44 - 2012-07-10 08:44 - 00000820 ____A C:\Users\Public\Desktop\Mumble.lnk
    2012-07-10 08:40 - 2012-07-10 08:39 - 17904640 ____A C:\Users\Mark\Downloads\mumble-1.2.3a.msi
    2012-07-08 12:59 - 2009-11-14 02:51 - 00000406 ____A C:\Windows\Tasks\SmartDefrag.job
    2012-07-07 11:18 - 2012-07-07 11:18 - 01581077 ____A C:\Users\Mark\Downloads\mcpatcher-2.3.7_02.exe
    2012-07-07 11:18 - 2012-07-07 11:18 - 01188737 ____A C:\Users\Mark\Downloads\faithful32pack.zip
    2012-07-07 07:39 - 2012-07-07 07:36 - 23392175 ____A C:\Users\Mark\Downloads\Delver-alpha-6-22-12.zip
    2012-07-07 07:30 - 2012-07-07 07:30 - 10012564 ____A C:\Users\Mark\Downloads\spelunky_1_1.zip
    2012-07-07 03:51 - 2012-07-07 03:51 - 00360306 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI61F3.txt
    2012-07-07 03:51 - 2012-07-07 03:51 - 00011154 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI61F3.txt
    2012-07-07 02:36 - 2012-07-07 02:36 - 00000221 ____A C:\Users\Mark\Desktop\Sniper Elite V2.url
    2012-07-06 12:24 - 2012-07-06 12:26 - 00138632 ____A C:\Users\Mark\Desktop\AMIDST.exe
    2012-07-06 12:24 - 2012-07-06 12:24 - 00138632 ____A C:\Users\Mark\Downloads\AMIDST.exe
    2012-07-06 09:26 - 2012-07-06 09:26 - 04584956 ____A C:\Users\Mark\Downloads\minecraft (3).jar
    2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper.jar
    2012-07-06 08:42 - 2012-07-06 08:42 - 00412873 ____A C:\Users\Mark\Downloads\VoxelSniper (1).jar
    2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher.exe
    2012-07-06 08:12 - 2012-07-06 08:12 - 00052736 ____A (Technic) C:\Users\Mark\Downloads\TechnicLauncher (1).exe
    2012-07-06 07:34 - 2012-07-06 07:34 - 00582170 ____A C:\Users\Mark\Downloads\technic-launcher-latest.jar
    2012-07-03 05:48 - 2012-07-03 05:48 - 00051131 ____A C:\Users\Mark\Downloads\TooManyItems2012_04_13_1.2.5 (1).zip
    2012-07-03 04:46 - 2009-10-06 23:32 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 07:24 - 2012-06-25 07:24 - 05940198 ____A C:\Users\Mark\Downloads\MAtmos__1__1_0_r10__WithWeaponInteractions.zip
    2012-06-24 10:06 - 2012-06-24 10:04 - 15115135 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 3.zip
    2012-06-24 09:55 - 2012-06-24 09:55 - 00197092 ____A C:\Users\Mark\Downloads\Verified_download_skate_2_pc.exe
    2012-06-24 09:55 - 2012-06-24 09:55 - 00000000 ____A C:\Users\Mark\Downloads\Unconfirmed 96547.crdownload
    2012-06-24 09:53 - 2012-06-24 09:53 - 00197088 ____A C:\Users\Mark\Downloads\download_skate_2_pc_Fast.exe
    2012-06-24 09:47 - 2012-06-24 09:47 - 00012568 ____A C:\Users\Mark\Downloads\[kat.ph]tony.hawks.pro.skater.2.pc.non.ripped.torrent
    2012-06-24 09:27 - 2012-06-24 09:26 - 14036653 ____A C:\Users\Mark\Downloads\Demul_BIOS_Pack.7z
    2012-06-24 09:25 - 2012-06-24 09:24 - 00924948 ____A C:\Users\Mark\Downloads\demul057.rar
    2012-06-24 09:21 - 2012-06-24 09:21 - 00916620 ____A C:\Users\Mark\Downloads\nullDC_104_r136.7z
    2012-06-24 08:44 - 2012-06-24 07:44 - 527154530 ____A C:\Users\Mark\Downloads\Tony Hawk's Pro Skater 2.rar
    2012-06-24 07:40 - 2012-06-24 07:40 - 00740033 ____A C:\Users\Mark\Downloads\ChankastAlpha025.rar
    2012-06-24 07:31 - 2012-06-24 07:31 - 00361900 ____A C:\Users\Mark\AppData\Local\dd_vcredistMSI1211.txt
    2012-06-24 07:31 - 2012-06-24 07:31 - 00011240 ____A C:\Users\Mark\AppData\Local\dd_vcredistUI1211.txt
    2012-06-24 07:29 - 2012-06-24 07:29 - 12780479 ____A C:\Users\Mark\Downloads\pcsx2-0.9.8-r4600-setup.exe
    2012-06-24 00:27 - 2012-06-24 00:27 - 01441789 ____A C:\Users\Mark\Downloads\Derivation4.zip
    2012-06-19 07:30 - 2012-06-19 07:30 - 04540049 ____A C:\Users\Mark\Downloads\minecraft (2).jar
    2012-06-18 09:18 - 2012-06-18 09:18 - 00001011 ____A C:\Users\Mark\Desktop\TeamSpeak 3 Client.lnk
    2012-06-18 09:15 - 2012-06-18 09:13 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Mark\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
    2012-06-16 01:06 - 2012-06-16 01:06 - 00411541 ____A C:\Users\Mark\Downloads\MineCraftSkinStealer.exe
    2012-06-16 01:06 - 2012-06-16 01:06 - 00000990 ____A C:\Users\Mark\Desktop\MineCraftSkinStealer.lnk
    2012-06-13 05:58 - 2012-07-11 01:05 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 11:38 - 2012-06-11 11:34 - 29262633 ____A C:\Users\Mark\Downloads\The Survival Game V.1.4.zip
    2012-06-11 10:27 - 2012-06-11 10:27 - 00001872 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
    2012-06-11 10:27 - 2012-06-11 10:27 - 00001863 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
    2012-06-11 10:24 - 2012-06-11 10:24 - 13779760 ____A (Hi-Rez Studios) C:\Users\Mark\Downloads\InstallHiRezGamesEnglish.exe
    2012-06-08 09:59 - 2012-07-10 23:26 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 09:47 - 2012-07-10 23:26 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 08:47 - 2012-07-10 23:26 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 08:47 - 2012-07-10 23:26 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 08:22 - 2012-07-10 23:26 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 08:22 - 2012-07-10 23:26 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-04 07:29 - 2012-07-10 23:26 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-02 14:19 - 2012-06-21 07:01 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 07:01 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 07:01 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 07:00 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 07:00 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 07:00 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:19 - 2012-06-21 07:00 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 14:15 - 2012-06-21 07:01 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 07:00 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:12 - 2012-06-21 07:00 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 06:19 - 2012-06-21 06:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:19 - 2012-06-21 06:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 06:15 - 2012-06-21 06:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 06:12 - 2012-06-21 06:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-02 04:49 - 2012-07-11 01:05 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 01:05 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 01:05 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 01:06 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:05 - 2012-07-11 01:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:04 - 2012-07-11 01:06 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:04 - 2012-07-11 01:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:03 - 2012-07-11 01:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 01:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 01:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 01:06 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 01:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 01:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 01:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 01:05 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 01:05 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 01:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 01:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 01:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 01:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-11 01:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 01:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 01:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 01:06 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 01:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 01:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 01:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 01:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 16:22 - 2012-07-10 23:26 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 16:22 - 2012-07-10 23:26 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 16:05 - 2012-07-10 23:26 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 16:04 - 2012-07-10 23:26 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 16:03 - 2012-07-10 23:26 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-05-31 21:55 - 2012-05-31 21:55 - 00000993 ____A C:\Users\Public\Desktop\Doxillion Document Converter.lnk
    2012-05-31 09:41 - 2012-05-31 09:41 - 03843841 ____A C:\Users\Mark\Downloads\NodusUpdate.jar
    2012-05-31 08:15 - 2012-05-31 08:14 - 04542344 ____A C:\Users\Mark\Downloads\minecraft (1).jar
    2012-05-27 06:46 - 2012-05-27 06:43 - 24460600 ____A ( ) C:\Users\Mark\Downloads\gimp-help-2-2.6.0-en-setup.exe
    2012-05-27 02:06 - 2012-05-27 02:06 - 00057433 ____A C:\Users\Mark\Downloads\NBTedit.zip
    2012-05-27 00:32 - 2012-05-27 00:32 - 00278561 ____A C:\Users\Mark\Downloads\Minecraft.exe
    2012-05-27 00:02 - 2012-05-27 00:02 - 04499708 ____A C:\Users\Mark\Downloads\minecraft.jar
    2012-05-24 08:59 - 2012-05-24 08:59 - 00051131 ____A C:\Users\Mark\Downloads\TooManyItems2012_04_13_1.2.5.zip
    2012-05-24 08:49 - 2012-05-24 08:49 - 00026472 ____A C:\Users\Mark\Downloads\ModLoaderMP 1.2.5 v1.zip
    2012-05-24 08:48 - 2012-05-24 08:48 - 00103347 ____A C:\Users\Mark\Downloads\ModLoader.zip
    2012-05-24 08:46 - 2012-05-24 08:46 - 00548785 ____A C:\Users\Mark\Downloads\invasion_mod client 0.9.4.zip
    2012-05-24 08:34 - 2011-12-07 10:16 - 00001170 ____A C:\Users\Public\Desktop\Minecraft Version Changer.lnk
    2012-05-24 08:30 - 2012-05-24 08:26 - 41458688 ____A C:\Users\Mark\Downloads\Minecraft Version Changer v17.0.msi
    2012-05-24 08:04 - 2012-05-24 08:03 - 06905480 ____A C:\Users\Mark\Downloads\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows) (1).zip
    2012-05-23 08:49 - 2012-05-23 08:48 - 06905480 ____A C:\Users\Mark\Downloads\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows).zip
    2012-05-23 08:22 - 2012-05-23 08:22 - 00085897 ____A C:\Users\Mark\Downloads\CameraStudioV1.2.4b347.zip
    2012-05-23 08:12 - 2012-05-23 08:12 - 04262573 ____A C:\Users\Mark\Downloads\minema_v1.32_mc1.2.5_bundle_win32.zip
    2012-05-22 12:25 - 2012-05-22 12:25 - 00142069 ____A C:\Users\Mark\Downloads\2D-Craft 1.3.1.zip
    2012-05-22 11:55 - 2012-05-22 11:52 - 32812717 ____A C:\Users\Mark\Downloads\SkyGrid.zip
    2012-05-22 07:52 - 2012-05-22 07:52 - 00999771 ____A C:\Users\Mark\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar
    2012-05-21 07:27 - 2012-05-21 07:27 - 00034287 ____A C:\Users\Mark\Downloads\QuidCraft Server 1.2.5_Rev1.zip
    2012-05-21 07:26 - 2012-05-21 07:26 - 00083020 ____A C:\Users\Mark\Downloads\ModLoaderMP Server 1.2.5 v1.zip
    2012-05-21 07:14 - 2012-05-21 07:14 - 01408470 ____A C:\Users\Mark\Downloads\minecraft_server.jar
    2012-05-19 02:54 - 2012-05-19 02:50 - 00000043 ____A C:\Users\Mark\jagex_cl_runescape_LIVE.dat
    2012-05-19 02:54 - 2009-09-04 10:44 - 00000099 ____A C:\Users\Mark\jagex_runescape_preferences2.dat
    2012-05-19 02:54 - 2009-07-29 06:49 - 00000046 ____A C:\Users\Mark\jagex_runescape_preferences.dat
    2012-05-19 02:51 - 2012-05-19 02:51 - 00000044 ____A C:\Users\Mark\jagex_cl_runescape_LIVE1.dat
    2012-05-16 08:18 - 2012-05-16 08:18 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-05-16 08:18 - 2012-05-16 08:18 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-05-16 08:18 - 2012-05-16 08:18 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-05-16 08:18 - 2012-05-16 08:18 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-05-16 08:18 - 2011-10-15 07:57 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-05-16 08:04 - 2012-05-16 08:04 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-16 08:04 - 2012-05-16 08:04 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-05-16 08:03 - 2012-05-16 08:03 - 00012713 ____A C:\Users\Mark\Desktop\hs_err_pid4344.log
    2012-05-15 10:34 - 2012-05-15 10:33 - 00314944 ____A C:\Users\Mark\Desktop\Smart piston door.wmv.sfk
    2012-05-15 10:32 - 2009-02-26 00:21 - 00014848 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-15 10:27 - 2012-05-15 10:24 - 140531861 ____A C:\Users\Mark\Desktop\Smart piston door.wmv
    2012-05-12 14:09 - 2011-10-28 14:04 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    2012-05-12 11:47 - 2012-05-12 11:45 - 00053120 ____A C:\Users\Mark\Desktop\Enter the vault.wmv.sfk
    2012-05-12 11:41 - 2012-05-12 11:41 - 09701495 ____A C:\Users\Mark\Desktop\Enter the vault.wmv
    2012-05-09 12:11 - 2012-05-09 12:08 - 68424822 ____A C:\Users\Mark\Desktop\Movie.wmv
    2012-05-07 04:28 - 2012-05-07 04:26 - 41065781 ____A C:\Users\Mark\Desktop\Minecraft pigbreeder.wmv
    2012-05-06 23:55 - 2012-05-06 23:55 - 00001878 ____A C:\Users\Public\Desktop\Populous - The Beginning.lnk
    2012-05-03 13:22 - 2012-05-03 13:22 - 00000997 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
    2012-05-01 09:10 - 2012-05-01 09:10 - 00000582 ____A C:\Users\Public\Desktop\BrickForce.lnk
    2012-05-01 06:29 - 2012-06-14 07:07 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-24 08:13 - 2011-07-10 00:01 - 00054728 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys
    2012-04-23 08:25 - 2012-06-14 07:07 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 08:25 - 2012-06-14 07:07 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 08:25 - 2012-06-14 07:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 08:00 - 2012-06-14 07:07 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 08:00 - 2012-06-14 07:07 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 08:00 - 2012-06-14 07:07 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-22 00:18 - 2012-04-22 00:18 - 00002018 ____A C:\Users\Public\Desktop\Portal 2 Map Installer.lnk
    ZeroAccess:
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\@
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\00000004.@
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\1afb2d56
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\201d3dde
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L\55490ac4
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\00000004.@
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\00000008.@
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\000000cb.@
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\80000000.@
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\80000032.@
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U\80000064.@
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ========================= Known DLLs (Whitelisted) ============
    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2010-08-25 01:56] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 16%
    Total physical RAM: 4094.18 MB
    Available physical RAM: 3427.61 MB
    Total Pagefile: 3825.36 MB
    Available Pagefile: 3411.29 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    2 Drive c: () (Fixed) (Total:465.76 GB) (Free:125.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive d: (DRV3_VOL1) (Fixed) (Total:189.92 GB) (Free:178.79 GB) NTFS
    4 Drive e: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
    5 Drive f: () (Removable) (Total:0.92 GB) (Free:0.92 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 0 B
    Disk 1 Online 190 GB 4096 KB
    Disk 2 Online 943 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 466 GB 1024 KB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 466 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 190 GB 32 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D DRV3_VOL1 NTFS Partition 190 GB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 942 MB 68 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 942 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-07-19 00:30
    ======================= End Of Log ==========================
     
  11. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    There's the Farbar results. I had to split it in two. I just scanned. I'm assuming that was right. There was no instruction to 'fix'.

    Cheers
     
  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  13. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-21 13:00:07
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2010-08-25 01:56] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2010-08-25 01:56] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SysWOW64\services.exe
    [2010-08-25 01:56] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\System32\services.exe
    [2010-08-25 01:56] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

    ====== End Of Search ======
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  15. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    ComboFix 12-07-24.01 - Mark 23/07/2012 21:26:27.1.3 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2387 [GMT 1:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\intellidownload\gunzip.exe
    c:\users\Mark\AppData\Local\._Revolution_
    c:\users\Mark\AppData\Roaming\inst.exe
    c:\users\Mark\AppData\Roaming\Love
    c:\users\Mark\AppData\Roaming\Love\mari0\options.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-19 17:52 . 2012-07-19 17:52--------d-----w-C:\FRST
    2012-07-15 15:55 . 2012-07-15 15:55--------d-----w-C:\found.002
    2012-07-14 17:50 . 2012-07-14 17:50--------d-----w-c:\users\Mark\AppData\Local\Macromedia
    2012-07-11 18:28 . 2012-07-11 18:29--------d-----w-C:\Ace of Spades
    2012-07-11 09:05 . 2012-06-02 12:52754808----a-w-c:\program files\Internet Explorer\iexplore.exe
    2012-07-11 07:26 . 2012-06-05 16:22974848----a-w-c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 07:26 . 2012-06-05 16:47708608----a-w-c:\program files (x86)\Common Files\System\ado\msado15.dll
    2012-07-11 07:26 . 2012-06-05 16:221797120----a-w-c:\windows\system32\msxml6.dll
    2012-07-11 07:26 . 2012-06-05 16:221869824----a-w-c:\windows\system32\msxml3.dll
    2012-07-11 07:26 . 2012-06-05 16:471401856----a-w-c:\windows\SysWow64\msxml6.dll
    2012-07-11 07:26 . 2012-06-05 16:471248768----a-w-c:\windows\SysWow64\msxml3.dll
    2012-07-11 07:26 . 2012-06-04 15:29516480----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 07:26 . 2012-06-02 00:22347136----a-w-c:\windows\system32\schannel.dll
    2012-07-11 07:26 . 2012-06-02 00:22254464----a-w-c:\windows\system32\ncrypt.dll
    2012-07-11 07:26 . 2012-06-02 00:03204288----a-w-c:\windows\SysWow64\ncrypt.dll
    2012-07-11 07:26 . 2012-06-08 17:5912899840----a-w-c:\windows\system32\shell32.dll
    2012-07-10 17:27 . 2012-07-23 14:31--------d-----w-c:\users\Mark\AppData\Roaming\Mumble
    2012-07-10 16:44 . 2012-07-10 16:44--------d-----w-c:\program files (x86)\Mumble
    2012-07-09 05:34 . 2012-07-09 05:34--------d-----w-C:\found.001
    2012-07-07 11:53 . 2012-07-07 11:58--------d-----w-c:\users\Mark\AppData\Local\SniperV2
    2012-07-06 16:12 . 2012-07-06 16:1252736----a-w-c:\users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
    2012-06-27 15:23 . 2012-06-27 15:23--------d-----w-c:\program files (x86)\LogMeIn Hamachi
    2012-06-24 17:54 . 2012-06-24 17:55--------d-----w-c:\program files (x86)\OApps
    2012-06-24 17:54 . 2012-06-24 17:54--------d-----w-c:\program files (x86)\TorrentSearch
    2012-06-24 17:53 . 2012-07-23 20:42--------d-----w-c:\program files (x86)\intellidownload
    2012-06-24 15:30 . 2012-06-24 15:32--------d-----w-c:\program files (x86)\PCSX2 0.9.8
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 16:23 . 2012-06-22 20:35426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 16:23 . 2011-05-19 16:2670344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 09:08 . 2006-11-02 12:3559701280----a-w-c:\windows\system32\mrt.exe
    2012-06-02 22:19 . 2012-06-21 15:0038424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 15:012428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 15:0157880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 15:0144056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 15:0035864----a-w-c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-21 15:00701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 15:00577048----a-w-c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 15:012622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 15:0099840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 22:12 . 2012-06-21 15:0088576----a-w-c:\windows\SysWow64\wudriver.dll
    2012-06-02 14:19 . 2012-06-21 14:59186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 14:19 . 2012-06-21 14:59171904----a-w-c:\windows\SysWow64\wuwebv.dll
    2012-06-02 14:15 . 2012-06-21 14:5936864----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 14:12 . 2012-06-21 14:5933792----a-w-c:\windows\SysWow64\wuapp.exe
    2012-06-02 08:25 . 2012-07-11 09:051129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-06-02 00:05 . 2012-07-11 07:2677312----a-w-c:\windows\SysWow64\secur32.dll
    2012-06-02 00:04 . 2012-07-11 07:26278528----a-w-c:\windows\SysWow64\schannel.dll
    2012-05-27 08:32 . 2012-05-27 08:33278561----a-w-c:\users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minecraft.exe
    2012-05-16 16:18 . 2012-05-16 16:18955848----a-w-c:\windows\system32\npDeployJava1.dll
    2012-05-16 16:18 . 2012-05-16 16:18268744----a-w-c:\windows\system32\javaws.exe
    2012-05-16 16:18 . 2012-05-16 16:18189384----a-w-c:\windows\system32\javaw.exe
    2012-05-16 16:18 . 2012-05-16 16:18188872----a-w-c:\windows\system32\java.exe
    2012-05-16 16:18 . 2011-10-15 15:57839112----a-w-c:\windows\system32\deployJava1.dll
    2012-05-01 14:29 . 2012-06-14 15:07209920----a-w-c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "BitTorrent DNA"="c:\users\Mark\Program Files (x86)\DNA\btdna.exe" [2012-01-01 323392]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
    "RockMelt Update"="c:\users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-04-15 136336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "VMonitorVMUVC"="c:\program files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-06-26 105632]
    "TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2010-12-23 274608]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-1-7 292240]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 16:23]
    .
    2012-07-23 c:\windows\Tasks\Epson Printer Software Downloader.job
    - c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
    .
    2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-18 09:54]
    .
    2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-18 09:54]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 12:11]
    .
    2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 12:11]
    .
    2012-07-23 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    - c:\users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-04-15 12:11]
    .
    2012-07-23 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    - c:\users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-04-15 12:11]
    .
    2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{7CA029EA-6EF1-4D31-8269-B436D7F88AC9}.job
    - c:\windows\system32\msfeedssync.exe [2011-04-21 12:01]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-08-06 6455840]
    "Skytel"="Skytel.exe" [2008-08-06 1833504]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bbc.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=107763&mntrId=28ab22e5000000000000801f0215f18d
    FF - user.js: extentions.y2layers.installId - d1206e98-f879-4534-a8a2-47dca13a9332
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
    FF - user.js: extensions.BabylonToolbar_i.id - 28ab22e5000000000000801f0215f18d
    FF - user.js: extensions.BabylonToolbar_i.hardId - 28ab22e5000000000000801f0215f18d
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15306
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:46
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Wow6432Node-HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-abgx360 - c:\users\Mark\Desktop\abgx360\uninstall.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-CraftBukkit - 0:\users\Mark\Desktop\minecraft stuff\server\Bukkit\Uninstall.exe
    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
    AddRemove-{5C13C5F3-6E30-449F-8872-DF8AC35AE285}_is1 - c:\users\Mark\Desktop\minecraft stuff\server\Bukkit\CraftBukkit\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\PC Speed Up\PCSUService.exe
    c:\program files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
    c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
    c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
    c:\users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-23 21:59:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-23 20:59
    .
    Pre-Run: 134,717,599,744 bytes free
    Post-Run: 135,272,935,424 bytes free
    .
    - - End Of File - - 092DB0D3FAF8E2975C8F2A73E0029641
     
  16. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-23 17:15:53 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{004b5cc8-8c67-82c7-d628-080fa4a14d84} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good :)

    Any current issues?

    You can reinstall AVG now.

    ==============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    OTL logfile created on: 24/07/2012 10:26:46 - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Mark\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.00% Memory free
    8.22 Gb Paging File | 5.86 Gb Available in Paging File | 71.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 123.09 Gb Free Space | 26.43% Space Free | Partition Type: NTFS
    Drive E: | 189.92 Gb Total Space | 183.86 Gb Free Space | 96.81% Space Free | Partition Type: NTFS
    Drive F: | 941.73 Mb Total Space | 940.25 Mb Free Space | 99.84% Space Free | Partition Type: FAT

    Computer Name: BIGBADDAD4 | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/24 10:03:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    PRC - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/01/01 10:51:34 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Mark\Program Files (x86)\DNA\btdna.exe
    PRC - [2011/10/19 16:53:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
    PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/01/12 18:24:06 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    PRC - [2010/12/23 10:05:14 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    PRC - [2010/07/27 18:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
    PRC - [2010/06/26 12:54:22 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
    PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
    PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2008/09/03 09:22:32 | 000,621,568 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
    PRC - [2008/03/26 18:33:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
    PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/01/01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/18 07:05:18 | 000,442,392 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\ppgooglenaclpluginchrome.dll
    MOD - [2012/07/18 07:05:17 | 012,228,120 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\PepperFlash\pepflashplayer.dll
    MOD - [2012/07/18 07:05:16 | 003,997,720 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\pdf.dll
    MOD - [2012/07/18 07:04:01 | 000,526,872 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\libglesv2.dll
    MOD - [2012/07/18 07:03:59 | 000,104,984 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\libegl.dll
    MOD - [2012/07/18 07:03:49 | 000,144,424 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\avutil-51.dll
    MOD - [2012/07/18 07:03:47 | 000,266,792 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\avformat-54.dll
    MOD - [2012/07/18 07:03:46 | 002,480,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\avcodec-54.dll
    MOD - [2012/02/20 08:52:41 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
    MOD - [2012/02/20 08:52:41 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
    MOD - [2012/02/20 08:52:41 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
    MOD - [2012/02/20 08:52:41 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
    MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
    MOD - [2008/09/03 09:22:32 | 000,621,568 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\aaCenter.exe
    MOD - [2008/01/17 09:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\cpuutil.dll
    MOD - [2006/05/25 10:18:08 | 000,106,548 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\PowNap.dll
    MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2005/06/22 10:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.74\PowerDll.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/12/11 21:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/12 17:23:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/07 10:07:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/05/30 16:54:04 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011/10/19 16:53:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
    SRV - [2011/08/07 22:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/26 16:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
    DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/04/24 17:13:24 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Soluto.sys -- (Soluto)
    DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/02/17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/26 18:02:26 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/06 07:46:40 | 000,729,704 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192cu.sys -- (RTL8192cu)
    DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2010/05/10 13:51:56 | 000,045,720 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ctxva51.sys -- (ctxva51)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/12/24 20:08:22 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2009/12/11 22:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/12/11 22:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2009/12/11 20:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
    DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/12 15:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlashUSB_x64.sys -- (FlashUSB)
    DRV:64bit: - [2009/04/30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
    DRV:64bit: - [2009/04/11 06:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/04/11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/03/11 15:13:18 | 000,198,400 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VMUVC.sys -- (VMUVC)
    DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/11/29 07:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
    DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\dne64x.sys -- (DNE)
    DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008/07/01 12:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftUVC.sys -- (vvftUVC)
    DRV:64bit: - [2008/04/29 10:31:36 | 000,176,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/04/28 14:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2008/01/21 03:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
    DRV:64bit: - [2008/01/21 03:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
    DRV:64bit: - [2008/01/21 03:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
    DRV:64bit: - [2007/12/11 03:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
    DRV:64bit: - [2007/08/31 15:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
    DRV:64bit: - [2007/06/21 18:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emDevice64.sys -- (DCamUSBEMPIA)
    DRV:64bit: - [2007/06/21 18:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emFilter64.sys -- (FiltUSBEMPIA)
    DRV:64bit: - [2007/06/21 18:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emScan64.sys -- (ScanUSBEMPIA)
    DRV:64bit: - [2007/02/16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV:64bit: - [2006/11/03 01:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2005/09/24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)
    DRV - [2009/05/12 15:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys -- (FlashUSB)
    DRV - [2007/02/16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV - [2005/01/02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...07763&mntrId=28ab22e5000000000000801f0215f18d
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...utputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=vmngemv2yach&q={searchTerms}
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_ss&affID=107763&mntrId=28ab22e5000000000000801f0215f18d"
    FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
    FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Mark\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Mark\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mark\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
    FF - HKCU\Software\MozillaPlugins\@xenocode.com/Xenocode ClickStart: C:\Users\Mark\AppData\Local\Xenocode\Start\2.23\npMozillaXenocodeWebLaunch.dll File not found
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 18:02:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/21 13:36:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/21 13:36:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/24 09:26:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/08 12:26:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/06 13:11:09 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Mark\Program Files (x86)\DNA [2012/07/24 09:03:52 | 000,000,000 | ---D | M]

    [2009/03/01 20:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
    [2009/03/01 20:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2012/07/14 18:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions
    [2010/12/11 12:22:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/23 13:57:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/04/19 13:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
    [2011/11/19 14:20:30 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2010/02/07 14:53:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(83)
    [2011/11/19 14:20:35 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    [2010/02/09 18:48:23 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
    [2012/06/24 18:54:09 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\plugin@videofiledownload.com
    [2011/10/20 17:11:16 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\extensions\plugin@yontoo.com
    [2012/02/13 11:30:09 | 000,002,333 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\searchplugins\WhiteSmoke Search.xml
    [2012/05/06 13:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/30 18:38:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/04/24 18:31:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/11 11:21:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/24 07:59:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/07 12:02:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/05/31 11:40:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2011/06/22 08:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/05/06 13:11:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
    [2011/07/06 08:44:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
    [2011/05/20 09:53:14 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/11/28 20:46:14 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011/05/20 09:53:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/05/20 09:53:14 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/05/20 09:53:14 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/05/20 09:53:14 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
     
  19. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    ========== Chrome ==========

    CHR - homepage: http://www.google.co.uk/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.google.co.uk/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.49\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: BitTorrent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mark\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: RockMelt Update (Enabled) = C:\Users\Mark\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Mark\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: DivX HiQ = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: Everplex YouTube Dark+Black Theme = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipmkeejhafdjjcnhmjibpgfheoicokl\5.1_0\
    CHR - Extension: avast! WebRep = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Everplex Media Dark Minimalist Facebook Theme = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbgdkjjgkceghgadajgmpaabfjmfdgd\2.1.1_0\
    CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Facebook Theme: TIMELINE Theme Dark Everplex = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnoananacbdlmjddicclihfphkgpado\4.3_0\

    O1 HOSTS File: ([2012/07/23 21:47:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\64\Complitly64.dll File not found
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files (x86)\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files (x86)\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
    O3:64bit: - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
    O4 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000..\Run: [BitTorrent DNA] C:\Users\Mark\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000..\Run: [RockMelt Update] C:\Users\Mark\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{442137D7-940B-4FA1-AF2D-DD969AB89F17}: DhcpNameServer = 208.67.222.222 208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D368AE70-9005-4B55-A5C2-9639009AC9D1}: DhcpNameServer = 208.67.222.222 208.67.220.220
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\vnd.ms.radio - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/24 10:03:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/07/24 10:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/24 10:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/24 10:01:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/24 10:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/24 09:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/24 09:38:25 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/24 09:38:25 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/24 09:38:21 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2012/07/24 09:38:20 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/24 09:38:17 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/24 09:38:16 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/24 09:38:16 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/24 09:26:42 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/24 09:26:42 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/24 09:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/24 09:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/23 22:00:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/23 21:48:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/23 21:20:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/23 21:20:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/23 21:20:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/23 21:17:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/23 21:16:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/23 17:30:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\ProcAlyzer Dumps
    [2012/07/23 17:25:01 | 004,583,914 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/07/19 18:52:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/18 18:03:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
    [2012/07/15 16:55:11 | 000,000,000 | ---D | C] -- C:\found.002
    [2012/07/14 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Macromedia
    [2012/07/11 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
    [2012/07/11 19:28:02 | 000,000,000 | ---D | C] -- C:\Ace of Spades
    [2012/07/10 18:27:31 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mumble
    [2012/07/10 17:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
    [2012/07/10 17:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
    [2012/07/09 06:34:53 | 000,000,000 | ---D | C] -- C:\found.001
    [2012/07/07 12:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\SniperV2
    [2012/07/06 17:12:54 | 000,052,736 | ---- | C] (Technic) -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
    [2012/06/27 16:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2012/06/27 16:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2012/06/24 18:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
    [2012/06/24 18:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TorrentSearch
    [2012/06/24 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\intellidownload
    [2012/06/24 16:32:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\PCSX2
    [2012/06/24 16:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
    [2012/06/24 16:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSX2 0.9.8
    [2009/12/24 20:08:22 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mark\AppData\Roaming\pcouffin.sys
    [2009/07/19 10:58:25 | 034,637,975 | ---- | C] (MIT Media Lab Lifelong Kindergarten Group) -- C:\Users\Mark\ScratchInstaller1.4.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/24 10:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/24 10:16:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    [2012/07/24 10:16:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    [2012/07/24 10:03:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/07/24 10:01:39 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/24 09:57:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/24 09:38:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/24 09:38:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/07/24 09:03:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/24 09:03:20 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/24 09:03:20 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/24 09:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/24 09:03:06 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/23 22:04:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/07/23 21:47:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/23 21:16:38 | 004,583,914 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/07/23 17:02:53 | 000,688,842 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/07/23 14:01:02 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
    [2012/07/23 13:16:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    [2012/07/20 19:16:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    [2012/07/19 09:30:40 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/07/19 09:30:40 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/07/19 09:17:26 | 000,771,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/19 09:17:26 | 000,652,362 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/19 09:17:26 | 000,130,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/19 08:16:59 | 000,001,948 | ---- | M] () -- C:\Users\Mark\Desktop\RockMelt.lnk
    [2012/07/19 08:16:59 | 000,001,910 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\RockMelt.lnk
    [2012/07/19 08:12:42 | 000,001,999 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/07/19 08:12:40 | 000,002,037 | ---- | M] () -- C:\Users\Mark\Desktop\Google Chrome.lnk
    [2012/07/18 18:03:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
    [2012/07/18 13:14:56 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\m05mvuex.exe
    [2012/07/11 19:28:07 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
    [2012/07/11 10:55:20 | 000,000,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
    [2012/07/11 10:40:40 | 005,068,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/11 10:01:34 | 000,012,188 | ---- | M] () -- C:\Windows\wininit.ini
    [2012/07/10 18:32:20 | 000,002,426 | ---- | M] () -- C:\Users\Mark\certificate.p12
    [2012/07/10 17:44:11 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
    [2012/07/07 11:36:33 | 000,000,221 | ---- | M] () -- C:\Users\Mark\Desktop\Sniper Elite V2.url
    [2012/07/06 21:24:58 | 000,138,632 | ---- | M] () -- C:\Users\Mark\Desktop\AMIDST.exe
    [2012/07/06 17:12:45 | 000,052,736 | ---- | M] (Technic) -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\TechnicLauncher.exe
    [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/03 17:21:52 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/03 17:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 17:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/03 17:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/24 10:01:39 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/24 09:38:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/24 09:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/07/23 21:20:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/23 21:20:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/23 21:20:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/23 21:20:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/23 21:20:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/19 09:28:41 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/07/19 09:28:41 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/07/18 13:14:55 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\m05mvuex.exe
    [2012/07/11 19:28:07 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
    [2012/07/11 10:55:20 | 000,000,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
    [2012/07/11 10:01:27 | 000,012,188 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/07/10 18:32:18 | 000,002,426 | ---- | C] () -- C:\Users\Mark\certificate.p12
    [2012/07/10 17:44:11 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
    [2012/07/07 11:36:32 | 000,000,221 | ---- | C] () -- C:\Users\Mark\Desktop\Sniper Elite V2.url
    [2012/07/06 21:26:27 | 000,138,632 | ---- | C] () -- C:\Users\Mark\Desktop\AMIDST.exe
    [2012/05/19 11:51:18 | 000,000,044 | ---- | C] () -- C:\Users\Mark\jagex_cl_runescape_LIVE1.dat
    [2012/05/19 11:50:34 | 000,000,043 | ---- | C] () -- C:\Users\Mark\jagex_cl_runescape_LIVE.dat
    [2012/03/09 23:35:17 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
    [2012/02/26 16:37:39 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
    [2012/02/26 16:37:38 | 004,447,232 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
    [2012/02/26 16:37:38 | 001,175,371 | ---- | C] () -- C:\Windows\SysWow64\unins001.exe
    [2012/02/26 16:37:38 | 000,045,817 | ---- | C] () -- C:\Windows\SysWow64\unins001.dat
    [2012/02/25 16:53:32 | 003,987,747 | ---- | C] () -- C:\Users\Mark\redstone simplified.mp3
    [2011/12/31 21:01:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/12/22 20:48:12 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
    [2011/12/22 20:48:12 | 000,001,070 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
    [2011/11/22 20:45:05 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2011/11/22 20:44:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2011/11/22 20:44:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2011/11/22 20:44:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2011/11/19 15:04:41 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
    [2011/10/28 09:11:21 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2011/10/19 16:54:18 | 000,270,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/10/19 16:53:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/24 11:53:26 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2011/09/19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2011/09/19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2011/07/08 11:41:32 | 000,571,824 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
    [2011/05/14 09:54:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/12/06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
    [2010/09/30 18:58:05 | 011,874,430 | ---- | C] () -- C:\Users\Mark\recipe_booklet_2010.pdf
    [2010/09/20 20:33:38 | 000,017,082 | ---- | C] () -- C:\Users\Mark\.recently-used.xbel
    [2010/09/09 22:00:19 | 000,000,104 | ---- | C] () -- C:\Users\Mark\Computer - Shortcut.lnk
    [2010/08/25 10:57:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2010/08/25 10:56:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2010/08/25 10:56:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2010/08/16 12:32:20 | 000,000,000 | ---- | C] () -- C:\Users\Mark\jagex__preferences3.dat
    [2009/12/24 20:08:22 | 000,007,859 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.cat
    [2009/12/24 20:08:22 | 000,001,167 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.inf
    [2009/10/23 19:21:48 | 001,384,448 | -HS- | C] () -- C:\Users\Mark\ehthumbs_vista.db
    [2009/09/04 19:44:02 | 000,000,099 | ---- | C] () -- C:\Users\Mark\jagex_runescape_preferences2.dat
    [2009/07/30 10:03:55 | 000,000,016 | -H-- | C] () -- C:\Users\Mark\SyncToy_3f069a10-7806-4ad6-826e-3085f8bcb8b0.dat
    [2009/07/30 10:02:18 | 000,741,376 | ---- | C] () -- C:\Users\Mark\AppData\Local\filesync.metadata
    [2009/07/29 15:49:29 | 000,000,046 | ---- | C] () -- C:\Users\Mark\jagex_runescape_preferences.dat
    [2009/02/26 09:21:48 | 000,014,848 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/02/24 12:22:36 | 000,000,732 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps64.dat

    ========== LOP Check ==========

    [2010/02/26 10:00:52 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2010/02/26 10:00:52 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2012/07/23 17:01:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.minecraft
    [2012/05/23 17:50:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.Nitrous
    [2012/07/22 11:47:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.techniclauncher
    [2011/09/14 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
    [2009/03/01 09:52:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Astro Gemini Software
    [2011/11/19 15:50:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
    [2012/04/10 11:09:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Audacity
    [2012/03/24 12:26:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BANDISOFT
    [2009/05/16 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/06/24 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BitTorrent
    [2011/11/02 21:33:37 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Blender Foundation
    [2010/01/30 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Braid
    [2009/06/13 08:21:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\CheckPoint
    [2011/11/30 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/07/24 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DNA
    [2011/11/19 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EasyBurner
    [2009/10/10 10:32:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Emulators
    [2011/10/20 17:13:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EpicBot
    [2010/09/20 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Epson
    [2010/06/03 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Facebook
    [2009/03/27 15:17:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FLV Extract
    [2011/09/14 11:40:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FMZilla
    [2010/09/09 11:43:35 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FreeVideoConverter
    [2010/01/30 12:38:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FUEL Demo
    [2010/10/02 09:58:15 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GameTuts
    [2010/09/20 18:40:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\gtk-2.0
    [2011/04/21 22:34:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\HandBrake
    [2011/03/31 08:16:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ImgBurn
    [2011/09/14 12:34:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\IObit
    [2011/12/03 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\JAM Software
    [2011/11/19 15:04:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
    [2010/02/13 19:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LG Electronics
    [2012/04/04 17:01:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LolClient
    [2012/07/23 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mumble
    [2010/05/15 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\NAVIGON Fresh
    [2010/09/28 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nokia
    [2010/09/28 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nokia Ovi Suite
    [2011/04/01 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenDNS Updater
    [2011/09/14 11:28:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Panasonic
    [2009/09/08 20:36:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PC Suite
    [2010/08/17 09:39:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Publish Providers
    [2011/10/10 18:35:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\pymclevel
    [2009/12/17 12:58:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\QuickScan
    [2010/02/09 09:19:23 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\RipIt4Me
    [2010/09/15 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Serif
    [2009/03/01 20:57:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Songbird2
    [2012/03/16 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Sony
    [2012/05/06 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SplitMediaLabs
    [2012/04/11 20:35:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Spotify
    [2010/12/11 21:16:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stykz
    [2010/07/20 11:01:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Synthesia
    [2011/02/07 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SynthFont
    [2012/05/12 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TeamViewer
    [2011/09/14 11:47:38 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Teleca
    [2009/03/01 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TERMINAL Studio
    [2009/10/06 10:28:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Trusteer
    [2012/06/19 16:31:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TS3Client
    [2011/08/14 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ulead Systems
    [2011/11/22 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Unity
    [2011/09/14 11:45:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vso
    [2009/03/27 11:18:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\WinFF
    [2009/10/23 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Mcx1\AppData\Roaming\Trusteer
    [2012/07/23 14:01:02 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
    [2012/07/23 13:16:00 | 000,000,872 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000Core.job
    [2012/07/24 10:16:05 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3690599309-3199676340-3372788798-1000UA.job
    [2012/07/23 22:04:39 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/18 08:30:47 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7CA029EA-6EF1-4D31-8269-B436D7F88AC9}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Mark\redstone simplified.mp3:TOC.WMV
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010
    < End of report >
     
  20. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    OTL Extras logfile created on: 24/07/2012 10:26:46 - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Mark\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.00% Memory free
    8.22 Gb Paging File | 5.86 Gb Available in Paging File | 71.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 123.09 Gb Free Space | 26.43% Space Free | Partition Type: NTFS
    Drive E: | 189.92 Gb Total Space | 183.86 Gb Free Space | 96.81% Space Free | Partition Type: NTFS
    Drive F: | 941.73 Mb Total Space | 940.25 Mb Free Space | 99.84% Space Free | Partition Type: FAT

    Computer Name: BIGBADDAD4 | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Classes\<extension>]
    .html [@ = RockMeltHTML] -- C:\Users\Mark\AppData\Local\RockMelt\Application\rockmelt.exe (RockMelt, Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 5F BD D6 9B 2F 46 CB 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{BB77BA3E-106B-487A-AB3E-4455A74F0A56}C:\users\mark\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mark\program files (x86)\dna\btdna.exe |
    "UDP Query User{AD86FA46-5038-4C58-8B74-EBEE3E272DA3}C:\users\mark\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mark\program files (x86)\dna\btdna.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{012C87CF-282E-4142-84F8-DCDD07F54182}" = Soluto
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
    "{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
    "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8E3DF98E-D719-390B-3367-64C01A3E259F}" = ATI Catalyst Install Manager
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B25BFFC9-FF51-44F2-9E46-4D93849C836F}" = SyncToy 2.0 (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C8B84CBB-8F7D-B632-623C-28BBAA4347DB}" = ccc-utility64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
    "81AE60DDD229A248055515E311406D86F7E4012A" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
    "Blender" = Blender
    "CCleaner" = CCleaner
    "EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "PCSU-SL_is1" = PC Speed Up - Complete uninstall

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0489621E-DE2A-11E0-93EA-F04DA23A5C58}" = DVD Architect Studio 5.0
    "{05F8C9BC-BB1D-642B-1134-6C992CAC81F8}" = Catalyst Control Center Graphics Light
    "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
    "{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
    "{08089098-2D08-E78C-08E3-21BE4B6AA029}" = ccc-core-static
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
    "{18028E0B-974B-B92F-E26F-209044508076}" = CCC Help English
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{32E15D6F-104E-4434-ADF9-B109D93C2E66}" = Portal 2 Map Installer
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{373AE9F3-B7B2-4894-A863-C4CF09DF4C83}" = Minecraft Version Changer
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
    "{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{520C2939-555B-40BF-A91B-8B671AB560EB}" = Easy Burner
    "{521C9144-BD7D-D3A3-3B5C-93E4406F8DEA}" = Catalyst Control Center Graphics Previews Vista
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58577F87-E3BB-4959-8A85-9122CF3F8ED8}" = avi.NET
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{58E5C3B9-7BED-3E6C-DB3A-C25D43792B9B}" = Catalyst Control Center Graphics Previews Common
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A78C15C-BCA3-A605-92A9-F55020DEFBD6}" = Catalyst Control Center HydraVision Full
    "{5C13C5F3-6E30-449F-8872-DF8AC35AE285}_is1" = CraftBukkit
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64029508-2587-4D39-AB83-2AC722FBFCC2}" = XSplit
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6BFDCF0D-5C60-4C5A-9A31-D5D7002E74E5}" = HD Writer LE 1.0
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71A51A91-E7D3-11DB-A386-005056C00008}" = Digital microscope
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7E44C354-10A8-4214-9C56-F3F00775E415}_is1" = Stykz 1.0 for Windows
    "{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
    "{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
     
  21. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C049499-055C-4a0c-A916-1D12314F45EB}" = Edimax Wireless LAN Driver and Utility
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A724904F-085B-D8BA-D5D4-DDC355F2028B}" = Catalyst Control Center Graphics Full Existing
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
    "{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
    "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6457EF0-34B7-4DD9-94F0-E6CD6D02E6CC}" = Community Smartbar
    "{D866B594-7FDB-785A-93C3-33EE8B6153C6}" = Catalyst Control Center Core Implementation
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA18FD01-4830-45D6-8408-8F20A9D89D95}" = PC Connectivity Solution
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E2216699-EA02-4B85-BAB1-1DF34C4BDF9D}" = AI Nap
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EBAEEE00-5412-11E1-B144-001676AB6D60}" = MSVCRT Redists
    "{EC797AE2-3ED8-857D-3350-AA3EA43C24B4}" = Catalyst Control Center Graphics Full New
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F022B56C-2B90-B9E1-332E-5C1277A47E7B}" = Catalyst Control Center InstallProxy
    "{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
    "{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{f0dcc32d-4142-490a-9b2d-d044e48cfe97}" = Nero 9 Lite
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
    "{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
    "{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F8423392-2296-4748-9B66-344432459632}" = PureHD
    "{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
    "{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
    "3D Bungalow Aquarium Screensaver_is1" = 3D Bungalow Aquarium Screensaver 1.1
    "3D Haunted Halloween Screensaver_is1" = 3D Haunted Halloween Screensaver 1.0
    "3D Merry Christmas Screensaver_is1" = 3D Merry Christmas Screensaver 1.0
    "3D Spooky Halloween Screensaver_is1" = 3D Spooky Halloween Screensaver 1.0
    "3D Titanic Screensaver_is1" = 3D Titanic Screensaver 1.0
    "3D Waterfall Screensaver_is1" = 3D Waterfall Screensaver 1.0
    "abgx360" = abgx360 v1.0.5
    "AC3Filter" = AC3Filter (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adventure Maker v4.5.2_is1" = Adventure Maker v4.5.2 (build1)
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
    "AMCap" = AMCap
    "Ancient Castle 3D Screensaver_is1" = Ancient Castle 3D Screensaver 1.1
    "Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 2.0
    "Atlantis 3D Screensaver_is1" = Atlantis 3D Screensaver 1.0
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
    "avast" = avast! Free Antivirus
    "AviSynth" = AviSynth 2.5
    "AVS Image Converter_is1" = AVS Image Converter 2.1.1.168
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "Bandicam" = Bandicam
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "BrickForce" = BrickForce 1.4.40
    "CamStudio" = CamStudio
    "CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
    "Canon RAW Codec" = Canon RAW Codec
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Christmas Eve 3D Screensaver_is1" = Christmas Eve 3D Screensaver 1.0
    "Christmas Time 3D Screensaver_is1" = Christmas Time 3D Screensaver 1.0
    "CloneCD" = CloneCD
    "Cobalt" = Cobalt
    "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CraftBukkit" = CraftBukkit
    "Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
    "Dark Halloween Night 3D Screensaver_is1" = Dark Halloween Night 3D Screensaver 1.0
    "Debut" = Debut Video Capture Software
    "Dinosaurs 3D Screensaver_is1" = Dinosaurs 3D Screensaver 1.0
    "DivX Setup.divx.com" = DivX Setup
    "Doremi FLV to MP3 Converter" = Doremi FLV to MP3 Converter 1.6
    "Doxillion" = Doxillion Document Converter
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "Easter 3D Screensaver_is1" = Easter 3D Screensaver 1.0
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EpicBot" = EpicBot
    "Epson Printer Software Downloader" = Epson Printer Software Downloader
    "EPSON Scanner" = EPSON Scan
    "Epson Stylus SX510W_TX550W User’s Guide" = Epson Stylus SX510W_TX550W Manual
    "Exotic Aquarium 3D Screensaver_is1" = Exotic Aquarium 3D Screensaver 1.0
    "Fantasy Moon 3D Screensaver_is1" = Fantasy Moon 3D Screensaver 1.3
    "ffdshow_is1" = ffdshow v1.1.4096 [2011-11-29]
    "Fish Aquarium 3D Screensaver_is1" = Fish Aquarium 3D Screensaver 1.2
    "Fraps" = Fraps (remove only)
    "Free CD Music Converter 10" = Free CD Music Converter 10
    "Free Flash FLV Video Converter (by minidvdsoft)_is1" = Free Flash FLV Video Converter v3.0
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "Free Video Converter_is1" = Free Video Converter V 2.9
    "GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
    "Halloween 3D Screensaver_is1" = Halloween 3D Screensaver 1.1
    "Halloween in the Attic 3D Screensaver_is1" = Halloween in the Attic 3D Screensaver 1.0
    "HandBrake" = HandBrake 0.9.5
    "Haunted House 3D Screensaver_is1" = Haunted House 3D Screensaver 1.1
    "ImgBurn" = ImgBurn
    "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Lantern 3D Screensaver_is1" = Lantern 3D Screensaver 1.0
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Marine Life 3D Screensaver_is1" = Marine Life 3D Screensaver 1.0
    "Media Player - Codec Pack" = Media Player Codec Pack 3.4.0
    "MicroCapture" = MicroCapture 2.0
    "MinecraftSkinStealer1.7.0" = MinecraftSkinStealer 1.7.0
    "Morphyre" = Morphyre
    "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
    "MP3 Surgeon_is1" = MP3 Surgeon 2003
    "Multiwinia_is1" = Multiwinia v1.3.0
    "Night City 3D Screensaver_is1" = Night City 3D Screensaver 1.0
    "OpenAL" = OpenAL
    "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
    "PFPortChecker" = PFPortChecker 1.0.39
    "Picasa 3" = Picasa 3
    "Planet Earth 3D Screensaver_is1" = Planet Earth 3D Screensaver 1.1
    "Populous - The Beginning_is1" = Populous - The Beginning
    "PriceGong" = PriceGong 2.5.4
    "RADVideo" = RAD Video Tools
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.83
    "Santa's Home 3D Screensaver_is1" = Santa's Home 3D Screensaver 1.0
    "Scratch" = Scratch
    "Smart Defrag 2_is1" = Smart Defrag 2
    "Solar System 3D Screensaver_is1" = Solar System 3D Screensaver 1.4
    "Spotify" = Spotify
    "StarCraft II" = StarCraft II
    "Steam App 102700" = Alliance of Valiant Arms
    "Steam App 105600" = Terraria
    "Steam App 12850" = FUEL - Demo
    "Steam App 26810" = Braid Demo
    "Steam App 29200" = Osmos Demo
    "Steam App 33290" = Call of Juarez: Bound in Blood Demo
    "Steam App 35020" = Batman: Arkham Asylum - Demo
    "Steam App 4000" = Garry's Mod
    "Steam App 40710" = Machinarium Demo
    "Steam App 41220" = Eufloria - Demo
    "Steam App 440" = Team Fortress 2
    "Steam App 44300" = DiRT 2 - Demo
    "Steam App 44320" = DiRT 3
    "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
    "Steam App 620" = Portal 2
    "Steam App 63380" = Sniper Elite V2
    "TeamViewer 7" = TeamViewer 7
    "TerraWorld Online - Reborn v2.2.7_is1" = TerraWorld Online - Reborn v2.2.7
    "TreeSize Free_is1" = TreeSize Free V2.6
    "vmntoolbar" = VMN Toolbar
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinFF_is1" = WinFF 1.0
    "WinGimp-2.0_is1" = GIMP 2.6.10
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR archiver
    "Winter 3D Screensaver_is1" = Winter 3D Screensaver 1.0
    "Winter Night 3D Screensaver_is1" = Winter Night 3D Screensaver 1.0
    "World of Warcraft" = World of Warcraft
    "Xvid_is1" = Xvid 1.1.3 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "BitTorrent DNA" = DNA
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome
    "RockMelt" = RockMelt
    "Spotify" = Spotify
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 23/07/2012 04:24:32 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1344) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    Error - 23/07/2012 12:18:03 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
    Description =

    Error - 23/07/2012 12:20:36 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1260) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    Error - 23/07/2012 16:11:34 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
    Description =

    Error - 23/07/2012 16:12:22 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1376) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    Error - 23/07/2012 16:22:02 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1376) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    Error - 23/07/2012 16:48:19 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
    Description =

    Error - 23/07/2012 16:49:52 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1424) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    Error - 24/07/2012 04:04:51 | Computer Name = BigBadDad4 | Source = WinMgmt | ID = 10
    Description =

    Error - 24/07/2012 04:06:37 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1420) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    Error - 24/07/2012 04:26:23 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1420) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    Error - 24/07/2012 04:57:11 | Computer Name = BigBadDad4 | Source = ESENT | ID = 447
    Description = Catalog Database (1420) Catalog Database: A bad page link (error -327)
    has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    (2166 => 4336, 665).

    [ Media Center Events ]
    Error - 26/02/2009 04:40:22 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 26/02/2009 04:45:22 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 26/02/2009 13:49:31 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 18/05/2009 03:19:49 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 20/06/2009 11:34:33 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 18/10/2009 08:39:19 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 23/10/2009 14:26:22 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 23/10/2009 14:26:23 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 23/10/2009 14:53:00 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 22/08/2010 16:26:47 | Computer Name = BigBadDad4 | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    [ OSession Events ]
    Error - 20/07/2009 12:40:43 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3755
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 03/07/2010 08:25:33 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 14/11/2010 08:29:51 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 15/02/2011 14:24:47 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6403
    seconds with 1920 seconds of active time. This session ended with a crash.

    Error - 03/03/2011 09:15:51 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 62
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 30/04/2011 15:38:18 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8404
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 08/05/2011 04:53:58 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 14/05/2011 12:45:01 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 18/08/2011 02:35:24 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 86
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 10/04/2012 06:08:08 | Computer Name = BigBadDad4 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 23/07/2012 16:35:42 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7030
    Description =

    Error - 23/07/2012 16:42:28 | Computer Name = BigBadDad4 | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 23/07/2012 16:43:41 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7030
    Description =

    Error - 23/07/2012 16:48:21 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7026
    Description =

    Error - 23/07/2012 16:52:59 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7022
    Description =

    Error - 24/07/2012 04:04:53 | Computer Name = BigBadDad4 | Source = Service Control Manager | ID = 7026
    Description =

    Error - 24/07/2012 04:28:32 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 24/07/2012 04:28:35 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 24/07/2012 05:00:21 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 24/07/2012 05:00:25 | Computer Name = BigBadDad4 | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.


    < End of report >
     
  22. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.24.03
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mark :: BIGBADDAD4 [administrator]
    24/07/2012 10:03:18
    mbam-log-2012-07-24 (10-03-18).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224253
    Time elapsed: 10 minute(s), 26 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You didn't answer my question:
    [​IMG]

    =================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
      SRV - [2011/09/05 14:43:12 | 000,233,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
      IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
      IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
      IE - HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
      [2012/02/13 11:30:09 | 000,002,333 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\searchplugins\WhiteSmoke Search.xml
      O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\64\Complitly64.dll File not found
      O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Mark\AppData\Roaming\Complitly\Complitly.dll File not found
      O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      [2012/07/19 18:52:29 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 64 bytes -> C:\Users\Mark\redstone simplified.mp3:TOC.WMV
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\PC Speed Up
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    Hello Broni

    Sorry for missing your question. I was so wrapped up in running the programs you requested, that I simply missed it. The answer is yes, there has been an issue. The one we've been dealing with here (win64-patched-a) seems to have gone. Rather than reinstalling AVG, I've gone for Avast & it's reporting no problems. I don't know what your views are on Avast but the latest version seems to get some good write ups. Anyway, the issue I had yesterday was with Windows Update. It reported that there was an update but when I tried to install it, it failed with the code 80246008. Some research suggested that I should check that BITS was running, but when I checked services it wasn't even there. The next suggestion was to run depends.exe to check the qmgr.dll. I tried but there was no depends.exe on the machine. Having found a copy on dependencywalker.com it reported that there was indeed a problem & I was advised to run sfc /scannow. This found errors & dealt with them. Following this I had to restart BITS & the update then loaded with no trouble. It took me ages to sort, with a number of futile steps I haven't bothered to mention. I wondered if any of this may have been as a result of the viruses?

    Many thanks for your work so far. I will run the above programs & get back to you with the reports later.
     
  25. Mark Lightfoot

    Mark Lightfoot TS Rookie Topic Starter Posts: 26

    All processes killed
    ========== OTL ==========
    No active process named PCSUService.exe was found!
    Service PCSUService stopped successfully!
    Service PCSUService deleted successfully!
    C:\Program Files (x86)\PC Speed Up\PCSUService.exe moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    HKU\S-1-5-21-3690599309-3199676340-3372788798-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-3690599309-3199676340-3372788798-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
    C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\j2o6c452.default\searchplugins\WhiteSmoke Search.xml moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
    C:\FRST\Quarantine\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\U folder moved successfully.
    C:\FRST\Quarantine\{004b5cc8-8c67-82c7-d628-080fa4a14d84}\L folder moved successfully.
    C:\FRST\Quarantine\{004b5cc8-8c67-82c7-d628-080fa4a14d84} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ADS C:\Users\Mark\redstone simplified.mp3:TOC.WMV deleted successfully.
    ADS C:\ProgramData\TEMP:F9819010 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\PC Speed Up folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Temp folder emptied: 230869 bytes
    ->Temporary Internet Files folder emptied: 253636396 bytes
    ->Java cache emptied: 46920183 bytes
    ->FireFox cache emptied: 56219664 bytes
    ->Google Chrome cache emptied: 359731511 bytes
    ->Apple Safari cache emptied: 10469376 bytes
    ->Flash cache emptied: 140585 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41044 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51891 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 636 bytes
    RecycleBin emptied: 4592241 bytes

    Total Files Cleaned = 698.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Mark
    ->Java cache emptied: 0 bytes

    User: Mcx1

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Flash cache emptied: 0 bytes

    User: Mcx1
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.1 log created on 07252012_144056

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\FRST\Quarantine not found!
    [2012/07/25 14:50:24 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...